dont click the exe

Member
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About dont click the exe

  • Rank
    New Member
  1. I found on another forum post that the PPTP Haxdoor is likely a false positive detection. Please confirm. Doc, am i clear of all malware/infections according to the logs? if so, that's great news; but i am confused as to what happened to the trojan.win32.scar!IK, which initiated this. it was orignally in a exe file which couldn't be deleted. i uploaded the exe to some online service which scans the file for malware/viruses, etc. it recieved many positives. so i found a-squared via a google search (praise google!). a-squared scanned my computer, found the offending exe file containing the trojan.win32.scar!IK, and quarantined the exe. then my posts in this forum began... looking at the logs, is my pc all clear doc? (it appears that trojan.win32.scar!ik wasn't found; unless i overlooked it in the logs.) you guys rock! keep up the great service.
  2. shadowputerdude, rebooting solved the problem i described in my last post, thanks for your confirmation. requested logs attached. i notice on the iseeyouxp.txt log: "PPTP Haxdoor found!" doc, what's your next suggested treatment? please advise. and i hope you guys are somehow being compensated; your team is providing an invaluable service. best,
  3. thank you for your response and assistance. i came across some trouble that i hope you can help with. i've downloaded and installed combofix.exe.. as described in the combofix installation instructions, during installation, combofix said that it detected antivirus software running in the background, and that it should disabled to avoid conflicts. i didn't realize that the norton (expired software which came with the pc) was running; as I didn't see it on the task manager. with the Combofix warning window still open (describing that continuing with combofix installation while other antivirus software is running is discouraged), and finding no other way to turn off/disable the expired norton software, I used control panel/add delete programs to uninstall the norton software. during norton uninstall, it said that some files were quarantined, and "do you want to delete these quarantined files". i clicked yes. (i think now that i shouldve said "no"). if i remember correctly, after norton uninstall, the pc automatically rebooted. got back to desktop, and executed the combofix.exe. combofix installed (but didn't ask for windows recovery console" installation as far as i know. i came back to my after clicking the exe file expecting to see a window prompt regarding the windows recovery console installation, but didn't see anything). and produced a log, saved at default location. i remember the computer rebooting. upon reboot, i tried to open the combofix.txt log, got the error "illegal operation attempted on a registry key that has been marked for deletion". i tried opening a-squared to continue with the process, but got the same error. i tried opening other files, and got the same error. i think this has to do with the uninstallation of norton, and it's question: "delete quarantined files", which i clicked yes. am i screwed? if i reboot will everything be screwed up? or will a reboot "fix" things?, so that i can continue with the a-squared process? is my registry screwed? i don't think it should be, if quarantined viruses were selected to be deleted during norton uninstall. (this is my guess why this is happening). i am posting this from a friends computer. any suggestions of what to do at this stage, in which clicking any programs or files (jpgs seemingly excluded) produces the error: "ILLEGAL OPERATION ATTEMPTED ON A REGISTRY KEY THAT HAS BEEN MARKED FOR DELETION." Reboot? or is that risky? cuz the registry will be screwed? I'd like to continue with your directions; or at a minimum, do something so that i can at least have access all my critical files, save it to a removable drive, then buy a new computer. Please advise. thank you for your technical guidance and assistance. best regards,
  4. To Whom It May Concern: Thank you for A-Squared software. I've always been infection free until today; i inadvertently doubleclicked an .exe file from an untrusted source. I immediately did a 'face-palm' as I know better than to execute untrusted .exe files. Despite realizing that it was already too late, I tried unsuccessfully to delete the offending .exe file. windows error message: Error message: [2384] C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe can not be deleted. Please consult the experts in the a-squared online forum for help with manual removal of this Malware: i then knew that there was a problem. I googled "free online trojan remover", and found a-squared. immediately installed a-squared and scanned computer, found one 'red urgent' file; which i immediately 'quarantined'. then came to the forum for guidance. found and read the 'pre-request cleaning steps." saw the "do not quarantine" request. sorry, i already did; hopefully you can still assist. i feel like this is open heart surgery. i give you lots of credit. is there anything you can do? does a 'magic bullet' needed to be engineered for each new trojan that has to be removed manually? is there a silver bullet which will clean up many malicious trojans? what is my prognosis, Doctor? how bad can it be? how concerned should i be? i'll never again execute an odd .exe file... please help. is it unsafe to log into my online banking? or did the trojan already find the sensitive data? scan settings: ......... a-squared Free - Version 4.5 Last update: 10/2/2009 7:58:30 PM Scan settings: Scan type: Smart Scan Objects: Memory, Traces, Cookies, C:\Windows\, C:\Program Files Scan archives: On Heuristics: Off ADS Scan: On Scan start: 10/2/2009 8:00:12 PM [2384] C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe detected: Trojan.Win32.Scar!IK [2408] C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe detected: Trojan.Win32.Scar!IK c:\program files\funwebproducts detected: Trace.Directory.FunWebProducts!A2 c:\program files\funwebproducts\screensaver detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\funwebproducts\screensaver\images detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\mywebsearch\bar detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\mywebsearch\bar\history detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\mywebsearch\bar\settings detected: Trace.Directory.MyWebSearch Toolbar!A2 c:\program files\mywebsearch detected: Trace.Directory.MyWebSearchToobar!A2 c:\program files\bittorrent detected: Trace.Directory.Bittorrent 5.0!A2 c:\programdata\microsoft\windows\start menu\programs\bittorrent detected: Trace.Directory.Bittorrent 5.0!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} detected: Trace.Registry.MyWebSearch!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} detected: Trace.Registry.MyWebSearch!A2 c:\program files\mywebsearch\bar\settings\s_pid.dat detected: Trace.File.MyWebSearch Toolbar!A2 c:\program files\bittorrent\bittorrent.exe detected: Trace.File.Bittorrent 5.0!A2 c:\program files\bittorrent\license.txt detected: Trace.File.Bittorrent 5.0!A2 c:\programdata\microsoft\windows\start menu\programs\bittorrent\bittorrent.lnk detected: Trace.File.Bittorrent 5.0!A2 Key: HKEY_CLASSES_ROOT\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} detected: Trace.Registry.FunWebProducts!A2 Key: HKEY_LOCAL_MACHINE\software\fun web products detected: Trace.Registry.FunWebProducts!A2 Value: HKEY_USERS\S-1-5-21-552986307-548765513-2518274501-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_USERS\S-1-5-21-552986307-548765513-2518274501-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> aim.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icq.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icqlite.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> incmail.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msimn.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msmsgs.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msn.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msnmsgr.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> mwsSrcAs.dll detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> outlook.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> waol.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> ypager.exe detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> AppName detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> Toolbar detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLDir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLFile detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver --> ImagesDir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqNone detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqUninstalled detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.0 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.numActive detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.0 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.numActive detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.1 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.2 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive2 detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> JpegConversionLib detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Dir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> HistoryDir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Id detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pid detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pl detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> SettingsDir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sr detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Dir detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> esh detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Id detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> lsp detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pid detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pl detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> sr detected: Trace.Registry.MyWebSearch Toolbar!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SkinTools --> PlayerPath detected: Trace.Registry.MyWebSearch Toolbar!A2 Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToobar!A2 Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToobar!A2 Key: HKEY_USERS\S-1-5-21-552986307-548765513-2518274501-1000\software\mywebsearch detected: Trace.Registry.MyWebSearchToobar!A2 Key: HKEY_LOCAL_MACHINE\software\mywebsearch detected: Trace.Registry.MyWebSearchToobar!A2 C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt detected: Trace.TrackingCookie.atdmt!A2 C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.doubleclick!A2 C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt detected: Trace.TrackingCookie.media!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1217763071704015 detected: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1217763071704026 detected: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1232791438134000 detected: Trace.TrackingCookie.msnbc.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233723795066000 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233752526001217 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233753523871217 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233754877179217 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233930025259000 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1234046493419000 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1234918081117000 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1234966502673000 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1234966502950001 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1235816398286000 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236056379519000 detected: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131762594 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131764594 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131764595 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131979596 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131980594 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236554673343000 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236556213093002 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236557051846002 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236557055833001 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236570025767000 detected: Trace.TrackingCookie.ads.cnn.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236674640176152 detected: Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236676249543152 detected: Trace.TrackingCookie.wt.o.nytimes.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236828131849169 detected: Trace.TrackingCookie.trafficmp.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236829304070169 detected: Trace.TrackingCookie.aol.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236835363906169 detected: Trace.TrackingCookie.trafficmp.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236835363908169 detected: Trace.TrackingCookie.trafficmp.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236835363908170 detected: Trace.TrackingCookie.trafficmp.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236835363909170 detected: Trace.TrackingCookie.trafficmp.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236932301038000 detected: Trace.TrackingCookie.www.burstbeacon.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1239159595080000 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1239945972057635 detected: Trace.TrackingCookie.reuters.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1240558561192000 detected: Trace.TrackingCookie.ads.bridgetrack.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1240558561192001 detected: Trace.TrackingCookie.ads.bridgetrack.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241599605706000 detected: Trace.TrackingCookie.ign.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616992623000 detected: Trace.TrackingCookie.ign.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616992902000 detected: Trace.TrackingCookie.ign.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616992982000 detected: Trace.TrackingCookie.ign.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616996262000 detected: Trace.TrackingCookie.ign.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616996274000 detected: Trace.TrackingCookie.ign.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1242911294606000 detected: Trace.TrackingCookie.ads.cnn.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1243826374348000 detected: Trace.TrackingCookie.ign.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1243918509223000 detected: Trace.TrackingCookie.ign.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1244686338475000 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1246540529273000 detected: Trace.TrackingCookie.webtrends!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1246540534895000 detected: Trace.TrackingCookie.ads.telegraph.co.uk!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1246639629761002 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1246734562163000 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248210065495000 detected: Trace.TrackingCookie.2mdn.net!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248667347299000 detected: Trace.TrackingCookie.ign.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248787202759000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248787203043001 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248787208001000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263780000 detected: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263783000 detected: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263784000 detected: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263785000 detected: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263786000 detected: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251294336130000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251294339527000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251294342480000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251339085713005 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251566039460018 detected: Trace.TrackingCookie.reuters.