dont click the exe

Trojan.Win32.Scar!IK

Recommended Posts

To Whom It May Concern:

Thank you for A-Squared software. I've always been infection free until today; i inadvertently doubleclicked an .exe file from an untrusted source. I immediately did a 'face-palm' as I know better than to execute untrusted .exe files. Despite realizing that it was already too late, I tried unsuccessfully to delete the offending .exe file.

windows error message:

Error message:

[2384]

C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe can not be deleted. Please consult the experts in

the a-squared online forum for help with manual removal of this Malware:



i then knew that there was a problem. I googled "free online trojan remover", and found a-squared. immediately installed a-squared and scanned computer, found one 'red urgent' file; which i immediately 'quarantined'.

then came to the forum for guidance. found and read the 'pre-request cleaning steps." saw the "do not quarantine" request. sorry, i already did; hopefully you can still assist.

i feel like this is open heart surgery. i give you lots of credit. is there anything you can do? does a 'magic bullet' needed to be engineered for each new trojan that has to be removed manually? is there a silver bullet which will clean up many malicious trojans? what is my prognosis, Doctor? how bad can it be? how concerned should i be? i'll never again execute an odd .exe file... please help. is it unsafe to log into my online banking? or did the trojan already find the sensitive data?

scan settings:
.........
a-squared Free - Version 4.5
Last update: 10/2/2009 7:58:30 PM

Scan settings:

Scan type: Smart Scan
Objects: Memory, Traces, Cookies, C:\Windows\, C:\Program Files
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:	10/2/2009 8:00:12 PM

[2384] C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe 	detected: Trojan.Win32.Scar!IK
[2408] C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe 	detected: Trojan.Win32.Scar!IK
c:\program files\funwebproducts 	detected: Trace.Directory.FunWebProducts!A2
c:\program files\funwebproducts\screensaver 	detected: Trace.Directory.MyWebSearch Toolbar!A2
c:\program files\funwebproducts\screensaver\images 	detected: Trace.Directory.MyWebSearch Toolbar!A2
c:\program files\mywebsearch\bar 	detected: Trace.Directory.MyWebSearch Toolbar!A2
c:\program files\mywebsearch\bar\history 	detected: Trace.Directory.MyWebSearch Toolbar!A2
c:\program files\mywebsearch\bar\settings 	detected: Trace.Directory.MyWebSearch Toolbar!A2
c:\program files\mywebsearch 	detected: Trace.Directory.MyWebSearchToobar!A2
c:\program files\bittorrent 	detected: Trace.Directory.Bittorrent 5.0!A2
c:\programdata\microsoft\windows\start menu\programs\bittorrent 	detected: Trace.Directory.Bittorrent 5.0!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} 	detected: Trace.Registry.MyWebSearch!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} 	detected: Trace.Registry.MyWebSearch!A2
c:\program files\mywebsearch\bar\settings\s_pid.dat 	detected: Trace.File.MyWebSearch Toolbar!A2
c:\program files\bittorrent\bittorrent.exe 	detected: Trace.File.Bittorrent 5.0!A2
c:\program files\bittorrent\license.txt 	detected: Trace.File.Bittorrent 5.0!A2
c:\programdata\microsoft\windows\start menu\programs\bittorrent\bittorrent.lnk 	detected: Trace.File.Bittorrent 5.0!A2
Key: HKEY_CLASSES_ROOT\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} 	detected: Trace.Registry.FunWebProducts!A2
Key: HKEY_LOCAL_MACHINE\software\fun web products 	detected: Trace.Registry.FunWebProducts!A2
Value: HKEY_USERS\S-1-5-21-552986307-548765513-2518274501-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_USERS\S-1-5-21-552986307-548765513-2518274501-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> aim.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icq.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icqlite.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> incmail.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msimn.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msmsgs.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msn.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msnmsgr.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> mwsSrcAs.dll 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> outlook.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> waol.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> ypager.exe 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> AppName 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> Toolbar 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLDir 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLFile 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver --> ImagesDir 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqNone 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqUninstalled 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.0 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.numActive 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.0 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.numActive 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.1 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.2 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive2 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> JpegConversionLib 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> CurInstall 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Dir 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> HistoryDir 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Id 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pid 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pl 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> SettingsDir 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sr 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> CurInstall 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Dir 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> esh 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Id 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> lsp 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pid 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pl 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> sr 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SkinTools --> PlayerPath 	detected: Trace.Registry.MyWebSearch Toolbar!A2
Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} 	detected: Trace.Registry.MyWebSearchToobar!A2
Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} 	detected: Trace.Registry.MyWebSearchToobar!A2
Key: HKEY_USERS\S-1-5-21-552986307-548765513-2518274501-1000\software\mywebsearch 	detected: Trace.Registry.MyWebSearchToobar!A2
Key: HKEY_LOCAL_MACHINE\software\mywebsearch 	detected: Trace.Registry.MyWebSearchToobar!A2
C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.atdmt!A2
C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.doubleclick!A2
C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.media!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1217763071704015 	detected: Trace.TrackingCookie.doubleclick.net!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1217763071704026 	detected: Trace.TrackingCookie.doubleclick.net!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1232791438134000 	detected: Trace.TrackingCookie.msnbc.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233723795066000 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233752526001217 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233753523871217 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233754877179217 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1233930025259000 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1234046493419000 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1234918081117000 	detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1234966502673000 	detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1234966502950001 	detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1235816398286000 	detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236056379519000 	detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131762594 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131764594 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131764595 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131979596 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236453131980594 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236554673343000 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236556213093002 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236557051846002 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236557055833001 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236570025767000 	detected: Trace.TrackingCookie.ads.cnn.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236674640176152 	detected: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236676249543152 	detected: Trace.TrackingCookie.wt.o.nytimes.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236828131849169 	detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236829304070169 	detected: Trace.TrackingCookie.aol.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236835363906169 	detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236835363908169 	detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236835363908170 	detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236835363909170 	detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1236932301038000 	detected: Trace.TrackingCookie.www.burstbeacon.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1239159595080000 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1239945972057635 	detected: Trace.TrackingCookie.reuters.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1240558561192000 	detected: Trace.TrackingCookie.ads.bridgetrack.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1240558561192001 	detected: Trace.TrackingCookie.ads.bridgetrack.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241599605706000 	detected: Trace.TrackingCookie.ign.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616992623000 	detected: Trace.TrackingCookie.ign.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616992902000 	detected: Trace.TrackingCookie.ign.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616992982000 	detected: Trace.TrackingCookie.ign.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616996262000 	detected: Trace.TrackingCookie.ign.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1241616996274000 	detected: Trace.TrackingCookie.ign.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1242911294606000 	detected: Trace.TrackingCookie.ads.cnn.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1243826374348000 	detected: Trace.TrackingCookie.ign.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1243918509223000 	detected: Trace.TrackingCookie.ign.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1244686338475000 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1246540529273000 	detected: Trace.TrackingCookie.webtrends!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1246540534895000 	detected: Trace.TrackingCookie.ads.telegraph.co.uk!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1246639629761002 	detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1246734562163000 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248210065495000 	detected: Trace.TrackingCookie.2mdn.net!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248667347299000 	detected: Trace.TrackingCookie.ign.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248787202759000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248787203043001 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1248787208001000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263780000 	detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263783000 	detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263784000 	detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263785000 	detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1249014263786000 	detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251294336130000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251294339527000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251294342480000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251339085713005 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251566039460018 	detected: Trace.TrackingCookie.reuters.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251685895393000 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251689723045000 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251689872337001 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251955498946596 	detected: Trace.TrackingCookie.stat.onestat!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1251955498948597 	detected: Trace.TrackingCookie.stat.onestat!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252216165898000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252216168157000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252216171532000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252337293442000 	detected: Trace.TrackingCookie.msnbc.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252358578279000 	detected: Trace.TrackingCookie.stat.onestat!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252501632284058 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252728784979368 	detected: Trace.TrackingCookie.www.burstnet.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252867455305000 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1252885296962002 	detected: Trace.TrackingCookie.tag.contextweb.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253586509286000 	detected: Trace.TrackingCookie.visit.theglobeandmail.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253681022798000 	detected: Trace.TrackingCookie.stat.onestat!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253709868873000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253709873194002 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253800143915000 	detected: Trace.TrackingCookie.sales.liveperson.net!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253800144113000 	detected: Trace.TrackingCookie.sales.liveperson.net!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253800319562000 	detected: Trace.TrackingCookie.webtrends!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253800320024000 	detected: Trace.TrackingCookie.webtrends!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253928924225000 	detected: Trace.TrackingCookie.citi.bridgetrack!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253928924227000 	detected: Trace.TrackingCookie.citi.bridgetrack!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253928924227001 	detected: Trace.TrackingCookie.citi.bridgetrack!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253928924227002 	detected: Trace.TrackingCookie.citi.bridgetrack!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1253929707233001 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254021235013846 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254028886019845 	detected: Trace.TrackingCookie.dclk.themarker.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254028886096845 	detected: Trace.TrackingCookie.dclk.haaretz.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254028938450846 	detected: Trace.TrackingCookie.am1.activemeter.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254029127290845 	detected: Trace.TrackingCookie.www4.addfreestats.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075274127845 	detected: Trace.TrackingCookie.lvs.truehits.in.th!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075559959845 	detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075559961845 	detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075559961846 	detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075561045845 	detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254075561055845 	detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254084983447846 	detected: Trace.TrackingCookie.ad.zanox.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254188807845845 	detected: Trace.TrackingCookie.media!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254189104009845 	detected: Trace.TrackingCookie.tag.contextweb.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254280989141000 	detected: Trace.TrackingCookie.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254280989155000 	detected: Trace.TrackingCookie.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254281004282000 	detected: Trace.TrackingCookie.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254281016806000 	detected: Trace.TrackingCookie.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254282977916000 	detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254284022545001 	detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254284022545002 	detected: Trace.TrackingCookie.adbrite.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254284143063000 	detected: Trace.TrackingCookie.optimize.indieclick.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254377763942002 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254377763942003 	detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254405200677000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254405200688000 	detected: Trace.TrackingCookie.go.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533051158000 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533051159000 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533052127000 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533052128000 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533052129000 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533053168000 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533053169000 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533053169001 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533053957000 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533082686001 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533082686002 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533082686003 	detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533108976001 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533132122000 	detected: Trace.TrackingCookie.adserv!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533860258000 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533860264000 	detected: Trace.TrackingCookie.zedo.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533862476001 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254533862477001 	detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534003877000 	detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534004192000 	detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534004199000 	detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534072338000 	detected: Trace.TrackingCookie.click.cashengines.com!A2
C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\cookies.sqlite:1254534072340000 	detected: Trace.TrackingCookie.click.cashengines.com!A2

Scanned

Files: 	93357
Traces: 	543887
Cookies: 	2581
Processes: 	74

Found

Files: 	0
Traces: 	70
Cookies: 	158
Processes: 	2
Registry keys: 	0

Scan end:	10/2/2009 8:44:33 PM
Scan time:	0:44:21

[2384] C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe	Quarantined Trojan.Win32.Scar!IK
[2408] C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe	Quarantined Trojan.Win32.Scar!IK

Quarantined

Files: 	0
Traces: 	0
Cookies: 	0
.........

.........

************************************************************************************  
                                  ISeeYouXP v2.0 Beta 14  

                 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude 
                 ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan 
------------------------------------------------------------------------------------  
****  PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE  NOT  BADDIES!  **** 
  ****   PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION.   **** 
************************************************************************************  

Windows/Browser/Java Versions: 

Microsoftr Windows VistaT Home Basic 
Version:           6.0.6000
Service Pack:      0.0
Windows Directory: C:\Windows


Sun Microsystems Java Runtime 
Version: 1.6.0_01 

Boot State: Normal boot

Scan done at 23:23:09.22, Fri 10/02/2009 

------------------------------------------------------------------------------------  

ISeeYouXP installation folder and files 

"C:\ISeeYouXP\"
bootst~1.vbs  May 28 2007         359  "bootstate.vbs"
change.log    Jun  8 2008        5012  "change.log"
chodefix.bat  Apr 18 2007        5387  "chodefix.bat"
fixchode.reg  Apr 18 2007         528  "fixChode.reg"
fixexp~1.bat  Feb 24 2007         487  "FixExplorerPolicies.bat"
getunk~1.bat  Aug 12 2006        1478  "GetUnKeys.bat"
grep.exe      Dec 24 2004      160768  "grep.exe"
hideit.bat    Oct 17 2007        1072  "HideIT.bat"
ieinfo.vbs    May 28 2007         514  "ieinfo.vbs"
iesecu~1.bat  Oct 28 2007          72  "IESecurityZones.bat"
iesecu~1.vbs  Nov  8 2007        2399  "IESecurityZones.vbs"
iseeyo~1.bat  Jun  8 2008      211377  "ISeeYouXP.bat"
libico~1.dll  Mar 16 2004      898048  "libiconv2.dll"
libintl3.dll  Oct  9 2004      101888  "libintl3.dll"
locate.com    Jan 14 2005       11254  "locate.com"
md5sum.exe    Aug  5 2007       49152  "md5sum.exe"
msconf~1.bat  Feb 24 2007         578  "MSConfigFix.bat"
osinfo.vbs    May 28 2007         598  "osinfo.vbs"
pcbutts.txt   Mar 25 2007        5167  "PCBUTTS.TXT"
pcre.dll      Nov 14 2004      183313  "pcre.dll"
pv.exe        Mar  3 2006       73728  "pv.exe"
regedi~1.bat  Mar 30 2007         650  "RegEditFix.bat"
regfix.bat    Apr 18 2007         145  "Regfix.bat"
servic~1.vbs  May 28 2007         672  "servicesinfo.vbs"
showit.bat    Oct 17 2007        1013  "ShowIT.bat"
swreg.exe     Apr  5 2007      139776  "swreg.exe"
system~1.bat  Feb 28 2007         369  "SystemRestoreFix.bat"
taskmg~1.bat  Feb 24 2007         288  "TaskMgrFix.bat"

28 items found:  28 files, 0 directories.
  Total of file sizes:  1,856,092 bytes      1.77 M
              3 Dir(s)   3,623,321,600 bytes free

------------------------------------------------------------------------------------  

System Environment Variables  

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\MeEiLaH\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAMILLA-PC
ComSpec=C:\Windows\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\MeEiLaH
LOCALAPPDATA=C:\Users\MeEiLaH\AppData\Local
LOGONSERVER=\\JAMILLA-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\MeEiLaH\AppData\Local\Temp
TMP=C:\Users\MeEiLaH\AppData\Local\Temp
USERDOMAIN=Jamilla-PC
USERNAME=MeEiLaH
USERPROFILE=C:\Users\MeEiLaH
windir=C:\Windows

------------------------------------------------------------------------------------ 

Showing any Pocket Killbox backup files 

No matches found.

------------------------------------------------------------------------------------ 

Displaying BOOT.INI: 


------------------------------------------------------------------------------------ 

Displaying SYSTEM.INI: 

; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]

------------------------------------------------------------------------------------ 

Displaying WIN.INI: 

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
m2v=MPEGVideo
mod=MPEGVideo

------------------------------------------------------------------------------------ 

Displaying AUTOEXEC.BAT: 

REM Dummy file for NTVDM 
------------------------------------------------------------------------------------ 

Displaying CONFIG.SYS: 

FILES=40

------------------------------------------------------------------------------------ 

Displaying Running Processes: 

 PROCESS            PID  PRIO     PATH 
Dwm.exe              756 Normal   C:\Windows\system32\Dwm.exe 
Explorer.EXE         864 Normal   C:\Windows\Explorer.EXE 
SynTPEnh.exe        1308 Normal   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
RtHDVCpl.exe         972 Normal   C:\Windows\RtHDVCpl.exe 
hkcmd.exe           1080 Normal   C:\Windows\System32\hkcmd.exe 
igfxpers.exe        1856 Normal   C:\Windows\System32\igfxpers.exe 
eDSloader.exe       1944 Normal   C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 
QtZgAcer.EXE        2012 Normal   C:\Program Files\Launch Manager\QtZgAcer.EXE 
jusched.exe         1624 Normal   C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe 
wpcumi.exe           424 Normal   C:\Windows\System32\wpcumi.exe 
V0500Mon.exe        1040 Normal   C:\Windows\V0500Mon.exe 
iTunesHelper.exe      420 Normal   C:\Program Files\iTunes\iTunesHelper.exe 
GoogleToolbarNotifier.exe     1772 Normal   C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe 
RtkBtMnt.exe        2396 Normal   C:\Users\MeEiLaH\AppData\Local\Temp\RtkBtMnt.exe 
igfxext.exe         2448 Normal   C:\Windows\system32\igfxext.exe 
igfxsrvc.exe        2476 Normal   C:\Windows\system32\igfxsrvc.exe 
taskeng.exe          948 Normal   C:\Windows\system32\taskeng.exe 
unsecapp.exe         472 Normal   C:\Windows\system32\wbem\unsecapp.exe 
wuauclt.exe         5164 Normal   C:\Windows\system32\wuauclt.exe 
firefox.exe         5824 Normal   C:\Program Files\Mozilla Firefox\firefox.exe 
WINWORD.EXE          212 Normal   C:\Program Files\Microsoft Office\Office12\WINWORD.EXE 
a2free.exe          4036 Normal   C:\Program Files\a-squared Free\a2free.exe 
cmd.exe             5344 Normal   C:\Windows\system32\cmd.exe 
ntvdm.exe           5204 Normal   C:\Windows\system32\ntvdm.exe 
pv.exe              4608 Normal   C:\ISEEYO~1\pv.exe 

------------------------------------------------------------------------------------ 

Displaying Windows Services: 

Name:           AeLookupSvc
Display Name:   Application Experience
  Description: Processes application compatibility cache requests for applications as they are launched
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           AgereModemAudio
Display Name:   Agere Modem Call Progress Audio
  Description: 
  Path Name:   C:\Windows\system32\agrsmsvc.exe
  Start Mode:  Auto
  State:       Running

Name:           ALG
Display Name:   Application Layer Gateway Service
  Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
  Path Name:   C:\Windows\System32\alg.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Appinfo
Display Name:   Application Information
  Description: Facilitates the running of interactive applications with additional administrative privileges.  If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           Apple Mobile Device
Display Name:   Apple Mobile Device
  Description: Provides the interface to Apple mobile devices.
  Path Name:   "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
  Start Mode:  Auto
  State:       Running

Name:           AudioEndpointBuilder
Display Name:   Windows Audio Endpoint Builder
  Description: Manages audio devices for the Windows Audio service.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start
  Path Name:   C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           Audiosrv
Display Name:   Windows Audio
  Description: Manages audio for Windows-based programs.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start
  Path Name:   C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           Automatic LiveUpdate Scheduler
Display Name:   Automatic LiveUpdate Scheduler
  Description: Manages the scheduling of Automatic LiveUpdate sessions
  Path Name:   "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
  Start Mode:  Auto
  State:       Running

Name:           BFE
Display Name:   Base Filtering Engine
  Description: The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  Start Mode:  Auto
  State:       Running

Name:           BITS
Display Name:   Background Intelligent Transfer Service
  Description: Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
  Path Name:   C:\Windows\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Bonjour Service
Display Name:   Bonjour Service
  Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network.  Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.
  Path Name:   "C:\Program Files\Bonjour\mDNSResponder.exe"
  Start Mode:  Auto
  State:       Running

Name:           Browser
Display Name:   Computer Browser
  Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           ccEvtMgr
Display Name:   Symantec Event Manager
  Description: Event propagation and logging service
  Path Name:   "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
  Start Mode:  Auto
  State:       Running

Name:           ccSetMgr
Display Name:   Symantec Settings Manager
  Description: Settings storage and management service
  Path Name:   "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
  Start Mode:  Auto
  State:       Running

Name:           CertPropSvc
Display Name:   Certificate Propagation
  Description: Propagates certificates from smart cards.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           CLCapSvc
Display Name:   CyberLink Background Capture Service (CBCS)
  Description: Provides background buffering, recording and burning functionality for CyberLink Capturing
  Path Name:   "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe"
  Start Mode:  Auto
  State:       Running

Name:           clr_optimization_v2.0.50727_32
Display Name:   Microsoft .NET Framework NGEN v2.0.50727_X86
  Description: Microsoft .NET Framework NGEN
  Path Name:   C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  Start Mode:  Manual
  State:       Stopped

Name:           CLSched
Display Name:   CyberLink Task Scheduler (CTS)
  Description: Enables a user to configure and schedule a automated task for CyberLink Scheduling
  Path Name:   "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe"
  Start Mode:  Auto
  State:       Running

Name:           CLTNetCnService
Display Name:   Symantec Lic NetConnect service
  Description: Symantec Lic NetConnect Service
  Path Name:   "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
  Start Mode:  Auto
  State:       Running

Name:           comHost
Display Name:   COM Host
  Description: COM aggregation host service
  Path Name:   "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           COMSysApp
Display Name:   COM+ System Application
  Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
  Start Mode:  Manual
  State:       Stopped

Name:           CryptSvc
Display Name:   Cryptographic Services
  Description: Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k NetworkService
  Start Mode:  Auto
  State:       Running

Name:           CyberLink Media Library Service
Display Name:   CyberLink Media Library Service
  Description: 
  Path Name:   "C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe"
  Start Mode:  Auto
  State:       Running

Name:           DcomLaunch
Display Name:   DCOM Server Process Launcher
  Description: Provides launch functionality for DCOM services.
  Path Name:   C:\Windows\system32\svchost.exe -k DcomLaunch
  Start Mode:  Auto
  State:       Running

Name:           DFSR
Display Name:   DFS Replication
  Description: Replicates files among multiple PCs keeping them in sync. On Client, it is used to roam folders between PCs; on server, it is used to provide high availability and local access across a wide area network (WAN).  If the service is stopped, file replication does not occur, and the files on the server become out-of-date. If the service is disabled, any services that explicitly depend on it will not start.
  Path Name:   C:\Windows\system32\DFSR.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Dhcp
Display Name:   DHCP Client
  Description: Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           Dnscache
Display Name:   DNS Client
  Description: The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k NetworkService
  Start Mode:  Auto
  State:       Running

Name:           dot3svc
Display Name:   Wired AutoConfig
  Description: This service performs IEEE 802.1X authentication on Ethernet interfaces
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Manual
  State:       Stopped

Name:           DPS
Display Name:   Diagnostic Policy Service
  Description: The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components.  If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
  Start Mode:  Auto
  State:       Running

Name:           EapHost
Display Name:   Extensible Authentication Protocol
  Description: The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP).  EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process.  If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
  Path Name:   C:\Windows\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           eDataSecurity Service
Display Name:   eDataSecurity Service
  Description: eDataSecurity Service
  Path Name:   "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
  Start Mode:  Auto
  State:       Running

Name:           eLockService
Display Name:   eLock Service
  Description: Acer eLock Management Service
  Path Name:   C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
  Start Mode:  Auto
  State:       Running

Name:           EMDMgmt
Display Name:   ReadyBoost
  Description: Provides support for improving system performance using ReadyBoost.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           eNet Service
Display Name:   eNet Service
  Description: Acer eNet Management Service
  Path Name:   C:\Acer\Empowering Technology\eNet\eNet Service.exe
  Start Mode:  Auto
  State:       Running

Name:           eRecoveryService
Display Name:   eRecovery Service
  Description: Acer eRecovery Management
  Path Name:   C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
  Start Mode:  Auto
  State:       Running

Name:           eSettingsService
Display Name:   eSettings Service
  Description: Acer eSettings Management Service
  Path Name:   C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
  Start Mode:  Auto
  State:       Running

Name:           Eventlog
Display Name:   Windows Event Log
  Description: This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           EventSystem
Display Name:   COM+ Event System
  Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           fdPHost
Display Name:   Function Discovery Provider Host
  Description: Host process for Function Discovery providers.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           FDResPub
Display Name:   Function Discovery Resource Publication
  Description: Publishes this computer and resources attached to this computer so they can be discovered over the network.  If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           FontCache3.0.0.0
Display Name:   Windows Presentation Foundation Font Cache 3.0.0.0
  Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
  Path Name:   C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
  Start Mode:  Manual
  State:       Stopped

Name:           gpsvc
Display Name:   Group Policy Client
  Description: The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           gusvc
Display Name:   Google Updater Service
  Description: 
  Path Name:   "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           hidserv
Display Name:   Human Interface Device Access
  Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Manual
  State:       Stopped

Name:           hkmsvc
Display Name:   Health Key and Certificate Management
  Description: Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service
  Path Name:   C:\Windows\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           idsvc
Display Name:   Windows CardSpace
  Description: Securely enables the creation, management, and disclosure of digital identities.
  Path Name:   "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           IKEEXT
Display Name:   IKE and AuthIP IPsec Keying Modules
  Description: The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           IPBusEnum
Display Name:   PnP-X IP Bus Enumerator
  Description: The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Manual
  State:       Stopped

Name:           iphlpsvc
Display Name:   IP Helper
  Description: Provides automatic IPv6 connectivity over an IPv4 network.  If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network.
  Path Name:   C:\Windows\System32\svchost.exe -k NetSvcs
  Start Mode:  Auto
  State:       Running

Name:           iPod Service
Display Name:   iPod Service
  Description: iPod hardware management services
  Path Name:   "C:\Program Files\iPod\bin\iPodService.exe"
  Start Mode:  Manual
  State:       Running

Name:           Irmon
Display Name:   Infrared monitor service
  Description: Detects other Infrared devices that are in range and launches the file transfer application. Stopping the service will prevent file transfer from working
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           ISPwdSvc
Display Name:   Symantec IS Password Validation
  Description: User account management service
  Path Name:   "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           KeyIso
Display Name:   CNG Key Isolation
  Description: The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
  Path Name:   C:\Windows\system32\lsass.exe
  Start Mode:  Manual
  State:       Running

Name:           KtmRm
Display Name:   KtmRm for Distributed Transaction Coordinator
  Description: Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM).
  Path Name:   C:\Windows\System32\svchost.exe -k NetworkService
  Start Mode:  Auto
  State:       Running

Name:           LanmanServer
Display Name:   Server
  Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           LanmanWorkstation
Display Name:   Workstation
  Description: Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           LightScribeService
Display Name:   LightScribeService Direct Disc Labeling Service
  Description: Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.
  Path Name:   "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
  Start Mode:  Auto
  State:       Running

Name:           LiveUpdate
Display Name:   LiveUpdate
  Description: LiveUpdate Core Engine
  Path Name:   "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
  Start Mode:  Manual
  State:       Running

Name:           LiveUpdate Notice Ex
Display Name:   LiveUpdate Notice Service Ex
  Description: Manages Norton product notices.
  Path Name:   "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
  Start Mode:  Auto
  State:       Running

Name:           LiveUpdate Notice Service
Display Name:   LiveUpdate Notice Service
  Description: Manages Norton product notices
  Path Name:   "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
  Start Mode:  Auto
  State:       Stopped

Name:           lltdsvc
Display Name:   Link-Layer Topology Discovery Mapper
  Description: Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device.  If this service is disabled, the Network Map will not function properly.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           lmhosts
Display Name:   TCP/IP NetBIOS Helper
  Description: Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           Microsoft Office Groove Audit Service
Display Name:   Microsoft Office Groove Audit Service
  Description: 
  Path Name:   "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           MMCSS
Display Name:   Multimedia Class Scheduler
  Description: Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications.  If this service is stopped, individual tasks resort to their default priority.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           MobilityService
Display Name:   MobilityService
  Description: 
  Path Name:   C:\Acer\Mobility Center\MobilityService.exe -p
  Start Mode:  Auto
  State:       Running