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251685895393000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251689723045000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251689872337001 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251955498946596 detected: Trace.TrackingCookie.stat.onestat!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251955498948597 detected: Trace.TrackingCookie.stat.onestat!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252216165898000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252216168157000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252216171532000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252337293442000 detected: Trace.TrackingCookie.msnbc.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252358578279000 detected: Trace.TrackingCookie.stat.onestat!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252501632284058 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252728784979368 detected: Trace.TrackingCookie.www.burstnet.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252867455305000 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252885296962002 detected: Trace.TrackingCookie.tag.contextweb.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253586509286000 detected: Trace.TrackingCookie.visit.theglobeandmail.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253681022798000 detected: Trace.TrackingCookie.stat.onestat!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253709868873000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253709873194002 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253800143915000 detected: Trace.TrackingCookie.sales.liveperson.net!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253800144113000 detected: Trace.TrackingCookie.sales.liveperson.net!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253800319562000 detected: Trace.TrackingCookie.webtrends!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253800320024000 detected: Trace.TrackingCookie.webtrends!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253928924225000 detected: Trace.TrackingCookie.citi.bridgetrack!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253928924227000 detected: Trace.TrackingCookie.citi.bridgetrack!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253928924227001 detected: Trace.TrackingCookie.citi.bridgetrack!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253928924227002 detected: Trace.TrackingCookie.citi.bridgetrack!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253929707233001 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254021235013846 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254028886019845 detected: Trace.TrackingCookie.dclk.themarker.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254028886096845 detected: Trace.TrackingCookie.dclk.haaretz.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254028938450846 detected: Trace.TrackingCookie.am1.activemeter.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254029127290845 detected: Trace.TrackingCookie.www4.addfreestats.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075274127845 detected: Trace.TrackingCookie.lvs.truehits.in.th!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075559959845 detected: Trace.TrackingCookie.myspace.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075559961845 detected: Trace.TrackingCookie.myspace.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075559961846 detected: Trace.TrackingCookie.myspace.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075561045845 detected: Trace.TrackingCookie.myspace.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075561055845 detected: Trace.TrackingCookie.myspace.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254084983447846 detected: Trace.TrackingCookie.ad.zanox.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254188807845845 detected: Trace.TrackingCookie.media!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254189104009845 detected: Trace.TrackingCookie.tag.contextweb.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254280989141000 detected: Trace.TrackingCookie.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254280989155000 detected: Trace.TrackingCookie.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254281004282000 detected: Trace.TrackingCookie.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254281016806000 detected: Trace.TrackingCookie.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254282977916000 detected: Trace.TrackingCookie.trafficmp.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254284022545001 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254284022545002 detected: Trace.TrackingCookie.adbrite.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254284143063000 detected: Trace.TrackingCookie.optimize.indieclick.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254377763942002 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254377763942003 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254405200677000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254405200688000 detected: Trace.TrackingCookie.go.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533051158000 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533051159000 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533052127000 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533052128000 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533052129000 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533053168000 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533053169000 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533053169001 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533053957000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533082686001 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533082686002 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533082686003 detected: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533108976001 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533132122000 detected: Trace.TrackingCookie.adserv!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533860258000 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533860264000 detected: Trace.TrackingCookie.zedo.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533862476001 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533862477001 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534003877000 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534004192000 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534004199000 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534072338000 detected: Trace.TrackingCookie.click.cashengines.com!A2 C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534072340000 detected: Trace.TrackingCookie.click.cashengines.com!A2 Scanned Files: 93357 Traces: 543887 Cookies: 2581 Processes: 74 Found Files: 0 Traces: 70 Cookies: 158 Processes: 2 Registry keys: 0 Scan end: 10/2/2009 8:44:33 PM Scan time: 0:44:21 [2384] C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe Quarantined Trojan.Win32.Scar!IK [2408] C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe Quarantined Trojan.Win32.Scar!IK Quarantined Files: 0 Traces: 0 Cookies: 0 ......... ......... ************************************************************************************ ISeeYouXP v2.0 Beta 14 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan ------------------------------------------------------------------------------------ **** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! **** **** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. **** ************************************************************************************ Windows/Browser/Java Versions: Microsoftr Windows VistaT Home Basic Version: 6.0.6000 Service Pack: 0.0 Windows Directory: C:\Windows Sun Microsystems Java Runtime Version: 1.6.0_01 Boot State: Normal boot Scan done at 23:23:09.22, Fri 10/02/2009 ------------------------------------------------------------------------------------ ISeeYouXP installation folder and files "C:\ISeeYouXP\" bootst~1.vbs May 28 2007 359 "bootstate.vbs" change.log Jun 8 2008 5012 "change.log" chodefix.bat Apr 18 2007 5387 "chodefix.bat" fixchode.reg Apr 18 2007 528 "fixChode.reg" fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat" getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat" grep.exe Dec 24 2004 160768 "grep.exe" hideit.bat Oct 17 2007 1072 "HideIT.bat" ieinfo.vbs May 28 2007 514 "ieinfo.vbs" iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat" iesecu~1.vbs Nov 8 2007 2399 "IESecurityZones.vbs" iseeyo~1.bat Jun 8 2008 211377 "ISeeYouXP.bat" libico~1.dll Mar 16 2004 898048 "libiconv2.dll" libintl3.dll Oct 9 2004 101888 "libintl3.dll" locate.com Jan 14 2005 11254 "locate.com" md5sum.exe Aug 5 2007 49152 "md5sum.exe" msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat" osinfo.vbs May 28 2007 598 "osinfo.vbs" pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT" pcre.dll Nov 14 2004 183313 "pcre.dll" pv.exe Mar 3 2006 73728 "pv.exe" regedi~1.bat Mar 30 2007 650 "RegEditFix.bat" regfix.bat Apr 18 2007 145 "Regfix.bat" servic~1.vbs May 28 2007 672 "servicesinfo.vbs" showit.bat Oct 17 2007 1013 "ShowIT.bat" swreg.exe Apr 5 2007 139776 "swreg.exe" system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat" taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat" 28 items found: 28 files, 0 directories. Total of file sizes: 1,856,092 bytes 1.77 M 3 Dir(s) 3,623,321,600 bytes free ------------------------------------------------------------------------------------ System Environment Variables ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\MeEiLaH\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=JAMILLA-PC ComSpec=C:\Windows\system32\cmd.exe errcode=0 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\MeEiLaH LOCALAPPDATA=C:\Users\MeEiLaH\AppData\Local LOGONSERVER=\\JAMILLA-PC NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\MeEiLaH\AppData\Local\Temp TMP=C:\Users\MeEiLaH\AppData\Local\Temp USERDOMAIN=Jamilla-PC USERNAME=MeEiLaH USERPROFILE=C:\Users\MeEiLaH windir=C:\Windows ------------------------------------------------------------------------------------ Showing any Pocket Killbox backup files No matches found. ------------------------------------------------------------------------------------ Displaying BOOT.INI: ------------------------------------------------------------------------------------ Displaying SYSTEM.INI: ; for 16-bit app support [386Enh] woafont=dosapp.fon EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON [drivers] wave=mmdrv.dll timer=timer.drv [mci] ------------------------------------------------------------------------------------ Displaying WIN.INI: ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] m2v=MPEGVideo mod=MPEGVideo ------------------------------------------------------------------------------------ Displaying AUTOEXEC.BAT: REM Dummy file for NTVDM ------------------------------------------------------------------------------------ Displaying CONFIG.SYS: FILES=40 ------------------------------------------------------------------------------------ Displaying Running Processes: PROCESS PID PRIO PATH Dwm.exe 756 Normal C:\Windows\system32\Dwm.exe Explorer.EXE 864 Normal C:\Windows\Explorer.EXE SynTPEnh.exe 1308 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe RtHDVCpl.exe 972 Normal C:\Windows\RtHDVCpl.exe hkcmd.exe 1080 Normal C:\Windows\System32\hkcmd.exe igfxpers.exe 1856 Normal C:\Windows\System32\igfxpers.exe eDSloader.exe 1944 Normal C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe QtZgAcer.EXE 2012 Normal C:\Program Files\Launch Manager\QtZgAcer.EXE jusched.exe 1624 Normal C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe wpcumi.exe 424 Normal C:\Windows\System32\wpcumi.exe V0500Mon.exe 1040 Normal C:\Windows\V0500Mon.exe iTunesHelper.exe 420 Normal C:\Program Files\iTunes\iTunesHelper.exe GoogleToolbarNotifier.exe 1772 Normal C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe RtkBtMnt.exe 2396 Normal C:\Users\MeEiLaH\AppData\Local\Temp\RtkBtMnt.exe igfxext.exe 2448 Normal C:\Windows\system32\igfxext.exe igfxsrvc.exe 2476 Normal C:\Windows\system32\igfxsrvc.exe taskeng.exe 948 Normal C:\Windows\system32\taskeng.exe unsecapp.exe 472 Normal C:\Windows\system32\wbem\unsecapp.exe wuauclt.exe 5164 Normal C:\Windows\system32\wuauclt.exe firefox.exe 5824 Normal C:\Program Files\Mozilla Firefox\firefox.exe WINWORD.EXE 212 Normal C:\Program Files\Microsoft Office\Office12\WINWORD.EXE a2free.exe 4036 Normal C:\Program Files\a-squared Free\a2free.exe cmd.exe 5344 Normal C:\Windows\system32\cmd.exe ntvdm.exe 5204 Normal C:\Windows\system32\ntvdm.exe pv.exe 4608 Normal C:\ISEEYO~1\pv.exe ------------------------------------------------------------------------------------ Displaying Windows Services: Name: AeLookupSvc Display Name: Application Experience Description: Processes application compatibility cache requests for applications as they are launched Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: AgereModemAudio Display Name: Agere Modem Call Progress Audio Description: Path Name: C:\Windows\system32\agrsmsvc.exe Start Mode: Auto State: Running Name: ALG Display Name: Application Layer Gateway Service Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing Path Name: C:\Windows\System32\alg.exe Start Mode: Manual State: Stopped Name: Appinfo Display Name: Application Information Description: Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: Apple Mobile Device Display Name: Apple Mobile Device Description: Provides the interface to Apple mobile devices. Path Name: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" Start Mode: Auto State: Running Name: AudioEndpointBuilder Display Name: Windows Audio Endpoint Builder Description: Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: Audiosrv Display Name: Windows Audio Description: Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Auto State: Running Name: Automatic LiveUpdate Scheduler Display Name: Automatic LiveUpdate Scheduler Description: Manages the scheduling of Automatic LiveUpdate sessions Path Name: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" Start Mode: Auto State: Running Name: BFE Display Name: Base Filtering Engine Description: The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Start Mode: Auto State: Running Name: BITS Display Name: Background Intelligent Transfer Service Description: Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. Path Name: C:\Windows\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Bonjour Service Display Name: Bonjour Service Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start. Path Name: "C:\Program Files\Bonjour\mDNSResponder.exe" Start Mode: Auto State: Running Name: Browser Display Name: Computer Browser Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ccEvtMgr Display Name: Symantec Event Manager Description: Event propagation and logging service Path Name: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon Start Mode: Auto State: Running Name: ccSetMgr Display Name: Symantec Settings Manager Description: Settings storage and management service Path Name: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon Start Mode: Auto State: Running Name: CertPropSvc Display Name: Certificate Propagation Description: Propagates certificates from smart cards. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: CLCapSvc Display Name: CyberLink Background Capture Service (CBCS) Description: Provides background buffering, recording and burning functionality for CyberLink Capturing Path Name: "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe" Start Mode: Auto State: Running Name: clr_optimization_v2.0.50727_32 Display Name: Microsoft .NET Framework NGEN v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Path Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Start Mode: Manual State: Stopped Name: CLSched Display Name: CyberLink Task Scheduler (CTS) Description: Enables a user to configure and schedule a automated task for CyberLink Scheduling Path Name: "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe" Start Mode: Auto State: Running Name: CLTNetCnService Display Name: Symantec Lic NetConnect service Description: Symantec Lic NetConnect Service Path Name: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon Start Mode: Auto State: Running Name: comHost Display Name: COM Host Description: COM aggregation host service Path Name: "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" Start Mode: Manual State: Stopped Name: COMSysApp Display Name: COM+ System Application Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Start Mode: Manual State: Stopped Name: CryptSvc Display Name: Cryptographic Services Description: Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: CyberLink Media Library Service Display Name: CyberLink Media Library Service Description: Path Name: "C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe" Start Mode: Auto State: Running Name: DcomLaunch Display Name: DCOM Server Process Launcher Description: Provides launch functionality for DCOM services. Path Name: C:\Windows\system32\svchost.exe -k DcomLaunch Start Mode: Auto State: Running Name: DFSR Display Name: DFS Replication Description: Replicates files among multiple PCs keeping them in sync. On Client, it is used to roam folders between PCs; on server, it is used to provide high availability and local access across a wide area network (WAN). If the service is stopped, file replication does not occur, and the files on the server become out-of-date. If the service is disabled, any services that explicitly depend on it will not start. Path Name: C:\Windows\system32\DFSR.exe Start Mode: Manual State: Stopped Name: Dhcp Display Name: DHCP Client Description: Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Auto State: Running Name: Dnscache Display Name: DNS Client Description: The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: dot3svc Display Name: Wired AutoConfig Description: This service performs IEEE 802.1X authentication on Ethernet interfaces Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Manual State: Stopped Name: DPS Display Name: Diagnostic Policy Service Description: The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork Start Mode: Auto State: Running Name: EapHost Display Name: Extensible Authentication Protocol Description: The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. Path Name: C:\Windows\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: eDataSecurity Service Display Name: eDataSecurity Service Description: eDataSecurity Service Path Name: "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" Start Mode: Auto State: Running Name: eLockService Display Name: eLock Service Description: Acer eLock Management Service Path Name: C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe Start Mode: Auto State: Running Name: EMDMgmt Display Name: ReadyBoost Description: Provides support for improving system performance using ReadyBoost. Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: eNet Service Display Name: eNet Service Description: Acer eNet Management Service Path Name: C:\Acer\Empowering Technology\eNet\eNet Service.exe Start Mode: Auto State: Running Name: eRecoveryService Display Name: eRecovery Service Description: Acer eRecovery Management Path Name: C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe Start Mode: Auto State: Running Name: eSettingsService Display Name: eSettings Service Description: Acer eSettings Management Service Path Name: C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe Start Mode: Auto State: Running Name: Eventlog Display Name: Windows Event Log Description: This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Auto State: Running Name: EventSystem Display Name: COM+ Event System Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: fdPHost Display Name: Function Discovery Provider Host Description: Host process for Function Discovery providers. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: FDResPub Display Name: Function Discovery Resource Publication Description: Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: FontCache3.0.0.0 Display Name: Windows Presentation Foundation Font Cache 3.0.0.0 Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. Path Name: C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe Start Mode: Manual State: Stopped Name: gpsvc Display Name: Group Policy Client Description: The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: gusvc Display Name: Google Updater Service Description: Path Name: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" Start Mode: Manual State: Stopped Name: hidserv Display Name: Human Interface Device Access Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Manual State: Stopped Name: hkmsvc Display Name: Health Key and Certificate Management Description: Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service Path Name: C:\Windows\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: idsvc Display Name: Windows CardSpace Description: Securely enables the creation, management, and disclosure of digital identities. Path Name: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" Start Mode: Manual State: Stopped Name: IKEEXT Display Name: IKE and AuthIP IPsec Keying Modules Description: The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: IPBusEnum Display Name: PnP-X IP Bus Enumerator Description: The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning. Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Manual State: Stopped Name: iphlpsvc Display Name: IP Helper Description: Provides automatic IPv6 connectivity over an IPv4 network. If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. Path Name: C:\Windows\System32\svchost.exe -k NetSvcs Start Mode: Auto State: Running Name: iPod Service Display Name: iPod Service Description: iPod hardware management services Path Name: "C:\Program Files\iPod\bin\iPodService.exe" Start Mode: Manual State: Running Name: Irmon Display Name: Infrared monitor service Description: Detects other Infrared devices that are in range and launches the file transfer application. Stopping the service will prevent file transfer from working Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: ISPwdSvc Display Name: Symantec IS Password Validation Description: User account management service Path Name: "C:\Program Files\Norton Internet Security\isPwdSvc.exe" Start Mode: Manual State: Stopped Name: KeyIso Display Name: CNG Key Isolation Description: The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. Path Name: C:\Windows\system32\lsass.exe Start Mode: Manual State: Running Name: KtmRm Display Name: KtmRm for Distributed Transaction Coordinator Description: Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM). Path Name: C:\Windows\System32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: LanmanServer Display Name: Server Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: LanmanWorkstation Display Name: Workstation Description: Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: LightScribeService Display Name: LightScribeService Direct Disc Labeling Service Description: Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work. Path Name: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" Start Mode: Auto State: Running Name: LiveUpdate Display Name: LiveUpdate Description: LiveUpdate Core Engine Path Name: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" Start Mode: Manual State: Running Name: LiveUpdate Notice Ex Display Name: LiveUpdate Notice Service Ex Description: Manages Norton product notices. Path Name: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon Start Mode: Auto State: Running Name: LiveUpdate Notice Service Display Name: LiveUpdate Notice Service Description: Manages Norton product notices Path Name: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" Start Mode: Auto State: Stopped Name: lltdsvc Display Name: Link-Layer Topology Discovery Mapper Description: Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. Path Name: C:\Windows\System32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: lmhosts Display Name: TCP/IP NetBIOS Helper Description: Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Auto State: Running Name: Microsoft Office Groove Audit Service Display Name: Microsoft Office Groove Audit Service Description: Path Name: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" Start Mode: Manual State: Stopped Name: MMCSS Display Name: Multimedia Class Scheduler Description: Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: MobilityService Display Name: MobilityService Description: Path Name: C:\Acer\Mobility Center\MobilityService.exe -p Start Mode: Auto State: Running Name: MpsSvc Display Name: Windows Firewall Description: Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Start Mode: Auto State: Running Name: MSDTC Display Name: Distributed Transaction Coordinator Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\msdtc.exe Start Mode: Manual State: Stopped Name: MSiSCSI Display Name: Microsoft iSCSI Initiator Service Description: Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: msiserver Display Name: Windows Installer Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\msiexec /V Start Mode: Manual State: Stopped Name: napagent Display Name: Network Access Protection Agent Description: Enables Network Access Protection (NAP) functionality on client computers Path Name: C:\Windows\System32\svchost.exe -k NetworkService Start Mode: Manual State: Stopped Name: Netlogon Display Name: Netlogon Description: Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\lsass.exe Start Mode: Manual State: Stopped Name: Netman Display Name: Network Connections Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Manual State: Running Name: netprofm Display Name: Network List Service Description: Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. Path Name: C:\Windows\System32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: NetTcpPortSharing Display Name: Net.Tcp Port Sharing Service Description: Provides ability to share TCP ports over the net.tcp protocol. Path Name: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" Start Mode: Disabled State: Stopped Name: NlaSvc Display Name: Network Location Awareness Description: Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: nsi Display Name: Network Store Interface Service Description: This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: odserv Display Name: Microsoft Office Diagnostics Service Description: Run portions of Microsoft Office Diagnostics. Path Name: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" Start Mode: Manual State: Stopped Name: ose Display Name: Office Source Engine Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. Path Name: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" Start Mode: Manual State: Running Name: p2pimsvc Display Name: Peer Networking Identity Manager Description: Provides Identity service for Peer Networking Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Manual State: Stopped Name: p2psvc Display Name: Peer Networking Grouping Description: Provides Peer Networking Grouping services Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Manual State: Stopped Name: PcaSvc Display Name: Program Compatibility Assistant Service Description: Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: pla Display Name: Performance Logs & Alerts Description: Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork Start Mode: Manual State: Stopped Name: PlugPlay Display Name: Plug and Play Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Path Name: C:\Windows\system32\svchost.exe -k DcomLaunch Start Mode: Auto State: Running Name: PNRPAutoReg Display Name: PNRP Machine Name Publication Service Description: This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Manual State: Stopped Name: PNRPsvc Display Name: Peer Name Resolution Protocol Description: Enables Serverless Peer Name Resolution over the Internet. If disabled, some Peer to Peer and Collaborative applications, such as Windows Meetings, may not function Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Manual State: Stopped Name: PolicyAgent Display Name: IPsec Policy Agent Description: Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped. Path Name: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted Start Mode: Auto State: Running Name: ProfSvc Display Name: User Profile Service Description: This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ProtectedStorage Display Name: Protected Storage Description: Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users. Path Name: C:\Windows\system32\lsass.exe Start Mode: Manual State: Running Name: QWAVE Display Name: Quality Windows Audio Video Experience Description: Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: RasAuto Display Name: Remote Access Auto Connection Manager Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: RasMan Display Name: Remote Access Connection Manager Description: Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: RemoteAccess Display Name: Routing and Remote Access Description: Offers routing services to businesses in local area and wide area network environments. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: RemoteRegistry Display Name: Remote Registry Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k regsvc Start Mode: Manual State: Stopped Name: RichVideo Display Name: Cyberlink RichVideo Service(CRVS) Description: Path Name: "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" Start Mode: Auto State: Running Name: RpcLocator Display Name: Remote Procedure Call (RPC) Locator Description: Manages the RPC name service database. Path Name: C:\Windows\system32\locator.exe Start Mode: Manual State: Stopped Name: RpcSs Display Name: Remote Procedure Call (RPC) Description: Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly. Path Name: C:\Windows\system32\svchost.exe -k rpcss Start Mode: Auto State: Running Name: SamSs Display Name: Security Accounts Manager Description: The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. Path Name: C:\Windows\system32\lsass.exe Start Mode: Auto State: Running Name: SCardSvr Display Name: Smart Card Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: Schedule Display Name: Task Scheduler Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SCPolicySvc Display Name: Smart Card Removal Policy Description: Allows the system to be configured to lock the user desktop upon smart card removal. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: SDRSVC Display Name: Windows Backup Description: Provides Windows Backup and Restore capabilities. Path Name: C:\Windows\system32\svchost.exe -k SDRSVC Start Mode: Manual State: Stopped Name: seclogon Display Name: Secondary Logon Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SENS Display Name: System Event Notification Service Description: Monitors system events and notifies subscribers to COM+ Event System of these events. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SessionEnv Display Name: Terminal Services Configuration Description: Terminal Services Configuration service (TSCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, TS themes, and TS certificates. Path Name: C:\Windows\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: SharedAccess Display Name: Internet Connection Sharing (ICS) Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Path Name: C:\Windows\System32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: ShellHWDetection Display Name: Shell Hardware Detection Description: Provides notifications for AutoPlay hardware events. Path Name: C:\Windows\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: slsvc Display Name: Software Licensing Description: Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode. Path Name: C:\Windows\system32\SLsvc.exe Start Mode: Auto State: Running Name: SLUINotify Display Name: SL UI Notification Service Description: Provides Software Licensing activation and notification Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: SNMPTRAP Display Name: SNMP Trap Description: Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\snmptrap.exe Start Mode: Manual State: Stopped Name: Spooler Display Name: Print Spooler Description: Loads files to memory for later printing Path Name: C:\Windows\System32\spoolsv.exe Start Mode: Auto State: Running Name: SSDPSRV Display Name: SSDP Discovery Description: Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Manual State: Running Name: stisvc Display Name: Windows Image Acquisition (WIA) Description: Provides image acquisition services for scanners and cameras Path Name: C:\Windows\system32\svchost.exe -k imgsvc Start Mode: Auto State: Running Name: swprv Display Name: Microsoft Software Shadow Copy Provider Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\svchost.exe -k swprv Start Mode: Manual State: Stopped Name: Symantec Core LC Display Name: Symantec Core LC Description: Symantec Core LC Path Name: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" Start Mode: Manual State: Running Name: SymAppCore Display Name: Symantec AppCore Service Description: Symantec Application Service Path Name: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" Start Mode: Auto State: Running Name: SysMain Display Name: Superfetch Description: Maintains and improves system performance over time. Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: TabletInputService Display Name: Tablet PC Input Service Description: Enables Tablet PC pen and ink functionality Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: TapiSrv Display Name: Telephony Description: Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. Path Name: C:\Windows\System32\svchost.exe -k NetworkService Start Mode: Manual State: Running Name: TBS Display Name: TPM Base Services Description: Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM. Path Name: C:\Windows\System32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: TermService Display Name: Terminal Services Description: Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. Path Name: C:\Windows\System32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: Themes Display Name: Themes Description: Provides user experience theme management. Path Name: C:\Windows\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: THREADORDER Display Name: Thread Ordering Server Description: Provides ordered execution for a group of threads within a specific period of time. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: TrkWks Display Name: Distributed Link Tracking Client Description: Maintains links between NTFS files within a computer or across computers in a network. Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: TrustedInstaller Display Name: Windows Modules Installer Description: Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. Path Name: C:\Windows\servicing\TrustedInstaller.exe Start Mode: Manual State: Stopped Name: UI0Detect Display Name: Interactive Services Detection Description: Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there may no longer be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function. Path Name: C:\Windows\system32\UI0Detect.exe Start Mode: Manual State: Stopped Name: upnphost Display Name: UPnP Device Host Description: Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Manual State: Running Name: UxSms Display Name: Desktop Window Manager Session Manager Description: Provides Desktop Window Manager startup and maintenance services Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: vds Display Name: Virtual Disk Description: Provides management services for disks, volumes, file systems, and, hardward array objects such as subsystems, luns, controllers, etc. Path Name: C:\Windows\System32\vds.exe Start Mode: Manual State: Stopped Name: Viewpoint Manager Service Display Name: Viewpoint Manager Service Description: Ensures Viewpoint 3D and Rich Media Technologies are up to date Path Name: "C:\Program Files\Viewpoint\Common\ViewpointService.exe" Start Mode: Auto State: Running Name: VSS Display Name: Volume Shadow Copy Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\vssvc.exe Start Mode: Manual State: Stopped Name: W32Time Display Name: Windows Time Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: wcncsvc Display Name: Windows Connect Now - Config Registrar Description: Act as a Registrar, issues network credential to Enrollee. If this service is disabled, the Windows Connect Now - Config Registrar will not function properly. Path Name: C:\Windows\System32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: WcsPlugInService Display Name: Windows Color System Description: The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering. Path Name: C:\Windows\system32\svchost.exe -k wcssvc Start Mode: Manual State: Stopped Name: WdiServiceHost Display Name: Diagnostic Service Host Description: The Diagnostic Service Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\svchost.exe -k wdisvc Start Mode: Manual State: Stopped Name: WdiSystemHost Display Name: Diagnostic System Host Description: The Diagnostic System Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Manual State: Running Name: WebClient Display Name: WebClient Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: Wecsvc Display Name: Windows Event Collector Description: This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. Path Name: C:\Windows\system32\svchost.exe -k NetworkService Start Mode: Manual State: Stopped Name: wercplsupport Display Name: Problem Reports and Solutions Control Panel Support Description: This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel. Path Name: C:\Windows\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: WerSvc Display Name: Windows Error Reporting Service Description: Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. Path Name: C:\Windows\System32\svchost.exe -k WerSvcGroup Start Mode: Auto State: Running Name: WinDefend Display Name: Windows Defender Description: Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions. Path Name: C:\Windows\System32\svchost.exe -k secsvcs Start Mode: Auto State: Stopped Name: WinHttpAutoProxySvc Display Name: WinHTTP Web Proxy Auto-Discovery Service Description: WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. Path Name: C:\Windows\system32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: Winmgmt Display Name: Windows Management Instrumentation Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WinRM Display Name: Windows Remote Management (WS-Management) Description: Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. Path Name: C:\Windows\System32\svchost.exe -k NetworkService Start Mode: Manual State: Stopped Name: Wlansvc Display Name: WLAN AutoConfig Description: This service enumerates WLAN adapters, manages WLAN connections and profiles. Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: wmiApSrv Display Name: WMI Performance Adapter Description: Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. Path Name: C:\Windows\system32\wbem\WmiApSrv.exe Start Mode: Manual State: Stopped Name: WMIService Display Name: ePower Service Description: Acer ePower Management Service Path Name: C:\Acer\Empowering Technology\ePower\ePowerSvc.exe Start Mode: Auto State: Running Name: WMPNetworkSvc Display Name: Windows Media Player Network Sharing Service Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play Path Name: "C:\Program Files\Windows Media Player\wmpnetwk.exe" Start Mode: Auto State: Running Name: WPCSvc Display Name: Parental Controls Description: This service enables Windows Parental Controls on the system. If this service is not running, Parental controls will not work. Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Auto State: Running Name: WPDBusEnum Display Name: Portable Device Enumerator Service Description: Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: wscsvc Display Name: Security Center Description: Monitors system security settings and configurations. Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Start Mode: Auto State: Running Name: WSearch Display Name: Windows Search Description: Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search. Path Name: C:\Windows\system32\SearchIndexer.exe /Embedding Start Mode: Auto State: Running Name: wuauserv Display Name: Windows Update Description: Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. Path Name: C:\Windows\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: wudfsvc Display Name: Windows Driver Foundation - User-mode Driver Framework Description: Manages user-mode driver host processes Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted Start Mode: Auto State: Running Name: a2free Display Name: a-squared Free Service Description: Scans the PC for unwanted software and provides protection from malicious code Path Name: "C:\Program Files\a-squared Free\a2service.exe" Start Mode: Auto State: Running ------------------------------------------------------------------------------------ Displaying LOG for Microsoft Windows Malicious Software Removal Tool: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.28, April 2007 Started On Wed May 09 16:24:51 2007 ->Sysclean WARNING: MemScanGetImagePathFromPid(1132) (Win32 Error Code: 0x00000005 (5):Access is denied.) [709] ->Sysclean WARNING: MemScanGetImagePathFromPid(2124) (Win32 Error Code: 0x00000057 (87):The parameter is incorrect.) [709] Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed May 09 16:25:49 2007 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.29, May 2007 Started On Fri May 11 22:19:54 2007 ->Scan ERROR: resource process://pid:1136 (code 0x0000054F (1359)) ->Scan ERROR: resource process://pid:1136 (code 0x0000054F (1359)) ->Scan ERROR: resource process://pid:5924 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:5984 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:6048 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1664 (code 0x00000005 (5)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Fri May 11 22:23:26 2007 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.30, June 2007 Started On Wed Jun 13 03:07:07 2007 ->Scan ERROR: resource process://pid:1124 (code 0x0000054F (1359)) ->Scan ERROR: resource process://pid:1124 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000B (11)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 03:08:46 2007 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.31, July 2007 Started On Wed Jul 11 03:09:31 2007 ->Scan ERROR: resource process://pid:1112 (code 0x0000054F (1359)) ->Scan ERROR: resource process://pid:1112 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000B (11)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 11 03:11:02 2007 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.32, August 2007 Started On Wed Aug 15 03:10:29 2007 ->Scan ERROR: resource process://pid:1112 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1112 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000B (11)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 15 03:12:13 2007 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.33, September 2007 Started On Wed Sep 12 03:01:59 2007 ->Scan ERROR: resource process://pid:1100 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1100 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000B (11)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 12 03:03:18 2007 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.34, October 2007 Started On Thu Oct 11 03:07:15 2007 ->Scan ERROR: resource process://pid:1100 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1100 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 11 03:08:48 2007 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.35, November 2007 Started On Wed Nov 14 03:05:30 2007 ->Scan ERROR: resource process://pid:1120 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1120 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 14 03:07:06 2007 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.36, December 2007 Started On Wed Dec 12 03:07:01 2007 ->Scan ERROR: resource process://pid:1108 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1108 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 03:08:34 2007 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.37, January 2008 Started On Thu Jan 10 03:08:55 2008 ->Scan ERROR: resource process://pid:1100 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1100 (code 0x0000054F (1359)) ->Scan ERROR: resource process://pid:3920 (code 0x00000057 (87)) ->Scan ERROR: resource process://pid:3920 (code 0x0000054F (1359)) ->Scan ERROR: resource process://pid:2104 (code 0x00000057 (87)) ->Scan ERROR: resource process://pid:2104 (code 0x0000054F (1359)) ->Scan ERROR: resource process://pid:5296 (code 0x00000057 (87)) ->Scan ERROR: resource process://pid:5296 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 03:10:46 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.38, February 2008 Started On Wed Feb 13 07:56:49 2008 ->Scan ERROR: resource process://pid:1108 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1108 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 07:58:40 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.39, March 2008 Started On Wed Mar 12 03:03:22 2008 ->Scan ERROR: resource process://pid:1120 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1120 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 12 03:04:43 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.40, April 2008 Started On Wed Apr 09 03:04:05 2008 ->Scan ERROR: resource process://pid:1092 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1092 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 03:06:23 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.41, May 2008 Started On Sat May 17 06:22:21 2008 ->Scan ERROR: resource process://pid:1104 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1104 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Sat May 17 06:25:55 2008 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v1.42, June 2008 Started On Thu Jun 12 08:52:52 2008 ->Scan ERROR: resource process://pid:1104 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1104 (code 0x0000054F (1359)) ->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13)) Results Summary: ---------------- No infection found. Return code: 0 Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 08:54:01 2008 ---------------------------------------------------------------------------- Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys if Hidden = 0 then Hidden Files and Folders are not shown if SuperHidden = 1 is the desired default value. if ShowSuperHidden = 0 then System Files are not shown if HideFileExt = 1 then File Extension are not shown We want their values to be (from top to bottom) 1,1,1,0 ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced Hidden REG_DWORD 1 (0x1) SuperHidden REG_DWORD 1 (0x1) ShowSuperHidden REG_DWORD 1 (0x1) HideFileExt REG_DWORD 0 (0x0) ************************************************************************************ Examining Select Windows Registry Keys ------------------------------------------------------------------------------------ -------------------------------------------------------------------------- Items Found in ZoneMap\Domains: -------------------------------------------------------------------------- Error: Key: software\microsoft\windows\currentversion\internet settings\zonemap\domains does not exist! ---------------------------------------------------------------------------- Current User ZoneMap ProtocolDefaults ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults <NO NAME> REG_SZ http REG_DWORD 3 (0x3) https REG_DWORD 3 (0x3) ftp REG_DWORD 3 (0x3) file REG_DWORD 3 (0x3) @ivt REG_DWORD 1 (0x1) shell REG_DWORD 0 (0x0) ---------------------------------------------------------------------------- Default URL Prefix Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix <NO NAME> REG_SZ http:// HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes ftp REG_SZ ftp:// home REG_SZ http:// mosaic REG_SZ http:// www REG_SZ http:// -------------------------------------------------------------------------- Startup