Name:           MpsSvc
Display Name:   Windows Firewall
  Description: Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  Start Mode:  Auto
  State:       Running

Name:           MSDTC
Display Name:   Distributed Transaction Coordinator
  Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. 
  Path Name:   C:\Windows\System32\msdtc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           MSiSCSI
Display Name:   Microsoft iSCSI Initiator Service
  Description: Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           msiserver
Display Name:   Windows Installer
  Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\msiexec /V
  Start Mode:  Manual
  State:       Stopped

Name:           napagent
Display Name:   Network Access Protection Agent
  Description: Enables Network Access Protection (NAP) functionality on client computers
  Path Name:   C:\Windows\System32\svchost.exe -k NetworkService
  Start Mode:  Manual
  State:       Stopped

Name:           Netlogon
Display Name:   Netlogon
  Description: Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\lsass.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Netman
Display Name:   Network Connections
  Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Manual
  State:       Running

Name:           netprofm
Display Name:   Network List Service
  Description: Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           NetTcpPortSharing
Display Name:   Net.Tcp Port Sharing Service
  Description: Provides ability to share TCP ports over the net.tcp protocol.
  Path Name:   "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
  Start Mode:  Disabled
  State:       Stopped

Name:           NlaSvc
Display Name:   Network Location Awareness
  Description: Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\System32\svchost.exe -k NetworkService
  Start Mode:  Auto
  State:       Running

Name:           nsi
Display Name:   Network Store Interface Service
  Description: This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           odserv
Display Name:   Microsoft Office Diagnostics Service
  Description: Run portions of Microsoft Office Diagnostics.
  Path Name:   "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
  Start Mode:  Manual
  State:       Stopped

Name:           ose
Display Name:   Office Source Engine
  Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
  Path Name:   "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
  Start Mode:  Manual
  State:       Running

Name:           p2pimsvc
Display Name:   Peer Networking Identity Manager
  Description: Provides Identity service for Peer Networking
  Path Name:   C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Manual
  State:       Stopped

Name:           p2psvc
Display Name:   Peer Networking Grouping
  Description: Provides Peer Networking Grouping services
  Path Name:   C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Manual
  State:       Stopped

Name:           PcaSvc
Display Name:   Program Compatibility Assistant Service
  Description: Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           pla
Display Name:   Performance Logs & Alerts
  Description: Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
  Start Mode:  Manual
  State:       Stopped

Name:           PlugPlay
Display Name:   Plug and Play
  Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
  Path Name:   C:\Windows\system32\svchost.exe -k DcomLaunch
  Start Mode:  Auto
  State:       Running

Name:           PNRPAutoReg
Display Name:   PNRP Machine Name Publication Service
  Description: This service publishes a machine name using the Peer Name Resolution Protocol.  Configuration is managed via the netsh context 'p2p pnrp peer' 
  Path Name:   C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Manual
  State:       Stopped

Name:           PNRPsvc
Display Name:   Peer Name Resolution Protocol
  Description: Enables Serverless Peer Name Resolution over the Internet. If disabled, some Peer to Peer and Collaborative applications, such as Windows Meetings, may not function
  Path Name:   C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Manual
  State:       Stopped

Name:           PolicyAgent
Display Name:   IPsec Policy Agent
  Description: Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.  This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec".  If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec.  Also,remote management of Windows Firewall is not available when this service is stopped.
  Path Name:   C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           ProfSvc
Display Name:   User Profile Service
  Description: This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           ProtectedStorage
Display Name:   Protected Storage
  Description: Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users.
  Path Name:   C:\Windows\system32\lsass.exe
  Start Mode:  Manual
  State:       Running

Name:           QWAVE
Display Name:   Quality Windows Audio Video Experience
  Description: Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           RasAuto
Display Name:   Remote Access Auto Connection Manager
  Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           RasMan
Display Name:   Remote Access Connection Manager
  Description: Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           RemoteAccess
Display Name:   Routing and Remote Access
  Description: Offers routing services to businesses in local area and wide area network environments.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Disabled
  State:       Stopped

Name:           RemoteRegistry
Display Name:   Remote Registry
  Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k regsvc
  Start Mode:  Manual
  State:       Stopped

Name:           RichVideo
Display Name:   Cyberlink RichVideo Service(CRVS)
  Description: 
  Path Name:   "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
  Start Mode:  Auto
  State:       Running

Name:           RpcLocator
Display Name:   Remote Procedure Call (RPC) Locator
  Description: Manages the RPC name service database.
  Path Name:   C:\Windows\system32\locator.exe
  Start Mode:  Manual
  State:       Stopped

Name:           RpcSs
Display Name:   Remote Procedure Call (RPC)
  Description: Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly.
  Path Name:   C:\Windows\system32\svchost.exe -k rpcss
  Start Mode:  Auto
  State:       Running

Name:           SamSs
Display Name:   Security Accounts Manager
  Description: The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests.  Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
  Path Name:   C:\Windows\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           SCardSvr
Display Name:   Smart Card
  Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           Schedule
Display Name:   Task Scheduler
  Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SCPolicySvc
Display Name:   Smart Card Removal Policy
  Description: Allows the system to be configured to lock the user desktop upon smart card removal.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           SDRSVC
Display Name:   Windows Backup
  Description: Provides Windows Backup and Restore capabilities.
  Path Name:   C:\Windows\system32\svchost.exe -k SDRSVC
  Start Mode:  Manual
  State:       Stopped

Name:           seclogon
Display Name:   Secondary Logon
  Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SENS
Display Name:   System Event Notification Service
  Description: Monitors system events and notifies subscribers to COM+ Event System of these events.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SessionEnv
Display Name:   Terminal Services Configuration
  Description: Terminal Services Configuration service (TSCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, TS themes, and TS certificates.
  Path Name:   C:\Windows\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           SharedAccess
Display Name:   Internet Connection Sharing (ICS)
  Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
  Path Name:   C:\Windows\System32\svchost.exe -k netsvcs
  Start Mode:  Disabled
  State:       Stopped

Name:           ShellHWDetection
Display Name:   Shell Hardware Detection
  Description: Provides notifications for AutoPlay hardware events.
  Path Name:   C:\Windows\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           slsvc
Display Name:   Software Licensing
  Description: Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode.
  Path Name:   C:\Windows\system32\SLsvc.exe
  Start Mode:  Auto
  State:       Running

Name:           SLUINotify
Display Name:   SL UI Notification Service
  Description: Provides Software Licensing activation and notification
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           SNMPTRAP
Display Name:   SNMP Trap
  Description: Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\System32\snmptrap.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Spooler
Display Name:   Print Spooler
  Description: Loads files to memory for later printing
  Path Name:   C:\Windows\System32\spoolsv.exe
  Start Mode:  Auto
  State:       Running

Name:           SSDPSRV
Display Name:   SSDP Discovery
  Description: Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Running

Name:           stisvc
Display Name:   Windows Image Acquisition (WIA)
  Description: Provides image acquisition services for scanners and cameras
  Path Name:   C:\Windows\system32\svchost.exe -k imgsvc
  Start Mode:  Auto
  State:       Running

Name:           swprv
Display Name:   Microsoft Software Shadow Copy Provider
  Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\System32\svchost.exe -k swprv
  Start Mode:  Manual
  State:       Stopped

Name:           Symantec Core LC
Display Name:   Symantec Core LC
  Description: Symantec Core LC
  Path Name:   "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
  Start Mode:  Manual
  State:       Running

Name:           SymAppCore
Display Name:   Symantec AppCore Service
  Description: Symantec Application Service
  Path Name:   "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
  Start Mode:  Auto
  State:       Running

Name:           SysMain
Display Name:   Superfetch
  Description: Maintains and improves system performance over time.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           TabletInputService
Display Name:   Tablet PC Input Service
  Description: Enables Tablet PC pen and ink functionality
  Path Name:   C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           TapiSrv
Display Name:   Telephony
  Description: Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
  Path Name:   C:\Windows\System32\svchost.exe -k NetworkService
  Start Mode:  Manual
  State:       Running

Name:           TBS
Display Name:   TPM Base Services
  Description: Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications.  If this service is stopped or disabled, applications will be unable to use keys protected by the TPM.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           TermService
Display Name:   Terminal Services
  Description: Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service.  To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
  Path Name:   C:\Windows\System32\svchost.exe -k NetworkService
  Start Mode:  Auto
  State:       Running

Name:           Themes
Display Name:   Themes
  Description: Provides user experience theme management.
  Path Name:   C:\Windows\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           THREADORDER
Display Name:   Thread Ordering Server
  Description: Provides ordered execution for a group of threads within a specific period of time.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           TrkWks
Display Name:   Distributed Link Tracking Client
  Description: Maintains links between NTFS files within a computer or across computers in a network.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           TrustedInstaller
Display Name:   Windows Modules Installer
  Description: Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
  Path Name:   C:\Windows\servicing\TrustedInstaller.exe
  Start Mode:  Manual
  State:       Stopped

Name:           UI0Detect
Display Name:   Interactive Services Detection
  Description: Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there may no longer be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.
  Path Name:   C:\Windows\system32\UI0Detect.exe
  Start Mode:  Manual
  State:       Stopped

Name:           upnphost
Display Name:   UPnP Device Host
  Description: Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Running

Name:           UxSms
Display Name:   Desktop Window Manager Session Manager
  Description: Provides Desktop Window Manager startup and maintenance services
  Path Name:   C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           vds
Display Name:   Virtual Disk
  Description: Provides management services for disks, volumes, file systems, and, hardward array objects such as subsystems, luns, controllers, etc.
  Path Name:   C:\Windows\System32\vds.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Viewpoint Manager Service
Display Name:   Viewpoint Manager Service
  Description: Ensures Viewpoint 3D and Rich Media Technologies are up to date
  Path Name:   "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
  Start Mode:  Auto
  State:       Running

Name:           VSS
Display Name:   Volume Shadow Copy
  Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\vssvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           W32Time
Display Name:   Windows Time
  Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           wcncsvc
Display Name:   Windows Connect Now - Config Registrar
  Description: Act as a Registrar, issues network credential to Enrollee. If this service is disabled, the Windows Connect Now - Config Registrar will not function properly.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           WcsPlugInService
Display Name:   Windows Color System
  Description: The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering.
  Path Name:   C:\Windows\system32\svchost.exe -k wcssvc
  Start Mode:  Manual
  State:       Stopped

Name:           WdiServiceHost
Display Name:   Diagnostic Service Host
  Description: The Diagnostic Service Host service enables problem detection, troubleshooting and resolution for Windows components.  If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\System32\svchost.exe -k wdisvc
  Start Mode:  Manual
  State:       Stopped

Name:           WdiSystemHost
Display Name:   Diagnostic System Host
  Description: The Diagnostic System Host service enables problem detection, troubleshooting and resolution for Windows components.  If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Manual
  State:       Running

Name:           WebClient
Display Name:   WebClient
  Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           Wecsvc
Display Name:   Windows Event Collector
  Description: This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
  Path Name:   C:\Windows\system32\svchost.exe -k NetworkService
  Start Mode:  Manual
  State:       Stopped

Name:           wercplsupport
Display Name:   Problem Reports and Solutions Control Panel Support
  Description: This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
  Path Name:   C:\Windows\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           WerSvc
Display Name:   Windows Error Reporting Service
  Description: Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
  Path Name:   C:\Windows\System32\svchost.exe -k WerSvcGroup
  Start Mode:  Auto
  State:       Running

Name:           WinDefend
Display Name:   Windows Defender
  Description: Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions.
  Path Name:   C:\Windows\System32\svchost.exe -k secsvcs
  Start Mode:  Auto
  State:       Stopped

Name:           WinHttpAutoProxySvc
Display Name:   WinHTTP Web Proxy Auto-Discovery Service
  Description: WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           Winmgmt
Display Name:   Windows Management Instrumentation
  Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WinRM
Display Name:   Windows Remote Management (WS-Management)
  Description: Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine.  The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
  Path Name:   C:\Windows\System32\svchost.exe -k NetworkService
  Start Mode:  Manual
  State:       Stopped

Name:           Wlansvc
Display Name:   WLAN AutoConfig
  Description: This service enumerates WLAN adapters, manages WLAN connections and profiles.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           wmiApSrv
Display Name:   WMI Performance Adapter
  Description: Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
  Path Name:   C:\Windows\system32\wbem\WmiApSrv.exe
  Start Mode:  Manual
  State:       Stopped

Name:           WMIService
Display Name:   ePower Service
  Description: Acer ePower Management Service
  Path Name:   C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
  Start Mode:  Auto
  State:       Running

Name:           WMPNetworkSvc
Display Name:   Windows Media Player Network Sharing Service
  Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
  Path Name:   "C:\Program Files\Windows Media Player\wmpnetwk.exe"
  Start Mode:  Auto
  State:       Running

Name:           WPCSvc
Display Name:   Parental Controls
  Description: This service enables Windows Parental Controls on the system. If this service is not running, Parental controls will not work.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           WPDBusEnum
Display Name:   Portable Device Enumerator Service
  Description: Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           wscsvc
Display Name:   Security Center
  Description: Monitors system security settings and configurations.
  Path Name:   C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           WSearch
Display Name:   Windows Search
  Description: Provides content indexing and property caching for file, email and other content (via extensibility APIs).  The service responds to file and email notifications to index modified content.  If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search.
  Path Name:   C:\Windows\system32\SearchIndexer.exe /Embedding
  Start Mode:  Auto
  State:       Running

Name:           wuauserv
Display Name:   Windows Update
  Description: Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
  Path Name:   C:\Windows\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           wudfsvc
Display Name:   Windows Driver Foundation - User-mode Driver Framework
  Description: Manages user-mode driver host processes
  Path Name:   C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
  Start Mode:  Auto
  State:       Running

Name:           a2free
Display Name:   a-squared Free Service
  Description: Scans the PC for unwanted software and provides protection from malicious code
  Path Name:   "C:\Program Files\a-squared Free\a2service.exe"
  Start Mode:  Auto
  State:       Running


------------------------------------------------------------------------------------ 

Displaying LOG for Microsoft Windows Malicious Software Removal Tool: 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.28, April 2007
Started On Wed May 09 16:24:51 2007
->Sysclean WARNING: MemScanGetImagePathFromPid(1132) (Win32 Error Code: 0x00000005 (5):Access is denied.) [709]
->Sysclean WARNING: MemScanGetImagePathFromPid(2124) (Win32 Error Code: 0x00000057 (87):The parameter is incorrect.) [709]

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 09 16:25:49 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Fri May 11 22:19:54 2007
->Scan ERROR: resource process://pid:1136 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1136 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:5924 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5984 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6048 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1664 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 11 22:23:26 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Wed Jun 13 03:07:07 2007
->Scan ERROR: resource process://pid:1124 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1124 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000B (11))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 03:08:46 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.31, July 2007
Started On Wed Jul 11 03:09:31 2007
->Scan ERROR: resource process://pid:1112 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1112 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000B (11))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 11 03:11:02 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.32, August 2007
Started On Wed Aug 15 03:10:29 2007
->Scan ERROR: resource process://pid:1112 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1112 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000B (11))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 15 03:12:13 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
Started On Wed Sep 12 03:01:59 2007
->Scan ERROR: resource process://pid:1100 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1100 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000B (11))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 12 03:03:18 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.34, October 2007
Started On Thu Oct 11 03:07:15 2007
->Scan ERROR: resource process://pid:1100 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1100 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 11 03:08:48 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.35, November 2007
Started On Wed Nov 14 03:05:30 2007
->Scan ERROR: resource process://pid:1120 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1120 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 14 03:07:06 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
Started On Wed Dec 12 03:07:01 2007
->Scan ERROR: resource process://pid:1108 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1108 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 03:08:34 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.37, January 2008
Started On Thu Jan 10 03:08:55 2008
->Scan ERROR: resource process://pid:1100 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1100 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:3920 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:3920 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:2104 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:2104 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:5296 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:5296 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 03:10:46 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
Started On Wed Feb 13 07:56:49 2008
->Scan ERROR: resource process://pid:1108 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1108 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 07:58:40 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.39, March 2008
Started On Wed Mar 12 03:03:22 2008
->Scan ERROR: resource process://pid:1120 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1120 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 12 03:04:43 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Wed Apr 09 03:04:05 2008
->Scan ERROR: resource process://pid:1092 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1092 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 03:06:23 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.41, May 2008
Started On Sat May 17 06:22:21 2008
->Scan ERROR: resource process://pid:1104 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1104 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 17 06:25:55 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.42, June 2008
Started On Thu Jun 12 08:52:52 2008
->Scan ERROR: resource process://pid:1104 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1104 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 08:54:01 2008

---------------------------------------------------------------------------- 
   Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys 
       if Hidden = 0 then Hidden Files and Folders are not shown 
       if SuperHidden = 1 is the desired default value. 
       if ShowSuperHidden = 0 then System Files are not shown 
       if HideFileExt = 1 then File Extension are not shown 
   We want their values to be (from top to bottom) 1,1,1,0 
---------------------------------------------------------------------------- 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
  Hidden	REG_DWORD      	1 (0x1)
  SuperHidden	REG_DWORD      	1 (0x1)
  ShowSuperHidden	REG_DWORD      	1 (0x1)
  HideFileExt	REG_DWORD      	0 (0x0)

************************************************************************************  

Examining Select Windows Registry Keys 
------------------------------------------------------------------------------------ 

   -------------------------------------------------------------------------- 
       Items Found in ZoneMap\Domains: 
   -------------------------------------------------------------------------- 



Error: Key: software\microsoft\windows\currentversion\internet settings\zonemap\domains does not exist!


   ---------------------------------------------------------------------------- 
       Current User ZoneMap ProtocolDefaults 
   ---------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
  <NO NAME>	REG_SZ         	
  http	REG_DWORD      	3 (0x3)
  https	REG_DWORD      	3 (0x3)
  ftp	REG_DWORD      	3 (0x3)
  file	REG_DWORD      	3 (0x3)
  @ivt	REG_DWORD      	1 (0x1)
  shell	REG_DWORD      	0 (0x0)

   ---------------------------------------------------------------------------- 
           Default URL Prefix Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix
  <NO NAME>	REG_SZ         	http://

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes
  ftp	REG_SZ         	ftp://
  home	REG_SZ         	http://
  mosaic	REG_SZ         	http://
  www	REG_SZ         	http://

   -------------------------------------------------------------------------- 
           Startup Items Disabled via MSCONFIG: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
  path	REG_SZ         	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
  backup	REG_SZ         	C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
  location	REG_SZ         	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
  backupExtension	REG_SZ         	.CommonStartup
  command	REG_SZ         	C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE 
  item	REG_SZ         	Adobe Gamma Loader
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	1 (0x1)
  DAY	REG_DWORD      	21 (0x15)
  HOUR	REG_DWORD      	9 (0x9)
  MINUTE	REG_DWORD      	5 (0x5)
  SECOND	REG_DWORD      	16 (0x10)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
  path	REG_SZ         	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
  backup	REG_SZ         	C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
  location	REG_SZ         	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
  backupExtension	REG_SZ         	.CommonStartup
  command	REG_SZ         	C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE 
  item	REG_SZ         	Adobe Reader Speed Launch
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	6 (0x6)
  DAY	REG_DWORD      	29 (0x1d)
  HOUR	REG_DWORD      	20 (0x14)
  MINUTE	REG_DWORD      	24 (0x18)
  SECOND	REG_DWORD      	35 (0x23)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk
  path	REG_SZ         	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
  backup	REG_SZ         	C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
  location	REG_SZ         	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
  backupExtension	REG_SZ         	.CommonStartup
  command	REG_SZ         	C:\Acer\EMPOWE~1\EAPLAU~1.EXE 9999
  item	REG_SZ         	Empowering Technology Launcher
  YEAR	REG_DWORD      	2007 (0x7d7)
  MONTH	REG_DWORD      	5 (0x5)
  DAY	REG_DWORD      	13 (0xd)
  HOUR	REG_DWORD      	17 (0x11)
  MINUTE	REG_DWORD      	14 (0xe)
  SECOND	REG_DWORD      	8 (0x8)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MeEiLaH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk
  path	REG_SZ         	C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
  backup	REG_SZ         	C:\Windows\pss\LimeWire On Startup.lnk.Startup
  location	REG_SZ         	C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  backupExtension	REG_SZ         	.Startup
  command	REG_SZ         	C:\PROGRA~1\LimeWire\LimeWire.exe -startup
  item	REG_SZ         	LimeWire On Startup
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	1 (0x1)
  DAY	REG_DWORD      	21 (0x15)
  HOUR	REG_DWORD      	9 (0x9)
  MINUTE	REG_DWORD      	5 (0x5)
  SECOND	REG_DWORD      	17 (0x11)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MeEiLaH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^mypdfcreator.lnk
  path	REG_SZ         	C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mypdfcreator.lnk
  backup	REG_SZ         	C:\Windows\pss\mypdfcreator.lnk.Startup
  location	REG_SZ         	C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  backupExtension	REG_SZ         	.Startup
  command	REG_SZ         	C:\PROGRA~1\MYPDFC~1\PDFCRE~1.EXE 
  item	REG_SZ         	mypdfcreator
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	1 (0x1)
  DAY	REG_DWORD      	2 (0x2)
  HOUR	REG_DWORD      	19 (0x13)
  MINUTE	REG_DWORD      	34 (0x22)
  SECOND	REG_DWORD      	21 (0x15)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	Acer Assist Launcher
  hkey	REG_SZ         	HKLM
  command	REG_SZ         	C:\Program Files\Acer Assist\launcher.exe
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2007 (0x7d7)
  MONTH	REG_DWORD      	5 (0x5)
  DAY	REG_DWORD      	13 (0xd)
  HOUR	REG_DWORD      	17 (0x11)
  MINUTE	REG_DWORD      	14 (0xe)
  SECOND	REG_DWORD      	8 (0x8)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	Aim6
  hkey	REG_SZ         	HKCU
  command	REG_SZ         	"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	6 (0x6)
  DAY	REG_DWORD      	29 (0x1d)
  HOUR	REG_DWORD      	20 (0x14)
  MINUTE	REG_DWORD      	24 (0x18)
  SECOND	REG_DWORD      	36 (0x24)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	BitTorrent
  hkey	REG_SZ         	HKCU
  command	REG_SZ         	"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	4 (0x4)
  DAY	REG_DWORD      	7 (0x7)
  HOUR	REG_DWORD      	6 (0x6)
  MINUTE	REG_DWORD      	55 (0x37)
  SECOND	REG_DWORD      	39 (0x27)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	ccApp
  hkey	REG_SZ         	HKLM
  command	REG_SZ         	"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2007 (0x7d7)
  MONTH	REG_DWORD      	8 (0x8)
  DAY	REG_DWORD      	2 (0x2)
  HOUR	REG_DWORD      	19 (0x13)
  MINUTE	REG_DWORD      	34 (0x22)
  SECOND	REG_DWORD      	17 (0x11)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	GrooveMonitor
  hkey	REG_SZ         	HKLM
  command	REG_SZ         	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	6 (0x6)
  DAY	REG_DWORD      	29 (0x1d)
  HOUR	REG_DWORD      	20 (0x14)
  MINUTE	REG_DWORD      	24 (0x18)
  SECOND	REG_DWORD      	36 (0x24)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	iTunesHelper
  hkey	REG_SZ         	HKLM
  command	REG_SZ         	"C:\Program Files\iTunes\iTunesHelper.exe"
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	6 (0x6)
  DAY	REG_DWORD      	29 (0x1d)
  HOUR	REG_DWORD      	20 (0x14)
  MINUTE	REG_DWORD      	24 (0x18)
  SECOND	REG_DWORD      	36 (0x24)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	MySpaceIM
  hkey	REG_SZ         	HKCU
  command	REG_SZ         	C:\Program Files\MySpace\IM\MySpaceIM.exe
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2007 (0x7d7)
  MONTH	REG_DWORD      	8 (0x8)
  DAY	REG_DWORD      	27 (0x1b)
  HOUR	REG_DWORD      	20 (0x14)
  MINUTE	REG_DWORD      	33 (0x21)
  SECOND	REG_DWORD      	56 (0x38)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	PCMService
  hkey	REG_SZ         	HKLM
  command	REG_SZ         	"C:\Program Files\Acer\Acer Arcade\PCMService.exe"
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2007 (0x7d7)
  MONTH	REG_DWORD      	5 (0x5)
  DAY	REG_DWORD      	13 (0xd)
  HOUR	REG_DWORD      	17 (0x11)
  MINUTE	REG_DWORD      	14 (0xe)
  SECOND	REG_DWORD      	8 (0x8)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	Picasa Media Detector
  hkey	REG_SZ         	HKCU
  command	REG_SZ         	C:\Program Files\Picasa2\PicasaMediaDetector.exe
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	1 (0x1)
  DAY	REG_DWORD      	2 (0x2)
  HOUR	REG_DWORD      	19 (0x13)
  MINUTE	REG_DWORD      	34 (0x22)
  SECOND	REG_DWORD      	21 (0x15)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwPrintScreen.exe
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	pwPrintScreen.exe
  hkey	REG_SZ         	HKCU
  command	REG_SZ         	C:\Program Files\Powware\Powware Print Screen\pwPrintScreen.exe
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	4 (0x4)
  DAY	REG_DWORD      	7 (0x7)
  HOUR	REG_DWORD      	6 (0x6)
  MINUTE	REG_DWORD      	55 (0x37)
  SECOND	REG_DWORD      	39 (0x27)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	QuickTime Task
  hkey	REG_SZ         	HKLM
  command	REG_SZ         	"C:\Program Files\QuickTime\QTTask.exe" -atboottime
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	6 (0x6)
  DAY	REG_DWORD      	29 (0x1d)
  HOUR	REG_DWORD      	20 (0x14)
  MINUTE	REG_DWORD      	24 (0x18)
  SECOND	REG_DWORD      	36 (0x24)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	swg
  hkey	REG_SZ         	HKCU
  command	REG_SZ         	C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2008 (0x7d8)
  MONTH	REG_DWORD      	6 (0x6)
  DAY	REG_DWORD      	29 (0x1d)
  HOUR	REG_DWORD      	20 (0x14)
  MINUTE	REG_DWORD      	24 (0x18)
  SECOND	REG_DWORD      	36 (0x24)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	Symantec PIF AlertEng
  hkey	REG_SZ         	HKLM
  command	REG_SZ         	"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2007 (0x7d7)
  MONTH	REG_DWORD      	5 (0x5)
  DAY	REG_DWORD      	13 (0xd)
  HOUR	REG_DWORD      	17 (0x11)
  MINUTE	REG_DWORD      	14 (0xe)
  SECOND	REG_DWORD      	8 (0x8)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	TkBellExe
  hkey	REG_SZ         	HKLM
  command	REG_SZ         	"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2007 (0x7d7)
  MONTH	REG_DWORD      	8 (0x8)
  DAY	REG_DWORD      	12 (0xc)
  HOUR	REG_DWORD      	22 (0x16)
  MINUTE	REG_DWORD      	33 (0x21)
  SECOND	REG_DWORD      	33 (0x21)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	updateMgr
  hkey	REG_SZ         	HKCU
  command	REG_SZ         	C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2007 (0x7d7)
  MONTH	REG_DWORD      	10 (0xa)
  DAY	REG_DWORD      	14 (0xe)
  HOUR	REG_DWORD      	19 (0x13)
  MINUTE	REG_DWORD      	42 (0x2a)
  SECOND	REG_DWORD      	35 (0x23)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
  key	REG_SZ         	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  item	REG_SZ         	Yahoo! Pager
  hkey	REG_SZ         	HKCU
  command	REG_SZ         	"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
  inimapping	REG_SZ         	0
  YEAR	REG_DWORD      	2007 (0x7d7)
  MONTH	REG_DWORD      	8 (0x8)
  DAY	REG_DWORD      	27 (0x1b)
  HOUR	REG_DWORD      	20 (0x14)
  MINUTE	REG_DWORD      	33 (0x21)
  SECOND	REG_DWORD      	56 (0x38)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state
  startup	REG_DWORD      	2 (0x2)