Items Disabled via MSCONFIG: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk path REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup REG_SZ C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup location REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup backupExtension REG_SZ .CommonStartup command REG_SZ C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE item REG_SZ Adobe Gamma Loader YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 1 (0x1) DAY REG_DWORD 21 (0x15) HOUR REG_DWORD 9 (0x9) MINUTE REG_DWORD 5 (0x5) SECOND REG_DWORD 16 (0x10) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk path REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup REG_SZ C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup location REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup backupExtension REG_SZ .CommonStartup command REG_SZ C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE item REG_SZ Adobe Reader Speed Launch YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 6 (0x6) DAY REG_DWORD 29 (0x1d) HOUR REG_DWORD 20 (0x14) MINUTE REG_DWORD 24 (0x18) SECOND REG_DWORD 35 (0x23) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk path REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup REG_SZ C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup location REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup backupExtension REG_SZ .CommonStartup command REG_SZ C:\Acer\EMPOWE~1\EAPLAU~1.EXE 9999 item REG_SZ Empowering Technology Launcher YEAR REG_DWORD 2007 (0x7d7) MONTH REG_DWORD 5 (0x5) DAY REG_DWORD 13 (0xd) HOUR REG_DWORD 17 (0x11) MINUTE REG_DWORD 14 (0xe) SECOND REG_DWORD 8 (0x8) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MeEiLaH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk path REG_SZ C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup REG_SZ C:\Windows\pss\LimeWire On Startup.lnk.Startup location REG_SZ C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup backupExtension REG_SZ .Startup command REG_SZ C:\PROGRA~1\LimeWire\LimeWire.exe -startup item REG_SZ LimeWire On Startup YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 1 (0x1) DAY REG_DWORD 21 (0x15) HOUR REG_DWORD 9 (0x9) MINUTE REG_DWORD 5 (0x5) SECOND REG_DWORD 17 (0x11) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MeEiLaH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^mypdfcreator.lnk path REG_SZ C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mypdfcreator.lnk backup REG_SZ C:\Windows\pss\mypdfcreator.lnk.Startup location REG_SZ C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup backupExtension REG_SZ .Startup command REG_SZ C:\PROGRA~1\MYPDFC~1\PDFCRE~1.EXE item REG_SZ mypdfcreator YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 1 (0x1) DAY REG_DWORD 2 (0x2) HOUR REG_DWORD 19 (0x13) MINUTE REG_DWORD 34 (0x22) SECOND REG_DWORD 21 (0x15) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Acer Assist Launcher hkey REG_SZ HKLM command REG_SZ C:\Program Files\Acer Assist\launcher.exe inimapping REG_SZ 0 YEAR REG_DWORD 2007 (0x7d7) MONTH REG_DWORD 5 (0x5) DAY REG_DWORD 13 (0xd) HOUR REG_DWORD 17 (0x11) MINUTE REG_DWORD 14 (0xe) SECOND REG_DWORD 8 (0x8) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6 key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Aim6 hkey REG_SZ HKCU command REG_SZ "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp inimapping REG_SZ 0 YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 6 (0x6) DAY REG_DWORD 29 (0x1d) HOUR REG_DWORD 20 (0x14) MINUTE REG_DWORD 24 (0x18) SECOND REG_DWORD 36 (0x24) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ BitTorrent hkey REG_SZ HKCU command REG_SZ "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized inimapping REG_SZ 0 YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 4 (0x4) DAY REG_DWORD 7 (0x7) HOUR REG_DWORD 6 (0x6) MINUTE REG_DWORD 55 (0x37) SECOND REG_DWORD 39 (0x27) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ ccApp hkey REG_SZ HKLM command REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" inimapping REG_SZ 0 YEAR REG_DWORD 2007 (0x7d7) MONTH REG_DWORD 8 (0x8) DAY REG_DWORD 2 (0x2) HOUR REG_DWORD 19 (0x13) MINUTE REG_DWORD 34 (0x22) SECOND REG_DWORD 17 (0x11) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ GrooveMonitor hkey REG_SZ HKLM command REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" inimapping REG_SZ 0 YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 6 (0x6) DAY REG_DWORD 29 (0x1d) HOUR REG_DWORD 20 (0x14) MINUTE REG_DWORD 24 (0x18) SECOND REG_DWORD 36 (0x24) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ iTunesHelper hkey REG_SZ HKLM command REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe" inimapping REG_SZ 0 YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 6 (0x6) DAY REG_DWORD 29 (0x1d) HOUR REG_DWORD 20 (0x14) MINUTE REG_DWORD 24 (0x18) SECOND REG_DWORD 36 (0x24) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ MySpaceIM hkey REG_SZ HKCU command REG_SZ C:\Program Files\MySpace\IM\MySpaceIM.exe inimapping REG_SZ 0 YEAR REG_DWORD 2007 (0x7d7) MONTH REG_DWORD 8 (0x8) DAY REG_DWORD 27 (0x1b) HOUR REG_DWORD 20 (0x14) MINUTE REG_DWORD 33 (0x21) SECOND REG_DWORD 56 (0x38) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ PCMService hkey REG_SZ HKLM command REG_SZ "C:\Program Files\Acer\Acer Arcade\PCMService.exe" inimapping REG_SZ 0 YEAR REG_DWORD 2007 (0x7d7) MONTH REG_DWORD 5 (0x5) DAY REG_DWORD 13 (0xd) HOUR REG_DWORD 17 (0x11) MINUTE REG_DWORD 14 (0xe) SECOND REG_DWORD 8 (0x8) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Picasa Media Detector hkey REG_SZ HKCU command REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe inimapping REG_SZ 0 YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 1 (0x1) DAY REG_DWORD 2 (0x2) HOUR REG_DWORD 19 (0x13) MINUTE REG_DWORD 34 (0x22) SECOND REG_DWORD 21 (0x15) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwPrintScreen.exe key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ pwPrintScreen.exe hkey REG_SZ HKCU command REG_SZ C:\Program Files\Powware\Powware Print Screen\pwPrintScreen.exe inimapping REG_SZ 0 YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 4 (0x4) DAY REG_DWORD 7 (0x7) HOUR REG_DWORD 6 (0x6) MINUTE REG_DWORD 55 (0x37) SECOND REG_DWORD 39 (0x27) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ QuickTime Task hkey REG_SZ HKLM command REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime inimapping REG_SZ 0 YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 6 (0x6) DAY REG_DWORD 29 (0x1d) HOUR REG_DWORD 20 (0x14) MINUTE REG_DWORD 24 (0x18) SECOND REG_DWORD 36 (0x24) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ swg hkey REG_SZ HKCU command REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe inimapping REG_SZ 0 YEAR REG_DWORD 2008 (0x7d8) MONTH REG_DWORD 6 (0x6) DAY REG_DWORD 29 (0x1d) HOUR REG_DWORD 20 (0x14) MINUTE REG_DWORD 24 (0x18) SECOND REG_DWORD 36 (0x24) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Symantec PIF AlertEng hkey REG_SZ HKLM command REG_SZ "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" inimapping REG_SZ 0 YEAR REG_DWORD 2007 (0x7d7) MONTH REG_DWORD 5 (0x5) DAY REG_DWORD 13 (0xd) HOUR REG_DWORD 17 (0x11) MINUTE REG_DWORD 14 (0xe) SECOND REG_DWORD 8 (0x8) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ TkBellExe hkey REG_SZ HKLM command REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot inimapping REG_SZ 0 YEAR REG_DWORD 2007 (0x7d7) MONTH REG_DWORD 8 (0x8) DAY REG_DWORD 12 (0xc) HOUR REG_DWORD 22 (0x16) MINUTE REG_DWORD 33 (0x21) SECOND REG_DWORD 33 (0x21) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ updateMgr hkey REG_SZ HKCU command REG_SZ C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 inimapping REG_SZ 0 YEAR REG_DWORD 2007 (0x7d7) MONTH REG_DWORD 10 (0xa) DAY REG_DWORD 14 (0xe) HOUR REG_DWORD 19 (0x13) MINUTE REG_DWORD 42 (0x2a) SECOND REG_DWORD 35 (0x23) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Yahoo! Pager hkey REG_SZ HKCU command REG_SZ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet inimapping REG_SZ 0 YEAR REG_DWORD 2007 (0x7d7) MONTH REG_DWORD 8 (0x8) DAY REG_DWORD 27 (0x1b) HOUR REG_DWORD 20 (0x14) MINUTE REG_DWORD 33 (0x21) SECOND REG_DWORD 56 (0x38) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state startup REG_DWORD 2 (0x2) -------------------------------------------------------------------------- Select AutoRun Registry Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe BitTorrent REG_SZ "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized inixs REG_SZ C:\Windows\system32\minix32.exe HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe RtHDVCpl REG_SZ RtHDVCpl.exe IgfxTray REG_SZ C:\Windows\system32\igfxtray.exe HotKeysCmds REG_SZ C:\Windows\system32\hkcmd.exe Persistence REG_SZ C:\Windows\system32\igfxpers.exe Acer Tour REG_SZ eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe SetPanel REG_SZ LManager REG_SZ C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Acer Product Registration REG_SZ "C:\Program Files\Acer Registration\ACE1.exe" /startup eRecoveryService REG_SZ SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe MSConfig REG_SZ "C:\Windows\system32\msconfig.exe" /auto Symantec PIF AlertEng REG_SZ "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" V0500Mon.exe REG_SZ C:\Windows\V0500Mon.exe QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce Error: Key: software\microsoft\windows\currentversion\runonceex does not exist! HKEY_USERS\.default\software\microsoft\windows\currentversion\run MySpaceIM REG_SZ C:\Program Files\MySpace\IM\MySpaceIM.exe HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run MySpaceIM REG_SZ C:\Program Files\MySpace\IM\MySpaceIM.exe Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist! -------------------------------------------------------------------------- Shared Task Scheduler Registry Items: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon -------------------------------------------------------------------------- Scheduled Tasks: -------------------------------------------------------------------------- Volume in drive C is ACER Volume Serial Number is 1099-6666 Directory of C:\Windows\tasks 05/09/2007 05:22 PM <DIR> . 05/09/2007 05:22 PM <DIR> .. 09/28/2009 08:05 PM 550 Norton Internet Security - Run Full System Scan - MeEiLaH.job 09/26/2009 07:24 PM 6 SA.DAT 09/26/2009 07:23 PM 32,620 SCHEDLGU.TXT 3 File(s) 33,176 bytes Total Files Listed: 3 File(s) 33,176 bytes 2 Dir(s) 3,623,194,624 bytes free A C:\Windows\tasks\Norton Internet Security - Run Full System Scan - MeEiLaH.job A H C:\Windows\tasks\SA.DAT A C:\Windows\tasks\SCHEDLGU.TXT ---------------------------------------------------------------------------- ShellExecuteHooks Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks {B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook ---------------------------------------------------------------------------- ShellServiceObjectDelayLoad Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------------------------------------------------------------------------- ModuleUsage Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/Windows/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe .Owner REG_SZ {D27CDB6E-AE6D-11CF-96B8-444553540000} {D27CDB6E-AE6D-11CF-96B8-444553540000} REG_SZ ---------------------------------------------------------------------------- BHO Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\NoExplorer <NO NAME> REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911} <NO NAME> REG_SZ Yahoo! IE Suggest NoExplorer REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <NO NAME> REG_SZ AOL Toolbar Launcher HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------------------------------- Select Policy Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system LogonHoursAction REG_DWORD 2 (0x2) DontDisplayLogonHoursWarnings REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2) ConsentPromptBehaviorUser REG_DWORD 1 (0x1) EnableInstallerDetection REG_DWORD 1 (0x1) EnableLUA REG_DWORD 1 (0x1) EnableSecureUIAPaths REG_DWORD 1 (0x1) EnableVirtualization REG_DWORD 1 (0x1) PromptOnSecureDesktop REG_DWORD 1 (0x1) ValidateAdminCodeSignatures REG_DWORD 0 (0x0) dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ scforceoption REG_DWORD 0 (0x0) shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) FilterAdministratorToken REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI Error: Key: .default\software\microsoft\windows\currentversion\policies does not exist! Error: Key: s-1-5-18\software\microsoft\windows\currentversion\policies\explorer does not exist! ************************************************************************************ Checking File System for suspicious Files -------------------------------------------------------------------------- Items in the Root Directory: -------------------------------------------------------------------------- Locating all files created in C:\ "C:\" $RECYCLE.BIN Feb 13 2007 "$RECYCLE.BIN" -20070~1.log Jan 14 2007 3269 "-20070114.log" ACER Jan 14 2007 "Acer" arcade.log Jan 14 2007 166 "Arcade.log" ARESTU~1 Jul 10 2007 "Ares Tube" autoexec.bat Sep 18 2006 24 "autoexec.bat" BOOK Jan 14 2007 "Book" BOOT Jan 14 2007 "Boot" bootmgr Nov 2 2006 438840 "bootmgr" -20070~1.log Jan 14 2007 3269 "-20070114.log" ACER Jan 14 2007 "Acer" arcade.log Jan 14 2007 166 "Arcade.log" ARESTU~1 Jul 10 2007 "Ares Tube" autoexec.bat Sep 18 2006 24 "autoexec.bat" BOOK Jan 14 2007 "Book" BOOT Jan 14 2007 "Boot" bootmgr Nov 2 2006 438840 "bootmgr" bootsect.bak Jan 14 2007 8192 "BOOTSECT.BAK" config.sys Sep 18 2006 10 "config.sys" DOCUME~1 Nov 2 2006 "Documents and Settings" DRV Jan 14 2007 "DRV" hiberfil.sys Sep 26 2009 2137182208 "hiberfil.sys" HITRUS~1 Jun 28 2007 "HiTRUSTDrive" INTEL Jan 14 2007 "Intel" iph.ph Jun 17 2008 1571 "IPH.PH" ISEEYO~1 Oct 2 2009 "ISeeYouXP" MSOCACHE May 9 2007 "MSOCache" pagefile.sys Sep 26 2009 2451111936 "pagefile.sys" POLLMA~1 May 14 2007 "PollManager" PROGRA~1 Nov 2 2006 "Program Files" PROGRA~2 Nov 2 2006 "ProgramData" rhdsetup.log Jan 14 2007 284 "RHDSetup.log" setup.log Jan 14 2007 178 "setup.log" SYSTEM~1 Jan 14 2007 "System Volume Information" USERS Nov 2 2006 "Users" WINDOWS Nov 2 2006 "Windows" yserver.txt Jun 6 2007 152 "YServer.txt" 37 items found: 16 files (6 H/S), 21 directories (7 H/S). Total of file sizes: 4,589,189,129 bytes 4.27 G -------------------------------------------------------------------------- Locating all Backup files on C: -------------------------------------------------------------------------- Locating all *.BAK* files "C:\" bootsect.bak Jan 14 2007 8192 "BOOTSECT.BAK" "C:\ProgramData\Symantec\Common Client\" settings.bak Sep 26 2009 32411716 "settings.bak" "C:\ProgramData\Symantec\IDS\" idssettg.bak Jul 20 2009 5860 "IDSSettg.BAK" "C:\ProgramData\Symantec\SymNetDrv\" firewall.bak Feb 11 2009 57964 "Firewall.BAK" persist.bak Sep 26 2009 14836 "Persist.BAK" "C:\Windows\Debug\UserMode\" chkacc.bak Sep 26 2009 0 "ChkAcc.bak" "C:\ProgramData\Microsoft\OFFICE\DATA\" opa12.bak Oct 17 2002 8200 "OPA12.BAK" "C:\Users\All Users\Symantec\Common Client\" settings.bak Sep 26 2009 32411716 "settings.bak" "C:\Users\All Users\Symantec\IDS\" idssettg.bak Jul 20 2009 5860 "IDSSettg.BAK" "C:\Users\All Users\Symantec\SymNetDrv\" firewall.bak Feb 11 2009 57964 "Firewall.BAK" persist.bak Sep 26 2009 14836 "Persist.BAK" "C:\Users\All Users\Microsoft\OFFICE\DATA\" opa12.bak Oct 17 2002 8200 "OPA12.BAK" "C:\Users\MeEiLaH\AppData\Roaming\LimeWire\" fileurns.bak Jan 11 2008 704 "fileurns.bak" "C:\Users\MeEiLaH\Documents\LimeWire\Incomplete\" downlo~1.bak Jun 13 2009 7944 "downloads.bak" "C:\Users\MeEiLaH\AppData\Local\Microsoft\Internet Explorer\" brndlog.bak Apr 17 2009 12765 "brndlog.bak" "C:\Users\MeEiLaH\AppData\Local\Microsoft Games\Hearts\" hearts~1.bak Jul 11 2007 103098 "HeartsSettings.xml.bak" window~1.bak Jul 11 2007 522 "windowprefs.xml.bak" "C:\Users\MeEiLaH\AppData\Local\Microsoft Games\Minesweeper\" minesw~1.bak Jul 26 2007 124813 "MinesweeperSettings.xml.bak" window~1.bak Jun 16 2007 522 "windowprefs.xml.bak" "C:\Users\MeEiLaH\AppData\Local\Microsoft Games\Purble Place\" comfyc~1.bak Aug 8 2007 118903 "ComfyCakesScoresAndSettings.xml.bak" concen~1.bak Jun 16 2007 