   -------------------------------------------------------------------------- 
           Select AutoRun Registry Keys: 
   -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  swg	REG_SZ         	C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
  BitTorrent	REG_SZ         	"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
  inixs	REG_SZ         	C:\Windows\system32\minix32.exe


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
  Windows Defender	REG_EXPAND_SZ  	%ProgramFiles%\Windows Defender\MSASCui.exe -hide
  SynTPEnh	REG_SZ         	C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  RtHDVCpl	REG_SZ         	RtHDVCpl.exe
  IgfxTray	REG_SZ         	C:\Windows\system32\igfxtray.exe
  HotKeysCmds	REG_SZ         	C:\Windows\system32\hkcmd.exe
  Persistence	REG_SZ         	C:\Windows\system32\igfxpers.exe
  Acer Tour	REG_SZ         	
  eDataSecurity Loader	REG_SZ         	C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  SetPanel	REG_SZ         	
  LManager	REG_SZ         	C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
  Acer Product Registration	REG_SZ         	"C:\Program Files\Acer Registration\ACE1.exe" /startup
  eRecoveryService	REG_SZ         	
  SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  WPCUMI	REG_SZ         	C:\Windows\system32\WpcUmi.exe
  MSConfig	REG_SZ         	"C:\Windows\system32\msconfig.exe" /auto
  Symantec PIF AlertEng	REG_SZ         	"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  V0500Mon.exe	REG_SZ         	C:\Windows\V0500Mon.exe
  QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\QTTask.exe" -atboottime
  AppleSyncNotifier	REG_SZ         	C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
  iTunesHelper	REG_SZ         	"C:\Program Files\iTunes\iTunesHelper.exe"


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


Error: Key: software\microsoft\windows\currentversion\runonceex does not exist!



HKEY_USERS\.default\software\microsoft\windows\currentversion\run
  MySpaceIM	REG_SZ         	C:\Program Files\MySpace\IM\MySpaceIM.exe


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
  MySpaceIM	REG_SZ         	C:\Program Files\MySpace\IM\MySpaceIM.exe


Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist!


   -------------------------------------------------------------------------- 
           Shared Task Scheduler Registry Items: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {8C7461EF-2B13-11d2-BE35-3078302C2030}	REG_SZ         	Component Categories cache daemon

   -------------------------------------------------------------------------- 
           Scheduled Tasks: 
   -------------------------------------------------------------------------- 

Volume in drive C is ACER
Volume Serial Number is 1099-6666

Directory of C:\Windows\tasks

05/09/2007  05:22 PM    <DIR>          .
05/09/2007  05:22 PM    <DIR>          ..
09/28/2009  08:05 PM               550 Norton Internet Security - Run Full System Scan - MeEiLaH.job
09/26/2009  07:24 PM                 6 SA.DAT
09/26/2009  07:23 PM            32,620 SCHEDLGU.TXT
              3 File(s)         33,176 bytes

    Total Files Listed:
              3 File(s)         33,176 bytes
              2 Dir(s)   3,623,194,624 bytes free
A            C:\Windows\tasks\Norton Internet Security - Run Full System Scan - MeEiLaH.job
A   H        C:\Windows\tasks\SA.DAT
A            C:\Windows\tasks\SCHEDLGU.TXT

   ---------------------------------------------------------------------------- 
           ShellExecuteHooks Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
  {B5A7F190-DDA6-4420-B3BA-52453494E6CD}	REG_SZ         	Groove GFS Stub Execution Hook

   ---------------------------------------------------------------------------- 
           ShellServiceObjectDelayLoad Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
  WebCheck	REG_SZ         	{E6FB5E20-DE35-11CF-9C87-00AA005127ED}

   ---------------------------------------------------------------------------- 
           ModuleUsage Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/Windows/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe
  .Owner	REG_SZ         	{D27CDB6E-AE6D-11CF-96B8-444553540000}
  {D27CDB6E-AE6D-11CF-96B8-444553540000}	REG_SZ         	

   ---------------------------------------------------------------------------- 
           BHO Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\NoExplorer
  <NO NAME>	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}
  <NO NAME>	REG_SZ         	Yahoo! IE Suggest
  NoExplorer	REG_DWORD      	0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
  <NO NAME>	REG_SZ         	AOL Toolbar Launcher

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

    -------------------------------------------------------------------------- 
           Select Policy Keys: 
    -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
  LogonHoursAction	REG_DWORD      	2 (0x2)
  DontDisplayLogonHoursWarnings	REG_DWORD      	1 (0x1)


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
  ConsentPromptBehaviorAdmin	REG_DWORD      	2 (0x2)
  ConsentPromptBehaviorUser	REG_DWORD      	1 (0x1)
  EnableInstallerDetection	REG_DWORD      	1 (0x1)
  EnableLUA	REG_DWORD      	1 (0x1)
  EnableSecureUIAPaths	REG_DWORD      	1 (0x1)
  EnableVirtualization	REG_DWORD      	1 (0x1)
  PromptOnSecureDesktop	REG_DWORD      	1 (0x1)
  ValidateAdminCodeSignatures	REG_DWORD      	0 (0x0)
  dontdisplaylastusername	REG_DWORD      	0 (0x0)
  legalnoticecaption	REG_SZ         	
  legalnoticetext	REG_SZ         	
  scforceoption	REG_DWORD      	0 (0x0)
  shutdownwithoutlogon	REG_DWORD      	1 (0x1)
  undockwithoutlogon	REG_DWORD      	1 (0x1)
  FilterAdministratorToken	REG_DWORD      	0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI


Error: Key: .default\software\microsoft\windows\currentversion\policies does not exist!



Error: Key: s-1-5-18\software\microsoft\windows\currentversion\policies\explorer does not exist!


************************************************************************************ 

Checking File System for suspicious Files 

-------------------------------------------------------------------------- 
   Items in the Root Directory: 
-------------------------------------------------------------------------- 

   Locating all files created in C:\ 

"C:\"
$RECYCLE.BIN  Feb 13 2007              "$RECYCLE.BIN"
-20070~1.log  Jan 14 2007        3269  "-20070114.log"
ACER          Jan 14 2007              "Acer"
arcade.log    Jan 14 2007         166  "Arcade.log"
ARESTU~1      Jul 10 2007              "Ares Tube"
autoexec.bat  Sep 18 2006          24  "autoexec.bat"
BOOK          Jan 14 2007              "Book"
BOOT          Jan 14 2007              "Boot"
bootmgr       Nov  2 2006      438840  "bootmgr"
-20070~1.log  Jan 14 2007        3269  "-20070114.log"
ACER          Jan 14 2007              "Acer"
arcade.log    Jan 14 2007         166  "Arcade.log"
ARESTU~1      Jul 10 2007              "Ares Tube"
autoexec.bat  Sep 18 2006          24  "autoexec.bat"
BOOK          Jan 14 2007              "Book"
BOOT          Jan 14 2007              "Boot"
bootmgr       Nov  2 2006      438840  "bootmgr"
bootsect.bak  Jan 14 2007        8192  "BOOTSECT.BAK"
config.sys    Sep 18 2006          10  "config.sys"
DOCUME~1      Nov  2 2006              "Documents and Settings"
DRV           Jan 14 2007              "DRV"
hiberfil.sys  Sep 26 2009  2137182208  "hiberfil.sys"
HITRUS~1      Jun 28 2007              "HiTRUSTDrive"
INTEL         Jan 14 2007              "Intel"
iph.ph        Jun 17 2008        1571  "IPH.PH"
ISEEYO~1      Oct  2 2009              "ISeeYouXP"
MSOCACHE      May  9 2007              "MSOCache"
pagefile.sys  Sep 26 2009  2451111936  "pagefile.sys"
POLLMA~1      May 14 2007              "PollManager"
PROGRA~1      Nov  2 2006              "Program Files"
PROGRA~2      Nov  2 2006              "ProgramData"
rhdsetup.log  Jan 14 2007         284  "RHDSetup.log"
setup.log     Jan 14 2007         178  "setup.log"
SYSTEM~1      Jan 14 2007              "System Volume Information"
USERS         Nov  2 2006              "Users"
WINDOWS       Nov  2 2006              "Windows"
yserver.txt   Jun  6 2007         152  "YServer.txt"

37 items found:  16 files (6 H/S), 21 directories (7 H/S).
  Total of file sizes:  4,589,189,129 bytes      4.27 G

-------------------------------------------------------------------------- 
   Locating all Backup files on C: 
-------------------------------------------------------------------------- 

   Locating all *.BAK* files 

"C:\"
bootsect.bak  Jan 14 2007        8192  "BOOTSECT.BAK"

"C:\ProgramData\Symantec\Common Client\"
settings.bak  Sep 26 2009    32411716  "settings.bak"

"C:\ProgramData\Symantec\IDS\"
idssettg.bak  Jul 20 2009        5860  "IDSSettg.BAK"

"C:\ProgramData\Symantec\SymNetDrv\"
firewall.bak  Feb 11 2009       57964  "Firewall.BAK"
persist.bak   Sep 26 2009       14836  "Persist.BAK"

"C:\Windows\Debug\UserMode\"
chkacc.bak    Sep 26 2009           0  "ChkAcc.bak"

"C:\ProgramData\Microsoft\OFFICE\DATA\"
opa12.bak     Oct 17 2002        8200  "OPA12.BAK"

"C:\Users\All Users\Symantec\Common Client\"
settings.bak  Sep 26 2009    32411716  "settings.bak"

"C:\Users\All Users\Symantec\IDS\"
idssettg.bak  Jul 20 2009        5860  "IDSSettg.BAK"

"C:\Users\All Users\Symantec\SymNetDrv\"
firewall.bak  Feb 11 2009       57964  "Firewall.BAK"
persist.bak   Sep 26 2009       14836  "Persist.BAK"

"C:\Users\All Users\Microsoft\OFFICE\DATA\"
opa12.bak     Oct 17 2002        8200  "OPA12.BAK"

"C:\Users\MeEiLaH\AppData\Roaming\LimeWire\"
fileurns.bak  Jan 11 2008         704  "fileurns.bak"

"C:\Users\MeEiLaH\Documents\LimeWire\Incomplete\"
downlo~1.bak  Jun 13 2009        7944  "downloads.bak"

"C:\Users\MeEiLaH\AppData\Local\Microsoft\Internet Explorer\"
brndlog.bak   Apr 17 2009       12765  "brndlog.bak"

"C:\Users\MeEiLaH\AppData\Local\Microsoft Games\Hearts\"
hearts~1.bak  Jul 11 2007      103098  "HeartsSettings.xml.bak"
window~1.bak  Jul 11 2007         522  "windowprefs.xml.bak"

"C:\Users\MeEiLaH\AppData\Local\Microsoft Games\Minesweeper\"
minesw~1.bak  Jul 26 2007      124813  "MinesweeperSettings.xml.bak"
window~1.bak  Jun 16 2007         522  "windowprefs.xml.bak"

"C:\Users\MeEiLaH\AppData\Local\Microsoft Games\Purble Place\"
comfyc~1.bak  Aug  8 2007      118903  "ComfyCakesScoresAndSettings.xml.bak"
concen~1.bak  Jun 16 2007       97701  "ConcentrationScoresAndSettings.xml.bak"
purble~1.bak  Jul 12 2007       93561  "PurbleShopScoresAndSettings.xml.bak"
purble~2.bak  Aug  8 2007      111913  "PurblePlaceSettings.xml.bak"
window~1.bak  Aug  8 2007         522  "windowprefs.xml.bak"

"C:\Users\MeEiLaH\AppData\Local\Microsoft Games\Solitaire\"
solita~1.bak  Jul 24 2007       96505  "SolitaireSettings.xml.bak"
window~1.bak  Jul 24 2007         522  "windowprefs.xml.bak"

"C:\Users\MeEiLaH\AppData\Roaming\LimeWire\.AppSpecialShare\"
winzip~1.bak  Mar 11 2008        3315  "WinZip v.11.1 With Keygen.torrent.bak"

"C:\Users\MeEiLaH\AppData\Roaming\Mozilla\Firefox\Profiles\9iofit85.default\"
bookma~1.bak  Aug  2 2008      351611  "bookmarks.bak"
sessio~1.bak  Sep 27 2009       59856  "sessionstore.bak"

29 items found:  29 files (1 H/S), 0 directories.
  Total of file sizes:  66,190,121 bytes     63.12 M

-------------------------------------------------------------------------- 
   Locating all copies of Internet Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\Program Files\Internet Explorer\"
iexplore.exe  Jul 18 2009      634648  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\"
iexplore.exe  Jul 18 2009      634648  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\"
iexplore.exe  Mar  2 2009      636072  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16512_none_2d72f0251cde4150\"
iexplore.exe  Aug 15 2007      625152  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\"
iexplore.exe  Mar  2 2009      636072  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20627_none_2df6be7635ff7bbe\"
iexplore.exe  Aug 15 2007      625152  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\"
iexplore.exe  Mar  2 2009      636072  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\"
iexplore.exe  Oct 15 2008      634024  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\"
iexplore.exe  Mar  2 2009      636072  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\"
iexplore.exe  Apr 24 2009      634648  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\"
iexplore.exe  Jul 18 2009      634648  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\"
iexplore.exe  Jan 14 2009      634024  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\"
iexplore.exe  Oct  1 2008      633632  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\"
iexplore.exe  Jun 26 2008      625664  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\"
iexplore.exe  Apr 24 2008      625664  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\"
iexplore.exe  Apr 24 2009      634648  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16575_none_2d35117b1d0c34fb\"
iexplore.exe  Dec 12 2007      625152  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\"
iexplore.exe  Feb 21 2008      625664  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\"
iexplore.exe  Feb 20 2008      625664  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16546_none_2d5681891cf2fa7f\"
iexplore.exe  Oct 11 2007      625152  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\"
iexplore.exe  Feb 13 2008      625664  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\"
iexplore.exe  Jan 14 2009      634024  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\"
iexplore.exe  Jul 18 2009      634648  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\"
iexplore.exe  Apr 24 2009      634632  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20697_none_2dab0f0236383f55\"
iexplore.exe  Dec 12 2007      625664  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\"
iexplore.exe  Apr 24 2009      634648  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20734_none_2de8ef92360a48d1\"
iexplore.exe  Feb 13 2008      625664  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\"
iexplore.exe  Nov  2 2006      623616  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\"
iexplore.exe  Oct 15 2008      634024  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16473_none_2d330f011d0e0526\"
iexplore.exe  Jun 13 2007      625152  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\"
iexplore.exe  Jun 26 2008      625664  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\"
iexplore.exe  Oct  1 2008      633632  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\"
iexplore.exe  Apr 24 2008      625664  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20583_none_2db1dbe03633c0e1\"
iexplore.exe  Jun 13 2007      625152  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\"
iexplore.exe  Jul 18 2009      634648  "iexplore.exe"

"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20663_none_2dc77d9e36238626\"
iexplore.exe  Oct 11 2007      625152  "iexplore.exe"

"C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\"
iexplore.exe  Jan 19 2008      625664  "iexplore.exe"

37 items found:  37 files, 0 directories.
  Total of file sizes:  23,315,784 bytes     22.23 M

-------------------------------------------------------------------------- 
   Locating all copies of beep.sy_ on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

No matches found.

-------------------------------------------------------------------------- 
   Locating all copies of beep.sys on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\Windows\System32\drivers\"
beep.sys      Nov  2 2006        6144  "beep.sys"

"C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\"
beep.sys      Nov  2 2006        6144  "beep.sys"

"C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\"
beep.sys      Jan 18 2008        6144  "beep.sys"

3 items found:  3 files, 0 directories.
  Total of file sizes:  18,432 bytes     18.00 K

-------------------------------------------------------------------------- 
   Locating all copies of Windows Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Windows Explorer 

"C:\Windows\"
explorer.exe  Oct 28 2008     2923520  "explorer.exe"

"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\"
explorer.exe  Nov 14 2007     2923520  "explorer.exe"

"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\"
explorer.exe  Oct 27 2008     2923520  "explorer.exe"

"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\"
explorer.exe  Nov  2 2006     2923520  "explorer.exe"

"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\"
explorer.exe  Oct 28 2008     2927104  "explorer.exe"

"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\"
explorer.exe  Nov 14 2007     2923520  "explorer.exe"

"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\"
explorer.exe  Oct 28 2008     2923520  "explorer.exe"

"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\"
explorer.exe  Oct 29 2008     2927616  "explorer.exe"

"C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\"
explorer.exe  Jan 19 2008     2927104  "explorer.exe"

9 items found:  9 files, 0 directories.
  Total of file sizes:  26,322,944 bytes     25.10 M

--------------------------------------------------------------------------
   Items in C:\Users: 
--------------------------------------------------------------------------

    Listing contents of C:\Users 

"C:\Users\"
ALLUSE~1      Nov  2 2006              "All Users"
DEFAULT       Nov  2 2006              "Default"
DEFAUL~1      Nov  2 2006              "Default User"
desktop.ini   Dec 10 2008         174  "desktop.ini"
MEEILAH       May  8 2007              "MeEiLaH"
PUBLIC        Nov  2 2006              "Public"

6 items found:  1 file (1 H/S), 5 directories (3 H/S).
  Total of file sizes:  174 bytes      0.17 K

    --------------------------------------------------------------------------
           Items in C:\Users\MeEiLaH\AppData: 
    --------------------------------------------------------------------------

    Listing contents of C:\Users\MeEiLaH\AppData 

No matches found.

    --------------------------------------------------------------------------
           Desktop Items: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Users\MeEiLaH\Desktop within the last 90 days. 

"C:\Users\MeEiLaH\Desktop\"
a2hija~1.exe  Oct  2 2009     1760112  "a2HiJackFreeSetup.exe"
atf-cl~1.exe  Oct  2 2009       50688  "ATF-Cleaner.exe"
atf_cl~1.htm  Oct  2 2009       57484  "ATF_Cleaner_d4949.html"
downlo~1.htm  Oct  2 2009       57400  "download4709.html"
explor~1.exe  Oct  2 2009      420137  "explorerxpsetup.exe"
explor~1.htm  Oct  2 2009       57709  "ExplorerXP_d4201.html"
explor~1.lnk  Oct  2 2009        1706  "ExplorerXP.lnk"
iseeyo~1.exe  Oct  2 2009     1106604  "ISeeYouXP.exe"
iseeyo~1.lnk  Oct  2 2009         574  "ISeeYouXP.lnk"
object~1.lnk  Sep 13 2009        1690  "Object Fix Zip.lnk"
silver~1.exe  Jul 30 2009     4928376  "Silverlight.exe"
virusr~1.doc  Oct  2 2009       86016  "virus removal instructions.doc"
~$rusr~1.doc  Oct  2 2009         162  "~$rus removal instructions.doc"

13 items found:  13 files (1 H/S), 0 directories.
  Total of file sizes:  8,528,658 bytes      8.13 M

   Locating all files created in C:\Users\Public\Desktop within the last 90 days. 

"C:\Users\Public\Desktop\"
a-squa~1.lnk  Oct  2 2009         774  "a-squared Free.lnk"
a-squa~2.lnk  Oct  2 2009         836  "a-squared HiJackFree.lnk"

2 items found:  2 files, 0 directories.
  Total of file sizes:  1,610 bytes      1.57 K

    --------------------------------------------------------------------------
           Start Menu Items: 
    --------------------------------------------------------------------------

   Locating all files created in "C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Start Menu" within the last 90 days. 

No matches found.

   Locating all files created in "C:\ProgramData\Microsoft\Windows\Start Menu" within the last 90 days. 

"C:\ProgramData\Microsoft\Windows\Start Menu\"
desktop.ini   Oct  1 2009         442  "desktop.ini"
window~1.lnk  Oct  1 2009        1661  "Windows Update.lnk"

2 items found:  2 files (1 H/S), 0 directories.
  Total of file sizes:  2,103 bytes      2.05 K

    --------------------------------------------------------------------------
           C:\Users\MeEiLaH\AppData\Local\Temp : 
    --------------------------------------------------------------------------

   Locating all files created in C:\Users\MeEiLaH\AppData\Local\Temp within the last 90 days. 

"C:\Users\MeEiLaH\AppData\Local\Temp\"
5201sc~1.pdf  Sep  2 2009        5080  "5201 Scoring Sheet _T & E Eval Guide 9-01-02.pdf"
acvolt~1.pdf  Sep 13 2009      878745  "ACVoltage.pdf"
ac_mac~1.pdf  Sep 13 2009     1166486  "AC_Machines.pdf"
amarpa~1.doc  Aug  2 2009       59904  "AmarPaSingh-Resume[1].doc"
cec_2007.pdf  Aug  8 2009     2296905  "CEC_2007.pdf"
cec_20~1.pdf  Sep 13 2009     2296905  "CEC_2007-1.pdf"
chapt3~1.pdf  Sep 13 2009      682498  "Chapt34_000.pdf"
chapte~1.pdf  Sep 13 2009      863612  "Chapter 43-Meas Inst.pdf"
coverl~1.doc  Sep 27 2009       26112  "Cover letter.doc"
dcvolt~1.pdf  Sep 13 2009      128774  "DCVoltage.pdf"
dc_mac~1.pdf  Sep 13 2009      699256  "DC_Machines.pdf"
demand~1.pdf  Sep 13 2009      181886  "Demand and Energy Management Calculations.pdf"
EDATAS~1      Oct  2 2009              "eDatasecurity"
et0d62~1      Aug 26 2009        1024  "etilqs_zWHc1e2bqkYCIsvmscFe"
et0e5a~1      Aug 28 2009           0  "etilqs_I5sEkCYfmZx4Hvvn7PvF"
et0f99~1      Aug  8 2009           0  "etilqs_LOWVnoyTxlfUmlEEgYjN"
et14b4~1      Jul 28 2009           0  "etilqs_sXpSu6UzSlFcOoE8E4V9"
et1ec6~1      Aug 13 2009           0  "etilqs_fUfaiMeS2OOLCH8fKOLy"
et1f0e~1      Jul 29 2009         516  "etilqs_1gzsiZZmMiBFrP2o6FX8"
et21a2~1      Aug 24 2009           0  "etilqs_OmwsDQeC2j8aUcOn7vU9"
et23ab~1      Aug 13 2009           0  "etilqs_AsRB0o3akFJ4PE5oNnbb"
et2434~1      Jul 10 2009        1024  "etilqs_caFtkKAThZ1IReNUPiBB"
et261c~1      Aug 26 2009        1544  "etilqs_UC2jXhQOqJzsZLxU8tcY"
et293e~1      Jul 31 2009           0  "etilqs_hsIgqXawgClDVflfImes"
et4958~1      Sep  6 2009        1024  "etilqs_LRI8CopsYDLj8fa3v4Oq"
et5d45~1      Sep 26 2009           0  "etilqs_3VUIulGL8vqi7Pn0yEiN"
et7341~1      Jul 24 2009       28704  "etilqs_dF1U1PZkpZJYsdvCCGpK"
et763b~1      Sep  6 2009        1544  "etilqs_y8qvsI6zcMizOM9iAGBi"
et7c24~1      Aug  5 2009        1024  "etilqs_8JJSmtCyidswTGKWJgyT"
et8105~1      Jul 23 2009       28704  "etilqs_1RTvWr57R8fqpIFMxDNf"
et83b7~1      Aug 10 2009           0  "etilqs_fc3EWohuBJ7It5tQWoah"
et895f~1      Sep  2 2009           0  "etilqs_wfek620g6395hKNoTI4w"
et8c87~1      Oct  2 2009           0  "etilqs_VKyz1oKrfs5emERoC9Jb"
et964a~1      Sep  8 2009           0  "etilqs_ptfDMgD6WlVuwj1RsXl9"
et967a~1      Aug 16 2009           0  "etilqs_dc58ImPHMEXOqyLVyfTW"
et9742~1      Aug 20 2009           0  "etilqs_0FVQq1xJjgTAvGl0seYC"
et9d51~1      Jul 10 2009        1544  "etilqs_X0xMiXM430XAvY2jv0JA"
eta350~1      Aug  5 2009        1544  "etilqs_n84oNwhprSGkYlgpYt8I"
eta673~1      Jul 15 2009       28704  "etilqs_5jbr6OkUF5WYquDfuF0y"
etad39~1      Jul 29 2009           0  "etilqs_CbbbGvcf902F77xRCoYW"
etc73c~1      Jul 15 2009       28704  "etilqs_4ht4czhmTlDBcgQKNYhV"
etcf0b~1      Jul  8 2009       36900  "etilqs_qbfHQcwNHpeXYrswidCz"
etd45d~1      Sep 11 2009           0  "etilqs_zgwClT2e2jpf4snwIJeY"
etd588~1      Sep  9 2009           0  "etilqs_PgcS0mHeT3ryPvngPYIu"
etdbec~1      Aug  4 2009           0  "etilqs_oKd52jZzjgsvD29yhQfx"
etde72~1      Aug  8 2009         516  "etilqs_eJjTqsGVg665narHiOft"
etdfaa~1      Aug  8 2009           0  "etilqs_fD0pYyYsduPYL5UFlDl1"
ete94d~1      Jul 18 2009       36900  "etilqs_o841heGbF39p9C4h3Pyz"
etea6c~1      Jul 19 2009       28704  "etilqs_5AUj0vdErkiNwgczYGWm"
etf11a~1      Aug 19 2009           0  "etilqs_O6vdsGcK7taJReiP1xeF"
etf567~1      Jul 16 2009       12304  "etilqs_mYbQGIgKzd5fYQgrDIW1"
etfc29~1      Aug  8 2009           0  "etilqs_QrHwhlqlUcNai5jmBvlh"
etfd98~1      Aug 29 2009           0  "etilqs_IBo6Aenay0JuGySwh1XR"
flyerc~1.png  Sep 13 2009       90331  "FLYER copy56.png"
homewo~1.doc  Sep 13 2009       83456  "Homework.Professional_Engineeing_Institute.doc"
image005.jpg  Sep 13 2009       83481  "image005.jpg"
inourt~1.ram  Sep 16 2009         156  "inourtime_20070517.ram"
inv_23~1.pdf  Jul 12 2009       67605  "Inv_2345_from_Irvine_Instit.pdf"
inv_23~2.pdf  Jul 15 2009       71142  "Inv_2344_from_Irvine_Instit.pdf"
is3741~1.doc  Sep 18 2009      246784  "IS 3741_BLOG ENTRY 1 revised FINAL.doc"
lightn~1.pdf  Sep 13 2009      903619  "Lightning.pdf"
linear~1.pdf  Sep 13 2009      760252  "LinearCirAnalysis.pdf"
math_p~1.pdf  Sep 13 2009     1031451  "MATH_Part1.pdf"
math_p~2.pdf  Sep 13 2009     1113249  "MATH_Part2.pdf"
math_p~3.pdf  Sep 13 2009      258100  "MATH_Part3.pdf"
nec_re~1.pdf  Sep 13 2009      779433  "NEC_Review.pdf"
resume-2.doc  Aug  1 2009       40448  "RESUME-2.doc"
resume-3.doc  Sep 27 2009       30208  "Resume-3.doc"
resume~1.doc  Aug  1 2009       15038  "Resume Coverletter.docx"
short_~1.pdf  Sep 13 2009      768822  "Short_Circuit.pdf"
transf~1.pdf  Aug  8 2009      690774  "Transformers.pdf"
transf~2.pdf  Aug  8 2009      690774  "Transformers-1.pdf"
transf~3.pdf  Sep 13 2009      690774  "Transformers-2.pdf"
transf~4.pdf  Sep 13 2009      690774  "Transformers-3.pdf"
transl~1.pdf  Sep 13 2009      976164  "TransLines.pdf"
~df54ac.tmp   Oct  2 2009         512  "~DF54AC.tmp"

76 items found:  75 files (40 H/S), 1 directory.
  Total of file sizes:  19,610,438 bytes     18.70 M

    --------------------------------------------------------------------------
           Items in Templates Folder: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Users\MeEiLaH\AppData\Roaming\Microsoft\Windows\Templates 

No matches found.