97701 "ConcentrationScoresAndSettings.xml.bak" purble~1.bak Jul 12 2007 93561 "PurbleShopScoresAndSettings.xml.bak" purble~2.bak Aug 8 2007 111913 "PurblePlaceSettings.xml.bak" window~1.bak Aug 8 2007 522 "windowprefs.xml.bak" "C:\Users\MeEiLaH\AppData\Local\Microsoft Games\Solitaire\" solita~1.bak Jul 24 2007 96505 "SolitaireSettings.xml.bak" window~1.bak Jul 24 2007 522 "windowprefs.xml.bak" "C:\Users\MeEiLaH\AppData\Roaming\LimeWire\.AppSpecialShare\" winzip~1.bak Mar 11 2008 3315 "WinZip v.11.1 With Keygen.torrent.bak" "C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\" bookma~1.bak Aug 2 2008 351611 "bookmarks.bak" sessio~1.bak Sep 27 2009 59856 "sessionstore.bak" 29 items found: 29 files (1 H/S), 0 directories. Total of file sizes: 66,190,121 bytes 63.12 M -------------------------------------------------------------------------- Locating all copies of Internet Explorer on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\Program Files\Internet Explorer\" iexplore.exe Jul 18 2009 634648 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\" iexplore.exe Jul 18 2009 634648 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\" iexplore.exe Mar 2 2009 636072 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16512_none_2d72f0251cde4150\" iexplore.exe Aug 15 2007 625152 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\" iexplore.exe Mar 2 2009 636072 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20627_none_2df6be7635ff7bbe\" iexplore.exe Aug 15 2007 625152 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\" iexplore.exe Mar 2 2009 636072 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\" iexplore.exe Oct 15 2008 634024 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\" iexplore.exe Mar 2 2009 636072 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\" iexplore.exe Apr 24 2009 634648 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\" iexplore.exe Jul 18 2009 634648 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\" iexplore.exe Jan 14 2009 634024 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\" iexplore.exe Oct 1 2008 633632 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\" iexplore.exe Jun 26 2008 625664 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\" iexplore.exe Apr 24 2008 625664 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\" iexplore.exe Apr 24 2009 634648 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16575_none_2d35117b1d0c34fb\" iexplore.exe Dec 12 2007 625152 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\" iexplore.exe Feb 21 2008 625664 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\" iexplore.exe Feb 20 2008 625664 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16546_none_2d5681891cf2fa7f\" iexplore.exe Oct 11 2007 625152 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\" iexplore.exe Feb 13 2008 625664 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\" iexplore.exe Jan 14 2009 634024 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\" iexplore.exe Jul 18 2009 634648 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\" iexplore.exe Apr 24 2009 634632 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20697_none_2dab0f0236383f55\" iexplore.exe Dec 12 2007 625664 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\" iexplore.exe Apr 24 2009 634648 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20734_none_2de8ef92360a48d1\" iexplore.exe Feb 13 2008 625664 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\" iexplore.exe Nov 2 2006 623616 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\" iexplore.exe Oct 15 2008 634024 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16473_none_2d330f011d0e0526\" iexplore.exe Jun 13 2007 625152 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\" iexplore.exe Jun 26 2008 625664 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\" iexplore.exe Oct 1 2008 633632 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\" iexplore.exe Apr 24 2008 625664 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20583_none_2db1dbe03633c0e1\" iexplore.exe Jun 13 2007 625152 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\" iexplore.exe Jul 18 2009 634648 "iexplore.exe" "C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20663_none_2dc77d9e36238626\" iexplore.exe Oct 11 2007 625152 "iexplore.exe" "C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\" iexplore.exe Jan 19 2008 625664 "iexplore.exe" 37 items found: 37 files, 0 directories. Total of file sizes: 23,315,784 bytes 22.23 M -------------------------------------------------------------------------- Locating all copies of beep.sy_ on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer No matches found. -------------------------------------------------------------------------- Locating all copies of beep.sys on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\Windows\System32\drivers\" beep.sys Nov 2 2006 6144 "beep.sys" "C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\" beep.sys Nov 2 2006 6144 "beep.sys" "C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\" beep.sys Jan 18 2008 6144 "beep.sys" 3 items found: 3 files, 0 directories. Total of file sizes: 18,432 bytes 18.00 K -------------------------------------------------------------------------- Locating all copies of Windows Explorer on C: -------------------------------------------------------------------------- Locating all copies of Windows Explorer "C:\Windows\" explorer.exe Oct 28 2008 2923520 "explorer.exe" "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\" explorer.exe Nov 14 2007 2923520 "explorer.exe" "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\" explorer.exe Oct 27 2008 2923520 "explorer.exe" "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\" explorer.exe Nov 2 2006 2923520 "explorer.exe" "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\" explorer.exe Oct 28 2008 2927104 "explorer.exe" "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\" explorer.exe Nov 14 2007 2923520 "explorer.exe" "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\" explorer.exe Oct 28 2008 2923520 "explorer.exe" "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\" explorer.exe Oct 29 2008 2927616 "explorer.exe" "C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\" explorer.exe Jan 19 2008 2927104 "explorer.exe" 9 items found: 9 files, 0 directories. Total of file sizes: 26,322,944 bytes 25.10 M -------------------------------------------------------------------------- Items in C:\Users: -------------------------------------------------------------------------- Listing contents of C:\Users "C:\Users\" ALLUSE~1 Nov 2 2006 "All Users" DEFAULT Nov 2 2006 "Default" DEFAUL~1 Nov 2 2006 "Default User" desktop.ini Dec 10 2008 174 "desktop.ini" MEEILAH May 8 2007 "MeEiLaH" PUBLIC Nov 2 2006 "Public" 6 items found: 1 file (1 H/S), 5 directories (3 H/S). Total of file sizes: 174 bytes 0.17 K -------------------------------------------------------------------------- Items in C:\Users\MeEiLaH\AppData: -------------------------------------------------------------------------- Listing contents of C:\Users\MeEiLaH\AppData No matches found. -------------------------------------------------------------------------- Desktop Items: -------------------------------------------------------------------------- Locating all files created in C:\Users\MeEiLaH\Desktop within the last 90 days. "C:\Users\MeEiLaH\Desktop\" a2hija~1.exe Oct 2 2009 1760112 "a2HiJackFreeSetup.exe" atf-cl~1.exe Oct 2 2009 50688 "ATF-Cleaner.exe" atf_cl~1.htm Oct 2 2009 57484 "ATF_Cleaner_d4949.html" downlo~1.htm Oct 2 2009 57400 "download4709.html" explor~1.exe Oct 2 2009 420137 "explorerxpsetup.exe" explor~1.htm Oct 2 2009 57709 "ExplorerXP_d4201.html" explor~1.lnk Oct 2 2009 1706 "ExplorerXP.lnk" iseeyo~1.exe Oct 2 2009 1106604 "ISeeYouXP.exe" iseeyo~1.lnk Oct 2 2009 574 "ISeeYouXP.lnk" object~1.lnk Sep 13 2009 1690 "Object Fix Zip.lnk" silver~1.exe Jul 30 2009 4928376 "Silverlight.exe" virusr~1.doc Oct 2 2009 86016 "virus removal instructions.doc" ~$rusr~1.doc Oct 2 2009 162 "~$rus removal instructions.doc" 13 items found: 13 files (1 H/S), 0 directories. Total of file sizes: 8,528,658 bytes 8.13 M Locating all files created in C:\Users\Public\Desktop within the last 90 days. "C:\Users\Public\Desktop\" a-squa~1.lnk Oct 2 2009 774 "a-squared Free.lnk" a-squa~2.lnk Oct 2 2009 836 "a-squared HiJackFree.lnk" 2 items found: 2 files, 0 directories. Total of file sizes: 1,610 bytes 1.57 K -------------------------------------------------------------------------- Start Menu Items: -------------------------------------------------------------------------- Locating all files created in "C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu" within the last 90 days. No matches found. Locating all files created in "C:\ProgramData\Microsoft\Windows\Start Menu" within the last 90 days. "C:\ProgramData\Microsoft\Windows\Start Menu\" desktop.ini Oct 1 2009 442 "desktop.ini" window~1.lnk Oct 1 2009 1661 "Windows Update.lnk" 2 items found: 2 files (1 H/S), 0 directories. Total of file sizes: 2,103 bytes 2.05 K -------------------------------------------------------------------------- C:\Users\MeEiLaH\AppData\Local\Temp : -------------------------------------------------------------------------- Locating all files created in C:\Users\MeEiLaH\AppData\Local\Temp within the last 90 days. "C:\Users\MeEiLaH\AppData\Local\Temp\" 5201sc~1.pdf Sep 2 2009 5080 "5201 Scoring Sheet _T & E Eval Guide 9-01-02.pdf" acvolt~1.pdf Sep 13 2009 878745 "ACVoltage.pdf" ac_mac~1.pdf Sep 13 2009 1166486 "AC_Machines.pdf" amarpa~1.doc Aug 2 2009 59904 "AmarPaSingh-Resume[1].doc" cec_2007.pdf Aug 8 2009 2296905 "CEC_2007.pdf" cec_20~1.pdf Sep 13 2009 2296905 "CEC_2007-1.pdf" chapt3~1.pdf Sep 13 2009 682498 "Chapt34_000.pdf" chapte~1.pdf Sep 13 2009 863612 "Chapter 43-Meas Inst.pdf" coverl~1.doc Sep 27 2009 26112 "Cover letter.doc" dcvolt~1.pdf Sep 13 2009 128774 "DCVoltage.pdf" dc_mac~1.pdf Sep 13 2009 699256 "DC_Machines.pdf" demand~1.pdf Sep 13 2009 181886 "Demand and Energy Management Calculations.pdf" EDATAS~1 Oct 2 2009 "eDatasecurity" et0d62~1 Aug 26 2009 1024 "etilqs_zWHc1e2bqkYCIsvmscFe" et0e5a~1 Aug 28 2009 0 "etilqs_I5sEkCYfmZx4Hvvn7PvF" et0f99~1 Aug 8 2009 0 "etilqs_LOWVnoyTxlfUmlEEgYjN" et14b4~1 Jul 28 2009 0 "etilqs_sXpSu6UzSlFcOoE8E4V9" et1ec6~1 Aug 13 2009 0 "etilqs_fUfaiMeS2OOLCH8fKOLy" et1f0e~1 Jul 29 2009 516 "etilqs_1gzsiZZmMiBFrP2o6FX8" et21a2~1 Aug 24 2009 0 "etilqs_OmwsDQeC2j8aUcOn7vU9" et23ab~1 Aug 13 2009 0 "etilqs_AsRB0o3akFJ4PE5oNnbb" et2434~1 Jul 10 2009 1024 "etilqs_caFtkKAThZ1IReNUPiBB" et261c~1 Aug 26 2009 1544 "etilqs_UC2jXhQOqJzsZLxU8tcY" et293e~1 Jul 31 2009 0 "etilqs_hsIgqXawgClDVflfImes" et4958~1 Sep 6 2009 1024 "etilqs_LRI8CopsYDLj8fa3v4Oq" et5d45~1 Sep 26 2009 0 "etilqs_3VUIulGL8vqi7Pn0yEiN" et7341~1 Jul 24 2009 28704 "etilqs_dF1U1PZkpZJYsdvCCGpK" et763b~1 Sep 6 2009 1544 "etilqs_y8qvsI6zcMizOM9iAGBi" et7c24~1 Aug 5 2009 1024 "etilqs_8JJSmtCyidswTGKWJgyT" et8105~1 Jul 23 2009 28704 "etilqs_1RTvWr57R8fqpIFMxDNf" et83b7~1 Aug 10 2009 0 "etilqs_fc3EWohuBJ7It5tQWoah" et895f~1 Sep 2 2009 0 "etilqs_wfek620g6395hKNoTI4w" et8c87~1 Oct 2 2009 0 "etilqs_VKyz1oKrfs5emERoC9Jb" et964a~1 Sep 8 2009 0 "etilqs_ptfDMgD6WlVuwj1RsXl9" et967a~1 Aug 16 2009 0 "etilqs_dc58ImPHMEXOqyLVyfTW" et9742~1 Aug 20 2009 0 "etilqs_0FVQq1xJjgTAvGl0seYC" et9d51~1 Jul 10 2009 1544 "etilqs_X0xMiXM430XAvY2jv0JA" eta350~1 Aug 5 2009 1544 "etilqs_n84oNwhprSGkYlgpYt8I" eta673~1 Jul 15 2009 28704 "etilqs_5jbr6OkUF5WYquDfuF0y" etad39~1 Jul 29 2009 0 "etilqs_CbbbGvcf902F77xRCoYW" etc73c~1 Jul 15 2009 28704 "etilqs_4ht4czhmTlDBcgQKNYhV" etcf0b~1 Jul 8 2009 36900 "etilqs_qbfHQcwNHpeXYrswidCz" etd45d~1 Sep 11 2009 0 "etilqs_zgwClT2e2jpf4snwIJeY" etd588~1 Sep 9 2009 0 "etilqs_PgcS0mHeT3ryPvngPYIu" etdbec~1 Aug 4 2009 0 "etilqs_oKd52jZzjgsvD29yhQfx" etde72~1 Aug 8 2009 516 "etilqs_eJjTqsGVg665narHiOft" etdfaa~1 Aug 8 2009 0 "etilqs_fD0pYyYsduPYL5UFlDl1" ete94d~1 Jul 18 2009 36900 "etilqs_o841heGbF39p9C4h3Pyz" etea6c~1 Jul 19 2009 28704 "etilqs_5AUj0vdErkiNwgczYGWm" etf11a~1 Aug 19 2009 0 "etilqs_O6vdsGcK7taJReiP1xeF" etf567~1 Jul 16 2009 12304 "etilqs_mYbQGIgKzd5fYQgrDIW1" etfc29~1 Aug 8 2009 0 "etilqs_QrHwhlqlUcNai5jmBvlh" etfd98~1 Aug 29 2009 0 "etilqs_IBo6Aenay0JuGySwh1XR" flyerc~1.png Sep 13 2009 90331 "FLYER copy56.png" homewo~1.doc Sep 13 2009 83456 "Homework.Professional_Engineeing_Institute.doc" image005.jpg Sep 13 2009 83481 "image005.jpg" inourt~1.ram Sep 16 2009 156 "inourtime_20070517.ram" inv_23~1.pdf Jul 12 2009 67605 "Inv_2345_from_Irvine_Instit.pdf" inv_23~2.pdf Jul 15 2009 71142 "Inv_2344_from_Irvine_Instit.pdf" is3741~1.doc Sep 18 2009 246784 "IS 3741_BLOG ENTRY 1 revised FINAL.doc" lightn~1.pdf Sep 13 2009 903619 "Lightning.pdf" linear~1.pdf Sep 13 2009 760252 "LinearCirAnalysis.pdf" math_p~1.pdf Sep 13 2009 1031451 "MATH_Part1.pdf" math_p~2.pdf Sep 13 2009 1113249 "MATH_Part2.pdf" math_p~3.pdf Sep 13 2009 258100 "MATH_Part3.pdf" nec_re~1.pdf Sep 13 2009 779433 "NEC_Review.pdf" resume-2.doc Aug 1 2009 40448 "RESUME-2.doc" resume-3.doc Sep 27 2009 30208 "Resume-3.doc" resume~1.doc Aug 1 2009 15038 "Resume Coverletter.docx" short_~1.pdf Sep 13 2009 768822 "Short_Circuit.pdf" transf~1.pdf Aug 8 2009 690774 "Transformers.pdf" transf~2.pdf Aug 8 2009 690774 "Transformers-1.pdf" transf~3.pdf Sep 13 2009 690774 "Transformers-2.pdf" transf~4.pdf Sep 13 2009 690774 "Transformers-3.pdf" transl~1.pdf Sep 13 2009 976164 "TransLines.pdf" ~df54ac.tmp Oct 2 2009 512 "~DF54AC.tmp" 76 items found: 75 files (40 H/S), 1 directory. Total of file sizes: 19,610,438 bytes 18.70 M -------------------------------------------------------------------------- Items in Templates Folder: -------------------------------------------------------------------------- Locating all files created in C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Templates No matches found. -------------------------------------------------------------------------- Items in Program Files: -------------------------------------------------------------------------- Locating all files created in C:\Program Files\ within the last 90 days. "C:\Program Files\" A-SQUA~1 Oct 2 2009 "a-squared Free" A-SQUA~2 Oct 2 2009 "a-squared HiJackFree" A-SQUA~1 Oct 2 2009 "a-squared Free" A-SQUA~2 Oct 2 2009 "a-squared HiJackFree" EXPLOR~1 Oct 2 2009 "ExplorerXP" MI2020~1 Jul 30 2009 "Microsoft Silverlight" OBJECT~1 Sep 13 2009 "Object Fix Zip" WINDOW~1 Oct 2 2009 "Windows Mail" 8 items found: 0 files, 8 directories. Locating all files created in C:\Program Files\Common Files\ within the last 90 days. No matches found. Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days. No matches found. -------------------------------------------------------------------------- Items in the Windows Directory: -------------------------------------------------------------------------- Locating all files created in C:\Windows\ within the last 90 days. "C:\Windows\" bootstat.dat Oct 1 2009 67584 "bootstat.dat" ocsetu~2.dpx Aug 15 2009 65536 "ocsetup_cbs_install_NetFx3.dpx" ocsetu~2.etl Aug 15 2009 43712512 "ocsetup_install_NetFx3.etl" ocsetu~2.per Aug 15 2009 131072 "ocsetup_cbs_install_NetFx3.perf" window~1.log Oct 1 2009 1235909 "WindowsUpdate.log" 5 items found: 5 files (1 H/S), 0 directories. Total of file sizes: 45,212,613 bytes 43.12 M -------------------------------------------------------------------------- C:\Windows\Downloaded Program Files: -------------------------------------------------------------------------- Locating all files created in C:\Windows\Downloaded Program Files\ within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\Windows\system: -------------------------------------------------------------------------- Locating all files created in C:\Windows\system within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\Windows\system32: -------------------------------------------------------------------------- Locating all files created in C:\Windows\system32 within the last 90 days. "C:\Windows\System32\" 7b296f~1.c74 Oct 2 2009 3072 "7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0" 7b296f~1.c74 Oct 2 2009 3072 "7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0" 7b296f~2.c74 Oct 2 2009 3072 "7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0" admparse.dll Jul 18 2009 72704 "admparse.dll" advpack.dll Jul 18 2009 124928 "advpack.dll" amcompat.tlb Jul 14 2009 18432 "amcompat.tlb" apphlpdm.dll Aug 28 2009 28672 "Apphlpdm.dll" arp.exe Aug 14 2009 19968 "ARP.EXE" atl.dll Jul 17 2009 71680 "atl.dll" dxmasf.dll Jul 14 2009 4096 "dxmasf.dll" dxtmsft.dll Jul 18 2009 347136 "dxtmsft.dll" dxtrans.dll Jul 18 2009 214528 "dxtrans.dll" finger.exe Aug 14 2009 10240 "finger.exe" fntcache.dat Jul 15 2009 371376 "FNTCACHE.DAT" gameux.dll Aug 28 2009 1686528 "gameux.dll" hostname.exe Aug 14 2009 8704 "HOSTNAME.EXE" html.iec Jul 18 2009 389120 "html.iec" icardie.dll Jul 18 2009 63488 "icardie.dll" ie4uinit.exe Jul 18 2009 70656 "ie4uinit.exe" ieaksie.dll Jul 18 2009 230400 "ieaksie.dll" ieakui.dll Jul 18 2009 161792 "ieakui.dll" ieapfltr.dll Jul 18 2009 380928 "ieapfltr.dll" iedkcs32.dll Jul 18 2009 385024 "iedkcs32.dll" ieencode.dll Jul 18 2009 78336 "ieencode.dll" ieframe.dll Jul 18 2009 6067200 "ieframe.dll" iernonce.dll Jul 18 2009 44544 "iernonce.dll" iertutil.dll Jul 18 2009 268288 "iertutil.dll" iesetup.dll Jul 18 2009 56320 "iesetup.dll" ieui.dll Jul 18 2009 180736 "ieui.dll" ieunatt.exe Jul 18 2009 26624 "ieUnatt.exe" inetcpl.cpl Jul 18 2009 1830912 "inetcpl.cpl" jsproxy.dll Jul 18 2009 27648 "jsproxy.dll" l2sechc.dll Jul 11 2009 123904 "L2SecHC.dll" mrinfo.exe Aug 14 2009 11264 "MRINFO.EXE" msdxm.ocx Jul 14 2009 4096 "msdxm.ocx" msdxm.tlb Jul 14 2009 43520 "msdxm.tlb" msfeeds.dll Jul 18 2009 459264 "msfeeds.dll" mshtml.dll Jul 18 2009 3597824 "mshtml.dll" mshtml.tlb Jul 18 2009 1383424 "mshtml.tlb" mshtmled.dll Jul 18 2009 477696 "mshtmled.dll" mshtmler.dll Jul 18 2009 48128 "mshtmler.dll" mstime.dll Jul 18 2009 671232 "mstime.dll" netevent.dll Aug 14 2009 15360 "netevent.dll" netiohlp.dll Aug 14 2009 103936 "netiohlp.dll" netiougc.exe Aug 14 2009 22016 "netiougc.exe" netstat.exe Aug 14 2009 27136 "NETSTAT.EXE" occache.dll Jul 18 2009 102912 "occache.dll" perfc009.dat Sep 26 2009 104024 "perfc009.dat" perfh009.dat Sep 26 2009 618648 "perfh009.dat" perfst~1.ini Sep 26 2009 716948 "PerfStringBackup.INI" pngfilt.dll Jul 18 2009 44544 "pngfilt.dll" route.exe Aug 14 2009 17920 "ROUTE.EXE" spwmp.dll Jul 14 2009 7680 "spwmp.dll" tcpipcfg.dll Aug 14 2009 167424 "tcpipcfg.dll" tcpsvcs.exe Aug 14 2009 9728 "TCPSVCS.EXE" urlmon.dll Jul 18 2009 1159680 "urlmon.dll" wininet.dll Jul 18 2009 827392 "wininet.dll" wlan.tmf Jul 11 2009 1657350 "wlan.tmf" wlanapi.dll Jul 11 2009 47104 "wlanapi.dll" wlanhlp.dll Jul 11 2009 67584 "wlanhlp.dll" wlanmsm.dll Jul 11 2009 290816 "wlanmsm.dll" wlansec.dll Jul 11 2009 297984 "wlansec.dll" wlansvc.dll Jul 11 2009 502272 "wlansvc.dll" wmp.dll Jul 14 2009 10621952 "wmp.dll" wmpdxm.dll Jul 14 2009 313344 "wmpdxm.dll" wmploc.dll Jul 14 2009 8147968 "wmploc.DLL" wuapp.exe Aug 6 2009 33792 "wuapp.exe" wuauclt.exe Aug 6 2009 53472 "wuauclt.exe" wuaueng.dll Aug 6 2009 1929952 "wuaueng.dll" wucltux.dll Aug 6 2009 2421760 "wucltux.dll" wups2.dll Aug 6 2009 44768 "wups2.dll" wuwebv.dll Aug 6 2009 171608 "wuwebv.dll" 72 items found: 72 files (3 H/S), 0 directories. Total of file sizes: 50,617,650 bytes 48.27 M -------------------------------------------------------------------------- C:\Windows\system32\com: -------------------------------------------------------------------------- Locating all files created in C:\Windows\system32\com within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\Windows\system32\drivers: -------------------------------------------------------------------------- Locating all files created in C:\Windows\system32\drivers within the last 90 days. "C:\Windows\System32\drivers\" netio.sys Aug 14 2009 213592 "netio.sys" tcpip.sys Aug 14 2009 813568 "tcpip.sys" 2 items found: 2 files, 0 directories. Total of file sizes: 1,027,160 bytes 1,003.09 K -------------------------------------------------------------------------- C:\Windows\system32\drivers\etc: -------------------------------------------------------------------------- Locating all files created in C:\Windows\system32\drivers\etc within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\Windows\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\Windows\TEMP within the last 90 days. No matches found. ************************************************************************************ Checking for .COM files to Delete. They will only print if deleted! Locating .COM files in the C:\Windows\System32 folder "C:\Windows\System32\" chcp.com Nov 2 2006 11776 "chcp.com" command.com Nov 2 2006 50648 "COMMAND.COM" diskcomp.com Nov 2 2006 13824 "diskcomp.com" diskcopy.com Nov 2 2006 11264 "diskcopy.com" edit.com Sep 18 2006 69886 "edit.com" format.com Nov 2 2006 35328 "format.com" graftabl.com Nov 2 2006 56320 "graftabl.com" graphics.com Nov 2 2006 19694 "GRAPHICS.COM" kb16.com Nov 2 2006 14710 "KB16.COM" loadfix.com Nov 2 2006 1131 "LOADFIX.COM" mode.com Nov 2 2006 25088 "mode.com" more.com Nov 2 2006 20992 "more.com" tree.com Nov 2 2006 16384 "tree.com" win.com Nov 2 2006 6656 "win.com" 14 items found: 14 files, 0 directories. Total of file sizes: 353,701 bytes 345.41 K ************************************************************************************ Miscellaneous Malware Detections: ------------------------------------------------------------------------------------ **** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! **** **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! **** **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! **** **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! **** **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! **** **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! **** **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! **** **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! **** **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! **** **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! **** **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! **** **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! **** **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! **** **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! **** **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! **** **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! **** **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! **** **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! **** **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! **** **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! **** **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! **** **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! **** **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! **** **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! **** **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! **** **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! **** **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! **** **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! **** **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! **** **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! **** **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! **** **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! **** **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! **** **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! **** **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! **** **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! **** **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! **** **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! **** **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! **** **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! **** **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! **** **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! **** **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! **** **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! **** **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! **** **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! **** **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! **** **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! **** **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! **** **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! **** **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! **** **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! **** **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! **** **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! **** **** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! **** **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! **** **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! **** **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! **** **** W32/Almanahe.a Worm NOT FOUND by this tool! **** **** msctl32.dll SpamBot NOT FOUND by this tool! **** **** KeyLogger NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR BOT-TYPE WORMS: -------------------------------------------------------------------------- **** W32/Sdbot Worm NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: -------------------------------------------------------------------------- **** i386p.* Stealthing Agent NOT FOUND by this tool! **** **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: -------------------------------------------------------------------------- **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! **** **** CmdService adware NOT FOUND by this tool! **** **** Network_Monitor adware NOT FOUND by this tool! **** **** Trojan.Peacomm NOT FOUND by this tool! **** **** Trojan.Peacomm windev NOT FOUND by this tool! **** **** AVPE Haxdoor NOT FOUND by this tool! **** **** MEMLOW Haxdoor NOT FOUND by this tool! **** **** VDMT Haxdoor NOT FOUND by this tool! **** **** YCSVGA Haxdoor NOT FOUND by this tool! **** **** PPTP Haxdoor FOUND by this tool! **** CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport HKEY_LOCAL_MACHINE\system\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\RasHelperClass\HelperClasses\CPPTPDiagHelper LocDescription REG_SZ @netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol AllowPPTPWeakCrypto REG_DWORD 0 (0x0) DisableStatefulPPTP REG_DWORD 0 (0x0) RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE| RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE| DisableStatefulPPTP REG_DWORD 0 (0x0) RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE| RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE| HKEY_LOCAL_MACHINE\system\ControlSet003\Control\NetDiagFx\Microsoft\HostDLLs\RasHelperClass\HelperClasses\CPPTPDiagHelper LocDescription REG_SZ @netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol AllowPPTPWeakCrypto REG_DWORD 0 (0x0) DisableStatefulPPTP REG_DWORD 0 (0x0) RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE| RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE| DisableStatefulPPTP REG_DWORD 0 (0x0) RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE| RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE| HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\RasHelperClass\HelperClasses\CPPTPDiagHelper LocDescription REG_SZ @netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol AllowPPTPWeakCrypto REG_DWORD 0 (0x0) DisableStatefulPPTP REG_DWORD 0 (0x0) RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE| RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE| DisableStatefulPPTP REG_DWORD 0 (0x0) RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE| RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE| **** DVB Haxdoor NOT FOUND by this tool! **** **** YVBB Haxdoor NOT FOUND by this tool! **** **** YVPP Haxdoor NOT FOUND by this tool! **** **** NKGFS Haxdoor NOT FOUND by this tool! **** **** XMSK Haxdoor NOT FOUND by this tool! **** **** AVPX Haxdoor NOT FOUND by this tool! **** **** MMXF Haxdoor NOT FOUND by this tool! **** **** DP1112 Vundo Rootkit NOT FOUND by this tool! **** **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! **** **** I386P Rootkit Driver NOT FOUND by this tool! **** **** ERSSDD Rootkit NOT FOUND by this tool! **** **** GencTurK RootKit NOT FOUND by this tool! **** **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! **** **** W32/Almanahe.sys NOT FOUND by this tool! **** ************************************************************************************ Dumping HKLM Uninstall Programs list DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ 2007 Microsoft Office Suite Service Pack 1 (SP1) DisplayName REG_SZ a-squared Free 4.5 DisplayName REG_SZ a-squared HiJackFree 3.1 DisplayName REG_SZ Acer Arcade DisplayName REG_SZ Acer Assist DisplayName REG_SZ Acer eDataSecurity Management DisplayName REG_SZ Acer eLock Management DisplayName REG_SZ Acer Empowering Technology DisplayName REG_SZ Acer eNet Management DisplayName REG_SZ Acer ePower Management DisplayName REG_SZ Acer ePresentation Management DisplayName REG_SZ Acer eSettings Management DisplayName REG_SZ Acer GridVista DisplayName REG_SZ Acer Mobility Center Plug-In DisplayName REG_SZ Acer Registration DisplayName REG_SZ Acer ScreenSaver DisplayName REG_SZ Acer Tour DisplayName REG_SZ Adobe Flash Player 10 ActiveX DisplayName REG_SZ Adobe Flash Player Plugin DisplayName REG_SZ Adobe Photoshop 7.0 DisplayName REG_SZ Adobe Reader 7.1.0 DisplayName REG_SZ Agere Systems HDA Modem DisplayName REG_SZ AIM 6 DisplayName REG_SZ AIM Toolbar 5.0 DisplayName REG_SZ AppCore DisplayName REG_SZ Apple Mobile Device Support DisplayName REG_SZ Apple Software Update DisplayName REG_SZ Ares Tube 3.0 DisplayName REG_SZ Autodesk Student Community Download Tool DisplayName REG_SZ AV DisplayName REG_SZ AVS Update Manager 1.0 DisplayName REG_SZ AVS Video Converter 6 DisplayName REG_SZ AVS4YOU Software Navigator 1.3 DisplayName REG_SZ BitTorrent 5.0.7 DisplayName REG_SZ Bonjour DisplayName REG_SZ ccCommon DisplayName REG_SZ DivX Web Player DisplayName REG_SZ doPDF 6.2 printer DisplayName REG_SZ Dynex 1.3MP Webcam Driver (1.00.03.0000) DisplayName REG_SZ Dynex Webcam User's Guide DisplayName REG_SZ ExplorerXP (remove only) DisplayName REG_SZ Google Earth DisplayName REG_SZ Google SketchUp 6 DisplayName REG_SZ Google SketchUp 6 DisplayName REG_SZ Google Toolbar for Internet Explorer DisplayName REG_SZ Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) DisplayName REG_SZ Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) DisplayName REG_SZ Intel(R) Graphics Media Accelerator Driver DisplayName REG_SZ iPod for Windows 2005-03-23 DisplayName REG_SZ iPod for Windows 2005-03-23 DisplayName REG_SZ iTunes DisplayName REG_SZ Java(TM) SE Runtime Environment 6 Update 1 DisplayName REG_SZ Launch Manager DisplayName REG_SZ LightScribe 1.4.136.1 DisplayName REG_SZ LimeWire 4.16.6 DisplayName REG_SZ Live! Cam Center DisplayName REG_SZ LiveUpdate 3.2 (Symantec Corporation) DisplayName REG_SZ LiveUpdate Notice (Symantec Corporation) DisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 DisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 DisplayName REG_SZ Microsoft Office Access MUI (English) 2007 DisplayName REG_SZ Microsoft Office Access Setup Metadata MUI (English) 2007 DisplayName REG_SZ Microsoft Office Enterprise 2007 DisplayName REG_SZ Microsoft Office Enterprise 2007 DisplayName REG_SZ Microsoft Office Excel MUI (English) 2007 DisplayName REG_SZ Microsoft Office Groove MUI (English) 2007 DisplayName REG_SZ Microsoft Office Groove Setup Metadata MUI (English) 2007 DisplayName REG_SZ Microsoft Office InfoPath MUI (English) 2007 DisplayName REG_SZ Microsoft Office OneNote MUI (English) 2007 DisplayName REG_SZ Microsoft Office Outlook MUI (English) 2007 DisplayName REG_SZ Microsoft Office PowerPoint MUI (English) 2007 DisplayName REG_SZ Microsoft Office Proof (English) 2007 DisplayName REG_SZ Microsoft Office Proof (French) 2007 DisplayName REG_SZ Microsoft Office Proof (Spanish) 2007 DisplayName REG_SZ Microsoft Office Proofing (English) 2007 DisplayName REG_SZ Microsoft Office Publisher MUI (English) 2007 DisplayName REG_SZ Microsoft Office Shared MUI (English) 2007 DisplayName REG_SZ Microsoft Office Shared Setup Metadata