--------------------------------------------------------------------------
           Items in Program Files: 
--------------------------------------------------------------------------

   Locating all files created in C:\Program Files\ within the last 90 days. 

"C:\Program Files\"
A-SQUA~1      Oct  2 2009              "a-squared Free"
A-SQUA~2      Oct  2 2009              "a-squared HiJackFree"
A-SQUA~1      Oct  2 2009              "a-squared Free"
A-SQUA~2      Oct  2 2009              "a-squared HiJackFree"
EXPLOR~1      Oct  2 2009              "ExplorerXP"
MI2020~1      Jul 30 2009              "Microsoft Silverlight"
OBJECT~1      Sep 13 2009              "Object Fix Zip"
WINDOW~1      Oct  2 2009              "Windows Mail"

8 items found:  0 files, 8 directories.

   Locating all files created in C:\Program Files\Common Files\ within the last 90 days. 

No matches found.

   Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days. 

No matches found.

--------------------------------------------------------------------------
           Items in the Windows Directory: 
--------------------------------------------------------------------------

    Locating all files created in C:\Windows\ within the last 90 days.  

"C:\Windows\"
bootstat.dat  Oct  1 2009       67584  "bootstat.dat"
ocsetu~2.dpx  Aug 15 2009       65536  "ocsetup_cbs_install_NetFx3.dpx"
ocsetu~2.etl  Aug 15 2009    43712512  "ocsetup_install_NetFx3.etl"
ocsetu~2.per  Aug 15 2009      131072  "ocsetup_cbs_install_NetFx3.perf"
window~1.log  Oct  1 2009     1235909  "WindowsUpdate.log"

5 items found:  5 files (1 H/S), 0 directories.
  Total of file sizes:  45,212,613 bytes     43.12 M

    --------------------------------------------------------------------------
           C:\Windows\Downloaded Program Files: 
    --------------------------------------------------------------------------

    Locating all files created in C:\Windows\Downloaded Program Files\ within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\Windows\system: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Windows\system within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\Windows\system32: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Windows\system32 within the last 90 days.  

"C:\Windows\System32\"
7b296f~1.c74  Oct  2 2009        3072  "7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0"
7b296f~1.c74  Oct  2 2009        3072  "7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0"
7b296f~2.c74  Oct  2 2009        3072  "7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0"
admparse.dll  Jul 18 2009       72704  "admparse.dll"
advpack.dll   Jul 18 2009      124928  "advpack.dll"
amcompat.tlb  Jul 14 2009       18432  "amcompat.tlb"
apphlpdm.dll  Aug 28 2009       28672  "Apphlpdm.dll"
arp.exe       Aug 14 2009       19968  "ARP.EXE"
atl.dll       Jul 17 2009       71680  "atl.dll"
dxmasf.dll    Jul 14 2009        4096  "dxmasf.dll"
dxtmsft.dll   Jul 18 2009      347136  "dxtmsft.dll"
dxtrans.dll   Jul 18 2009      214528  "dxtrans.dll"
finger.exe    Aug 14 2009       10240  "finger.exe"
fntcache.dat  Jul 15 2009      371376  "FNTCACHE.DAT"
gameux.dll    Aug 28 2009     1686528  "gameux.dll"
hostname.exe  Aug 14 2009        8704  "HOSTNAME.EXE"
html.iec      Jul 18 2009      389120  "html.iec"
icardie.dll   Jul 18 2009       63488  "icardie.dll"
ie4uinit.exe  Jul 18 2009       70656  "ie4uinit.exe"
ieaksie.dll   Jul 18 2009      230400  "ieaksie.dll"
ieakui.dll    Jul 18 2009      161792  "ieakui.dll"
ieapfltr.dll  Jul 18 2009      380928  "ieapfltr.dll"
iedkcs32.dll  Jul 18 2009      385024  "iedkcs32.dll"
ieencode.dll  Jul 18 2009       78336  "ieencode.dll"
ieframe.dll   Jul 18 2009     6067200  "ieframe.dll"
iernonce.dll  Jul 18 2009       44544  "iernonce.dll"
iertutil.dll  Jul 18 2009      268288  "iertutil.dll"
iesetup.dll   Jul 18 2009       56320  "iesetup.dll"
ieui.dll      Jul 18 2009      180736  "ieui.dll"
ieunatt.exe   Jul 18 2009       26624  "ieUnatt.exe"
inetcpl.cpl   Jul 18 2009     1830912  "inetcpl.cpl"
jsproxy.dll   Jul 18 2009       27648  "jsproxy.dll"
l2sechc.dll   Jul 11 2009      123904  "L2SecHC.dll"
mrinfo.exe    Aug 14 2009       11264  "MRINFO.EXE"
msdxm.ocx     Jul 14 2009        4096  "msdxm.ocx"
msdxm.tlb     Jul 14 2009       43520  "msdxm.tlb"
msfeeds.dll   Jul 18 2009      459264  "msfeeds.dll"
mshtml.dll    Jul 18 2009     3597824  "mshtml.dll"
mshtml.tlb    Jul 18 2009     1383424  "mshtml.tlb"
mshtmled.dll  Jul 18 2009      477696  "mshtmled.dll"
mshtmler.dll  Jul 18 2009       48128  "mshtmler.dll"
mstime.dll    Jul 18 2009      671232  "mstime.dll"
netevent.dll  Aug 14 2009       15360  "netevent.dll"
netiohlp.dll  Aug 14 2009      103936  "netiohlp.dll"
netiougc.exe  Aug 14 2009       22016  "netiougc.exe"
netstat.exe   Aug 14 2009       27136  "NETSTAT.EXE"
occache.dll   Jul 18 2009      102912  "occache.dll"
perfc009.dat  Sep 26 2009      104024  "perfc009.dat"
perfh009.dat  Sep 26 2009      618648  "perfh009.dat"
perfst~1.ini  Sep 26 2009      716948  "PerfStringBackup.INI"
pngfilt.dll   Jul 18 2009       44544  "pngfilt.dll"
route.exe     Aug 14 2009       17920  "ROUTE.EXE"
spwmp.dll     Jul 14 2009        7680  "spwmp.dll"
tcpipcfg.dll  Aug 14 2009      167424  "tcpipcfg.dll"
tcpsvcs.exe   Aug 14 2009        9728  "TCPSVCS.EXE"
urlmon.dll    Jul 18 2009     1159680  "urlmon.dll"
wininet.dll   Jul 18 2009      827392  "wininet.dll"
wlan.tmf      Jul 11 2009     1657350  "wlan.tmf"
wlanapi.dll   Jul 11 2009       47104  "wlanapi.dll"
wlanhlp.dll   Jul 11 2009       67584  "wlanhlp.dll"
wlanmsm.dll   Jul 11 2009      290816  "wlanmsm.dll"
wlansec.dll   Jul 11 2009      297984  "wlansec.dll"
wlansvc.dll   Jul 11 2009      502272  "wlansvc.dll"
wmp.dll       Jul 14 2009    10621952  "wmp.dll"
wmpdxm.dll    Jul 14 2009      313344  "wmpdxm.dll"
wmploc.dll    Jul 14 2009     8147968  "wmploc.DLL"
wuapp.exe     Aug  6 2009       33792  "wuapp.exe"
wuauclt.exe   Aug  6 2009       53472  "wuauclt.exe"
wuaueng.dll   Aug  6 2009     1929952  "wuaueng.dll"
wucltux.dll   Aug  6 2009     2421760  "wucltux.dll"
wups2.dll     Aug  6 2009       44768  "wups2.dll"
wuwebv.dll    Aug  6 2009      171608  "wuwebv.dll"

72 items found:  72 files (3 H/S), 0 directories.
  Total of file sizes:  50,617,650 bytes     48.27 M

    --------------------------------------------------------------------------
           C:\Windows\system32\com: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Windows\system32\com within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\Windows\system32\drivers: 
    --------------------------------------------------------------------------

    Locating all files created in C:\Windows\system32\drivers within the last 90 days.  

"C:\Windows\System32\drivers\"
netio.sys     Aug 14 2009      213592  "netio.sys"
tcpip.sys     Aug 14 2009      813568  "tcpip.sys"

2 items found:  2 files, 0 directories.
  Total of file sizes:  1,027,160 bytes  1,003.09 K

    --------------------------------------------------------------------------
           C:\Windows\system32\drivers\etc: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Windows\system32\drivers\etc within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\Windows\TEMP: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Windows\TEMP within the last 90 days.  

No matches found.

************************************************************************************  

Checking for .COM files to Delete. They will only print if deleted! 

   Locating .COM files in the C:\Windows\System32 folder 

"C:\Windows\System32\"
chcp.com      Nov  2 2006       11776  "chcp.com"
command.com   Nov  2 2006       50648  "COMMAND.COM"
diskcomp.com  Nov  2 2006       13824  "diskcomp.com"
diskcopy.com  Nov  2 2006       11264  "diskcopy.com"
edit.com      Sep 18 2006       69886  "edit.com"
format.com    Nov  2 2006       35328  "format.com"
graftabl.com  Nov  2 2006       56320  "graftabl.com"
graphics.com  Nov  2 2006       19694  "GRAPHICS.COM"
kb16.com      Nov  2 2006       14710  "KB16.COM"
loadfix.com   Nov  2 2006        1131  "LOADFIX.COM"
mode.com      Nov  2 2006       25088  "mode.com"
more.com      Nov  2 2006       20992  "more.com"
tree.com      Nov  2 2006       16384  "tree.com"
win.com       Nov  2 2006        6656  "win.com"

14 items found:  14 files, 0 directories.
  Total of file sizes:  353,701 bytes    345.41 K

************************************************************************************  

Miscellaneous Malware Detections: 
------------------------------------------------------------------------------------  


   **** Delfin Media  {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****  

   **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****   

   **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****  

   **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****  

   **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****  

   **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****  

   **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****  

   **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****  

   **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****  

   **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****  

   **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****  

   **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****  

   **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****  

   **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****  

   **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****  

   **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****  

   **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****  

   **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****  

   **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****  

   **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****  

   **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****  

   **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****  

   **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****  

   **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****  

   **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****  

   **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****  

   **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****  

   **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****  

   **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****  

   **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****  

   **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****  

   **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****  

   **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****  

   **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****  

   **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****  

   **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****  

   **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****  

   **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****  

   **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****  

   **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****  

   **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****  

   **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****  

   **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****  

   **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****  

   **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****  

   **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****  

   **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****  

   **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****  

   **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****  

   **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****  

   **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****  

   **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****  

   **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****  

   **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****  

   **** Troj/Crafted-A  {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****  

   **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****  

   **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****  

   **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****  

   **** W32/Almanahe.a Worm NOT FOUND by this tool! **** 

   **** msctl32.dll SpamBot NOT FOUND by this tool! **** 

   **** KeyLogger NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR BOT-TYPE WORMS: 
--------------------------------------------------------------------------

   **** W32/Sdbot Worm NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: 
--------------------------------------------------------------------------

   **** i386p.* Stealthing Agent NOT FOUND by this tool! **** 

   **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** 

   **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** 

   **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** 

--------------------------------------------------------------------------
       CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: 
--------------------------------------------------------------------------

   **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****  

   **** CmdService adware NOT FOUND by this tool! ****  

   **** Network_Monitor adware NOT FOUND by this tool! ****  

   **** Trojan.Peacomm NOT FOUND by this tool! ****  

   **** Trojan.Peacomm windev NOT FOUND by this tool! ****  

   **** AVPE Haxdoor NOT FOUND by this tool! ****  

   **** MEMLOW Haxdoor NOT FOUND by this tool! ****  

   **** VDMT Haxdoor NOT FOUND by this tool! ****  

   **** YCSVGA Haxdoor NOT FOUND by this tool! ****  

   **** PPTP Haxdoor FOUND by this tool! **** 
        CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport 
HKEY_LOCAL_MACHINE\system\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\RasHelperClass\HelperClasses\CPPTPDiagHelper
  LocDescription	REG_SZ         	@netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol
  AllowPPTPWeakCrypto	REG_DWORD      	0 (0x0)
  DisableStatefulPPTP	REG_DWORD      	0 (0x0)
  RRAS-PPTP-In-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE|
  RRAS-PPTP-Out-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE|
  DisableStatefulPPTP	REG_DWORD      	0 (0x0)
  RRAS-PPTP-In-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE|
  RRAS-PPTP-Out-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE|
HKEY_LOCAL_MACHINE\system\ControlSet003\Control\NetDiagFx\Microsoft\HostDLLs\RasHelperClass\HelperClasses\CPPTPDiagHelper
  LocDescription	REG_SZ         	@netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol
  AllowPPTPWeakCrypto	REG_DWORD      	0 (0x0)
  DisableStatefulPPTP	REG_DWORD      	0 (0x0)
  RRAS-PPTP-In-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE|
  RRAS-PPTP-Out-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE|
  DisableStatefulPPTP	REG_DWORD      	0 (0x0)
  RRAS-PPTP-In-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE|
  RRAS-PPTP-Out-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\RasHelperClass\HelperClasses\CPPTPDiagHelper
  LocDescription	REG_SZ         	@netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol
  AllowPPTPWeakCrypto	REG_DWORD      	0 (0x0)
  DisableStatefulPPTP	REG_DWORD      	0 (0x0)
  RRAS-PPTP-In-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE|
  RRAS-PPTP-Out-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE|
  DisableStatefulPPTP	REG_DWORD      	0 (0x0)
  RRAS-PPTP-In-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE|
  RRAS-PPTP-Out-TCP	REG_SZ         	v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE|