MUI (English) 2007 DisplayName REG_SZ Microsoft Office Word MUI (English) 2007 DisplayName REG_SZ Microsoft Silverlight DisplayName REG_SZ Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 DisplayName REG_SZ Microsoft Visual C++ 2005 Redistributable DisplayName REG_SZ MobileMe Control Panel DisplayName REG_SZ Mozilla Firefox (3.0.14) DisplayName REG_SZ MSRedist DisplayName REG_SZ MSXML 4.0 SP2 (KB927978) DisplayName REG_SZ MSXML 4.0 SP2 (KB936181) DisplayName REG_SZ MSXML 4.0 SP2 (KB941833) DisplayName REG_SZ MSXML 4.0 SP2 (KB954430) DisplayName REG_SZ MyPDFCreator DisplayName REG_SZ MySpaceIM DisplayName REG_SZ Norton AntiVirus DisplayName REG_SZ Norton Confidential Browser Component DisplayName REG_SZ Norton Confidential Web Protection Component DisplayName REG_SZ Norton Internet Security DisplayName REG_SZ Norton Internet Security DisplayName REG_SZ Norton Internet Security DisplayName REG_SZ Norton Internet Security DisplayName REG_SZ Norton Internet Security (Symantec Corporation) DisplayName REG_SZ Norton Protection Center DisplayName REG_SZ NTI Backup NOW! 4.7 DisplayName REG_SZ NTI CD & DVD-Maker DisplayName REG_SZ NTI CD & DVD-Maker DisplayName REG_SZ Object Fix Zip DisplayName REG_SZ Picasa 2 DisplayName REG_SZ PLAYSTATION(R)Network Downloader DisplayName REG_SZ QuickTime DisplayName REG_SZ Realtek High Definition Audio Driver DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB951550) DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB951944) DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB969559) DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB969679) DisplayName REG_SZ Security Update for CAPICOM (KB931906) DisplayName REG_SZ Security Update for CAPICOM (KB931906) DisplayName REG_SZ Security Update for Microsoft Office Excel 2007 (KB969682) DisplayName REG_SZ Security Update for Microsoft Office OneNote 2007 (KB950130) DisplayName REG_SZ Security Update for Microsoft Office PowerPoint 2007 (KB957789) DisplayName REG_SZ Security Update for Microsoft Office Publisher 2007 (KB969693) DisplayName REG_SZ Security Update for Microsoft Office system 2007 (KB954326) DisplayName REG_SZ Security Update for Microsoft Office system 2007 (KB969613) DisplayName REG_SZ Security Update for Microsoft Office Word 2007 (KB969604) DisplayName REG_SZ Security Update for Visio 2007 (KB947590) DisplayName REG_SZ SPBBC 32bit DisplayName REG_SZ Symantec Real Time Storage Protection Component DisplayName REG_SZ SymNet DisplayName REG_SZ Synaptics Pointing Device Driver DisplayName REG_SZ Texas Instruments PCIxx21/x515/xx12 drivers. DisplayName REG_SZ TIPCI DisplayName REG_SZ Update for 2007 Microsoft Office System (KB967642) DisplayName REG_SZ Update for Microsoft .NET Framework 3.5 SP1 (KB963707) DisplayName REG_SZ Update for Microsoft Office 2007 Help for Common Features (KB963673) DisplayName REG_SZ Update for Microsoft Office Access 2007 Help (KB963663) DisplayName REG_SZ Update for Microsoft Office Excel 2007 Help (KB963678) DisplayName REG_SZ Update for Microsoft Office Infopath 2007 Help (KB963662) DisplayName REG_SZ Update for Microsoft Office OneNote 2007 Help (KB963670) DisplayName REG_SZ Update for Microsoft Office Outlook 2007 (KB969907) DisplayName REG_SZ Update for Microsoft Office Outlook 2007 Help (KB963677) DisplayName REG_SZ Update for Microsoft Office Powerpoint 2007 Help (KB963669) DisplayName REG_SZ Update for Microsoft Office Publisher 2007 Help (KB963667) DisplayName REG_SZ Update for Microsoft Office Script Editor Help (KB963671) DisplayName REG_SZ Update for Microsoft Office Word 2007 Help (KB963665) DisplayName REG_SZ Update for Outlook 2007 Junk Email Filter (kb973514) DisplayName REG_SZ VideoLAN VLC media player 0.8.6b DisplayName REG_SZ Viewpoint Media Player DisplayName REG_SZ Windows Media Player Firefox Plugin DisplayName REG_SZ WinZip 11.1 DisplayName REG_SZ Xvid 1.1.3 final uninstall DisplayName REG_SZ Yahoo! Browser Services DisplayName REG_SZ Yahoo! IE Search Suggest DisplayName REG_SZ Yahoo! Install Manager DisplayName REG_SZ Yahoo! Internet Mail DisplayName REG_SZ Yahoo! Messenger DisplayName REG_SZ Yahoo! Toolbar DisplayName REG_SZ Yahoo! Toolbar ParentDisplayName REG_SZ CAPICOM ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ParentDisplayName REG_SZ Microsoft Office Enterprise 2007 ##################################################################################################### -- All DONE! ~ ShadowPuterDude Logfile of HiJackFree v3.0 Scan saved at 11:30:30 PM, on 10/2/2009 Platform: Windows Vista32 (Windows NT 6.0.6000) MSIE: Internet Explorer v 7.0 (7.0.6000.16890) Running processes: C:\Windows\System32\smss.exe C:\Windows\System32\csrss.exe C:\Windows\System32\wininit.exe C:\Windows\System32\csrss.exe C:\Windows\System32\winlogon.exe C:\Windows\System32\services.exe C:\Windows\System32\lsass.exe C:\Windows\System32\lsm.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\SLsvc.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe C:\Windows\System32\dwm.exe C:\Windows\explorer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Windows\System32\wpcumi.exe C:\Windows\V0500Mon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Users\MeEiLaH\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\System32\igfxext.exe C:\Windows\System32\igfxsrvc.exe C:\Windows\System32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\System32\svchost.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe C:\Windows\System32\SearchIndexer.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\System32\wbem\unsecapp.exe C:\Windows\System32\taskeng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\wbem\unsecapp.exe C:\Windows\System32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Windows\System32\taskeng.exe C:\Windows\System32\wuauclt.exe C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\a-squared HiJackFree\a2hijackfree.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Acer Tour] O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [setPanel] O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [eRecoveryService] O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [V0500Mon.exe] C:\Windows\V0500Mon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKLM\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKLM\..\Run: [inixs] C:\Windows\system32\minix32.exe O7 - Regedit - Enabled O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra "Tools" menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - c:\program files\aol\aim toolbar 5.0\resources\en-US\aoltbres.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\icons\services.ico,0 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBAR.ICO O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll O14 - IERESET.INF: SearchAssistant= O14 - IERESET.INF: CustomizeSearch= O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O20 - AppInit_DLLs: eNetHook.dll O20 - Winlogon Notify: igfxcui - igfxdev.dll O21 - ShellServiceObjectDelayLoad: WebCheck - O22 - SharedTaskScheduler: Component Categories cache daemon - C:\Windows\system32\browseui.dll O23 - Service: a-squared Free Service - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Application Experience Service - C:\Windows\system32\svchost.exe O23 - Service: Agere Modem Call Progress Audio - C:\Windows\system32\agrsmsvc.exe O23 - Service: Application Layer Gateway Service - C:\Windows\System32\alg.exe O23 - Service: Application Information Service - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe O23 - Service: Automatic LiveUpdate Scheduler - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Background Intelligent Transfer Service - C:\Windows\System32\svchost.exe O23 - Service: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Computer Browser Service DLL - C:\Windows\System32\svchost.exe O23 - Service: Symantec Event Manager - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe O23 - Service: CyberLink Background Capture Service (CBCS) - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe O23 - Service: CyberLink Task Scheduler (CTS) - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: COMSysApp - C:\Windows\system32\dllhost.exe O23 - Service: Cryptographic Services - C:\Windows\system32\svchost.exe O23 - Service: CyberLink Media Library Service - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: DFSR - C:\Windows\system32\DFSR.exe O23 - Service: DHCP Client Service - C:\Windows\system32\svchost.exe O23 - Service: DNS Client API DLL - C:\Windows\system32\svchost.exe O23 - Service: Wired AutoConfig Service - C:\Windows\system32\svchost.exe O23 - Service: Microsoft EAPHost service - C:\Windows\System32\svchost.exe O23 - Service: eDataSecurity Service - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: ReadyBoost Service - C:\Windows\system32\svchost.exe O23 - Service: eNet Service - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Event Logging Service - C:\Windows\System32\svchost.exe O23 - Service: EventSystem - C:\Windows\system32\svchost.exe O23 - Service: WS Discovery Service - C:\Windows\system32\svchost.exe O23 - Service: Function Discovery Resource Publication Service - C:\Windows\system32\svchost.exe O23 - Service: Windows Presentation Foundation Host - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe O23 - Service: Google Updater Service - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HID Service - C:\Windows\system32\svchost.exe O23 - Service: Key Management Service - C:\Windows\System32\svchost.exe O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe O23 - Service: IKE extension - C:\Windows\system32\svchost.exe O23 - Service: PnP-X IP Bus Enumerator DLL - C:\Windows\system32\svchost.exe O23 - Service: Service that offers IPv6 connectivity over an IPv4 network. - C:\Windows\System32\svchost.exe O23 - Service: iPod Service - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Infrared Monitor - C:\Windows\system32\svchost.exe O23 - Service: Symantec IS Password Validation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: KeyIso - C:\Windows\system32\lsass.exe O23 - Service: KtmRm - C:\Windows\System32\svchost.exe O23 - Service: Server Service DLL - C:\Windows\system32\svchost.exe O23 - Service: Workstation Service DLL - C:\Windows\System32\svchost.exe O23 - Service: LightScribeService Direct Disc Labeling Service - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Link-Layer Topology Discovery Resources - C:\Windows\System32\svchost.exe O23 - Service: TCPIP NetBios Transport Services DLL - C:\Windows\system32\svchost.exe O23 - Service: Microsoft Office Groove Audit Service - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe O23 - Service: MobilityService - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Windows Firewall API - C:\Windows\system32\svchost.exe O23 - Service: MSDTC - C:\Windows\System32\msdtc.exe O23 - Service: iSCSI Discovery api - C:\Windows\system32\svchost.exe O23 - Service: Windows® Installer International Messages - C:\Windows\system32\msiexec O23 - Service: Quarantine Agent Service Run-Time - C:\Windows\System32\svchost.exe O23 - Service: Net Logon Services DLL - C:\Windows\system32\lsass.exe O23 - Service: Network Connections Manager - C:\Windows\System32\svchost.exe O23 - Service: Network Profile Management UI - C:\Windows\System32\svchost.exe O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe O23 - Service: Network Location Awareness 2 - C:\Windows\System32\svchost.exe O23 - Service: Network Store Interface RPC server - C:\Windows\system32\svchost.exe O23 - Service: Microsoft Office Diagnostics Service - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE O23 - Service: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe O23 - Service: Program Compatibility Assistant Service - C:\Windows\system32\svchost.exe O23 - Service: Performance Logs & Alerts - C:\Windows\System32\svchost.exe O23 - Service: User-mode Plug-and-Play Service - C:\Windows\system32\svchost.exe O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe O23 - Service: Policy Storage dll - C:\Windows\system32\svchost.exe O23 - Service: ProfSvc - C:\Windows\system32\svchost.exe O23 - Service: Protected Storage default provider - C:\Windows\system32\lsass.exe O23 - Service: Windows NT - C:\Windows\\system32\svchost.exe O23 - Service: Remote Access AutoDial Manager - C:\Windows\system32\svchost.exe O23 - Service: Remote Access Connection Manager - C:\Windows\system32\svchost.exe O23 - Service: RemoteRegistry - C:\Windows\system32\svchost.exe O23 - Service: Cyberlink RichVideo Service(CRVS) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Rpc Locator - C:\Windows\system32\locator.exe O23 - Service: Smart Card Resource Management Server - C:\Windows\system32\svchost.exe O23 - Service: Task Scheduler Service - C:\Windows\system32\svchost.exe O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe O23 - Service: Microsoft® Windows Backup Service - C:\Windows\system32\svchost.exe O23 - Service: System Event Notification Service (SENS) - C:\Windows\system32\svchost.exe O23 - Service: Terminal Services Configuration service - C:\Windows\System32\svchost.exe O23 - Service: Microsoft NAT Helper Components - C:\Windows\System32\svchost.exe O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe O23 - Service: Microsoft Software Licensing Service - C:\Windows\system32\SLsvc.exe O23 - Service: Software Licensing UI Notification Service - C:\Windows\system32\svchost.exe O23 - Service: SNMP Trap - C:\Windows\System32\snmptrap.exe O23 - Service: SSDP Service DLL - C:\Windows\system32\svchost.exe O23 - Service: Still Image Devices Service - C:\Windows\system32\svchost.exe O23 - Service: Microsoft® Volume Shadow Copy Service software provider - C:\Windows\System32\svchost.exe O23 - Service: Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Superfetch Service Host - C:\Windows\system32\svchost.exe O23 - Service: Microsoft Tablet PC Input Service - C:\Windows\System32\svchost.exe O23 - Service: Microsoft® Windows Telephony Server - C:\Windows\System32\svchost.exe O23 - Service: TBS Service - C:\Windows\System32\svchost.exe O23 - Service: Terminal Server Remote Connections Manager - C:\Windows\System32\svchost.exe O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe O23 - Service: Interactive services detection - C:\Windows\system32\UI0Detect.exe O23 - Service: UPnP Device Host - C:\Windows\system32\svchost.exe O23 - Service: Desktop Window Manager - C:\Windows\System32\svchost.exe O23 - Service: Virtual Disk Service - C:\Windows\System32\vds.exe O23 - Service: Viewpoint Manager Service - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Microsoft® Volume Shadow Copy Service - C:\Windows\system32\vssvc.exe O23 - Service: Windows Time Service - C:\Windows\system32\svchost.exe O23 - Service: Windows Connect Now - Config Registrar Service - C:\Windows\System32\svchost.exe O23 - Service: WcsPlugInService DLL - C:\Windows\system32\svchost.exe O23 - Service: Web DAV Service DLL - C:\Windows\system32\svchost.exe O23 - Service: Event Collector Service - C:\Windows\system32\svchost.exe O23 - Service: Problem Reports and Solutions - C:\Windows\System32\svchost.exe O23 - Service: Windows Error Reporting Service - C:\Windows\System32\svchost.exe O23 - Service: Resource Module - C:\Windows\System32\svchost.exe O23 - Service: Windows HTTP Services - C:\Windows\system32\svchost.exe O23 - Service: WMI - C:\Windows\system32\svchost.exe O23 - Service: WSMan Service - C:\Windows\System32\svchost.exe O23 - Service: Windows WLAN AutoConfig Service DLL - C:\Windows\system32\svchost.exe O23 - Service: WMI Performance Reverse Adapter - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: ePower Service - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: Windows Media Player Network Sharing Service - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: WPC Filtering Service - C:\Windows\system32\svchost.exe O23 - Service: Portable Device Enumerator - C:\Windows\system32\svchost.exe O23 - Service: Windows Security Center Service - C:\Windows\System32\svchost.exe O23 - Service: Microsoft Windows Search Indexer - C:\Windows\system32\SearchIndexer.exe O23 - Service: Windows Update Agent - C:\Windows\system32\svchost.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework Service - C:\Windows\system32\svchost.exe [/code