   **** DVB Haxdoor  NOT FOUND by this tool! ****  

   **** YVBB Haxdoor NOT FOUND by this tool! ****  

   **** YVPP Haxdoor NOT FOUND by this tool! ****  

   **** NKGFS Haxdoor NOT FOUND by this tool! ****  

   **** XMSK Haxdoor NOT FOUND by this tool! ****  

   **** AVPX Haxdoor NOT FOUND by this tool! ****  

   **** MMXF Haxdoor NOT FOUND by this tool! ****  

   **** DP1112 Vundo Rootkit NOT FOUND by this tool! ****  

   **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****  

   **** I386P Rootkit Driver NOT FOUND by this tool! ****  

   **** ERSSDD Rootkit NOT FOUND by this tool! ****  

   **** GencTurK RootKit NOT FOUND by this tool! ****  

   **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****  

   **** W32/Almanahe.sys NOT FOUND by this tool! ****  

************************************************************************************  

Dumping HKLM Uninstall Programs list 

  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	2007 Microsoft Office Suite Service Pack 1 (SP1)
  DisplayName	REG_SZ         	a-squared Free 4.5
  DisplayName	REG_SZ         	a-squared HiJackFree 3.1
  DisplayName	REG_SZ         	Acer Arcade
  DisplayName	REG_SZ         	Acer Assist
  DisplayName	REG_SZ         	Acer eDataSecurity Management
  DisplayName	REG_SZ         	Acer eLock Management
  DisplayName	REG_SZ         	Acer Empowering Technology
  DisplayName	REG_SZ         	Acer eNet Management
  DisplayName	REG_SZ         	Acer ePower Management
  DisplayName	REG_SZ         	Acer ePresentation Management
  DisplayName	REG_SZ         	Acer eSettings Management
  DisplayName	REG_SZ         	Acer GridVista
  DisplayName	REG_SZ         	Acer Mobility Center Plug-In
  DisplayName	REG_SZ         	Acer Registration
  DisplayName	REG_SZ         	Acer ScreenSaver
  DisplayName	REG_SZ         	Acer Tour
  DisplayName	REG_SZ         	Adobe Flash Player 10 ActiveX
  DisplayName	REG_SZ         	Adobe Flash Player Plugin
  DisplayName	REG_SZ         	Adobe Photoshop 7.0
  DisplayName	REG_SZ         	Adobe Reader 7.1.0
  DisplayName	REG_SZ         	Agere Systems HDA Modem
  DisplayName	REG_SZ         	AIM 6
  DisplayName	REG_SZ         	AIM Toolbar 5.0
  DisplayName	REG_SZ         	AppCore
  DisplayName	REG_SZ         	Apple Mobile Device Support
  DisplayName	REG_SZ         	Apple Software Update
  DisplayName	REG_SZ         	Ares Tube 3.0
  DisplayName	REG_SZ         	Autodesk Student Community Download Tool
  DisplayName	REG_SZ         	AV
  DisplayName	REG_SZ         	AVS Update Manager 1.0
  DisplayName	REG_SZ         	AVS Video Converter 6
  DisplayName	REG_SZ         	AVS4YOU Software Navigator 1.3
  DisplayName	REG_SZ         	BitTorrent 5.0.7
  DisplayName	REG_SZ         	Bonjour
  DisplayName	REG_SZ         	ccCommon
  DisplayName	REG_SZ         	DivX Web Player
  DisplayName	REG_SZ         	doPDF 6.2  printer
  DisplayName	REG_SZ         	Dynex 1.3MP Webcam Driver (1.00.03.0000)
  DisplayName	REG_SZ         	Dynex Webcam User's Guide
  DisplayName	REG_SZ         	ExplorerXP (remove only)
  DisplayName	REG_SZ         	Google Earth
  DisplayName	REG_SZ         	Google SketchUp 6
  DisplayName	REG_SZ         	Google SketchUp 6
  DisplayName	REG_SZ         	Google Toolbar for Internet Explorer
  DisplayName	REG_SZ         	Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
  DisplayName	REG_SZ         	Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
  DisplayName	REG_SZ         	Intel(R) Graphics Media Accelerator Driver
  DisplayName	REG_SZ         	iPod for Windows 2005-03-23
  DisplayName	REG_SZ         	iPod for Windows 2005-03-23
  DisplayName	REG_SZ         	iTunes
  DisplayName	REG_SZ         	Java(TM) SE Runtime Environment 6 Update 1
  DisplayName	REG_SZ         	Launch Manager
  DisplayName	REG_SZ         	LightScribe  1.4.136.1
  DisplayName	REG_SZ         	LimeWire 4.16.6
  DisplayName	REG_SZ         	Live! Cam Center
  DisplayName	REG_SZ         	LiveUpdate 3.2 (Symantec Corporation)
  DisplayName	REG_SZ         	LiveUpdate Notice (Symantec Corporation)
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  DisplayName	REG_SZ         	Microsoft Office Access MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Access Setup Metadata MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  DisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  DisplayName	REG_SZ         	Microsoft Office Excel MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Groove MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Groove Setup Metadata MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office InfoPath MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office OneNote MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Outlook MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office PowerPoint MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Proof (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Proof (French) 2007
  DisplayName	REG_SZ         	Microsoft Office Proof (Spanish) 2007
  DisplayName	REG_SZ         	Microsoft Office Proofing (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Publisher MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Shared MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Shared Setup Metadata MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Word MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Silverlight
  DisplayName	REG_SZ         	Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
  DisplayName	REG_SZ         	Microsoft Visual C++ 2005 Redistributable
  DisplayName	REG_SZ         	MobileMe Control Panel
  DisplayName	REG_SZ         	Mozilla Firefox (3.0.14)
  DisplayName	REG_SZ         	MSRedist
  DisplayName	REG_SZ         	MSXML 4.0 SP2 (KB927978)
  DisplayName	REG_SZ         	MSXML 4.0 SP2 (KB936181)
  DisplayName	REG_SZ         	MSXML 4.0 SP2 (KB941833)
  DisplayName	REG_SZ         	MSXML 4.0 SP2 (KB954430)
  DisplayName	REG_SZ         	MyPDFCreator
  DisplayName	REG_SZ         	MySpaceIM
  DisplayName	REG_SZ         	Norton AntiVirus
  DisplayName	REG_SZ         	Norton Confidential Browser Component
  DisplayName	REG_SZ         	Norton Confidential Web Protection Component
  DisplayName	REG_SZ         	Norton Internet Security
  DisplayName	REG_SZ         	Norton Internet Security
  DisplayName	REG_SZ         	Norton Internet Security
  DisplayName	REG_SZ         	Norton Internet Security
  DisplayName	REG_SZ         	Norton Internet Security (Symantec Corporation)
  DisplayName	REG_SZ         	Norton Protection Center
  DisplayName	REG_SZ         	NTI Backup NOW! 4.7
  DisplayName	REG_SZ         	NTI CD & DVD-Maker
  DisplayName	REG_SZ         	NTI CD & DVD-Maker
  DisplayName	REG_SZ         	Object Fix Zip
  DisplayName	REG_SZ         	Picasa 2
  DisplayName	REG_SZ         	PLAYSTATION(R)Network Downloader
  DisplayName	REG_SZ         	QuickTime
  DisplayName	REG_SZ         	Realtek High Definition Audio Driver
  DisplayName	REG_SZ         	Security Update for 2007 Microsoft Office System (KB951550)
  DisplayName	REG_SZ         	Security Update for 2007 Microsoft Office System (KB951944)
  DisplayName	REG_SZ         	Security Update for 2007 Microsoft Office System (KB969559)
  DisplayName	REG_SZ         	Security Update for 2007 Microsoft Office System (KB969679)
  DisplayName	REG_SZ         	Security Update for CAPICOM (KB931906)
  DisplayName	REG_SZ         	Security Update for CAPICOM (KB931906)
  DisplayName	REG_SZ         	Security Update for Microsoft Office Excel 2007 (KB969682)
  DisplayName	REG_SZ         	Security Update for Microsoft Office OneNote 2007 (KB950130)
  DisplayName	REG_SZ         	Security Update for Microsoft Office PowerPoint 2007 (KB957789)
  DisplayName	REG_SZ         	Security Update for Microsoft Office Publisher 2007 (KB969693)
  DisplayName	REG_SZ         	Security Update for Microsoft Office system 2007 (KB954326)
  DisplayName	REG_SZ         	Security Update for Microsoft Office system 2007 (KB969613)
  DisplayName	REG_SZ         	Security Update for Microsoft Office Word 2007 (KB969604)
  DisplayName	REG_SZ         	Security Update for Visio 2007 (KB947590)
  DisplayName	REG_SZ         	SPBBC 32bit
  DisplayName	REG_SZ         	Symantec Real Time Storage Protection Component
  DisplayName	REG_SZ         	SymNet
  DisplayName	REG_SZ         	Synaptics Pointing Device Driver
  DisplayName	REG_SZ         	Texas Instruments PCIxx21/x515/xx12 drivers.
  DisplayName	REG_SZ         	TIPCI
  DisplayName	REG_SZ         	Update for 2007 Microsoft Office System (KB967642)
  DisplayName	REG_SZ         	Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
  DisplayName	REG_SZ         	Update for Microsoft Office 2007 Help for Common Features (KB963673)
  DisplayName	REG_SZ         	Update for Microsoft Office Access 2007 Help (KB963663)
  DisplayName	REG_SZ         	Update for Microsoft Office Excel 2007 Help (KB963678)
  DisplayName	REG_SZ         	Update for Microsoft Office Infopath 2007 Help (KB963662)
  DisplayName	REG_SZ         	Update for Microsoft Office OneNote 2007 Help (KB963670)
  DisplayName	REG_SZ         	Update for Microsoft Office Outlook 2007 (KB969907)
  DisplayName	REG_SZ         	Update for Microsoft Office Outlook 2007 Help (KB963677)
  DisplayName	REG_SZ         	Update for Microsoft Office Powerpoint 2007 Help (KB963669)
  DisplayName	REG_SZ         	Update for Microsoft Office Publisher 2007 Help (KB963667)
  DisplayName	REG_SZ         	Update for Microsoft Office Script Editor Help (KB963671)
  DisplayName	REG_SZ         	Update for Microsoft Office Word 2007 Help (KB963665)
  DisplayName	REG_SZ         	Update for Outlook 2007 Junk Email Filter (kb973514)
  DisplayName	REG_SZ         	VideoLAN VLC media player 0.8.6b
  DisplayName	REG_SZ         	Viewpoint Media Player
  DisplayName	REG_SZ         	Windows Media Player Firefox Plugin
  DisplayName	REG_SZ         	WinZip 11.1
  DisplayName	REG_SZ         	Xvid 1.1.3 final uninstall
  DisplayName	REG_SZ         	Yahoo! Browser Services
  DisplayName	REG_SZ         	Yahoo! IE Search Suggest
  DisplayName	REG_SZ         	Yahoo! Install Manager
  DisplayName	REG_SZ         	Yahoo! Internet Mail
  DisplayName	REG_SZ         	Yahoo! Messenger
  DisplayName	REG_SZ         	Yahoo! Toolbar
  DisplayName	REG_SZ         	Yahoo! Toolbar
  ParentDisplayName	REG_SZ         	CAPICOM
  ParentDisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  ParentDisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  ParentDisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007
  ParentDisplayName	REG_SZ         	Microsoft Office Enterprise 2007


#####################################################################################################


  -- All DONE! 

  ~ ShadowPuterDude

Logfile of HiJackFree v3.0

Scan saved at 11:30:30 PM, on 10/2/2009

Platform: Windows Vista32 (Windows NT 6.0.6000)

MSIE: Internet Explorer v 7.0 (7.0.6000.16890)

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\System32\csrss.exe

C:\Windows\System32\wininit.exe

C:\Windows\System32\csrss.exe

C:\Windows\System32\winlogon.exe

C:\Windows\System32\services.exe

C:\Windows\System32\lsass.exe

C:\Windows\System32\lsm.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\SLsvc.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\dwm.exe

C:\Windows\explorer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Windows\System32\wpcumi.exe

C:\Windows\V0500Mon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Users\MeEiLaH\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\System32\igfxext.exe

C:\Windows\System32\igfxsrvc.exe

C:\Windows\System32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Windows\System32\svchost.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\SearchIndexer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\System32\wbem\WmiPrvSE.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Windows\System32\taskeng.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Windows\System32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Windows\System32\taskeng.exe

C:\Windows\System32\wuauclt.exe

C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Acer Tour]

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [setPanel]

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [eRecoveryService]

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [V0500Mon.exe] C:\Windows\V0500Mon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKLM\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKLM\..\Run: [inixs] C:\Windows\system32\minix32.exe

O7 - Regedit - Enabled

O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra "Tools" menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - c:\program files\aol\aim toolbar 5.0\resources\en-US\aoltbres.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\icons\services.ico,0

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBAR.ICO

O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: C:\Windows\system32\wpclsp.dll

O14 - IERESET.INF: SearchAssistant=

O14 - IERESET.INF: CustomizeSearch=

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O20 - AppInit_DLLs: eNetHook.dll

O20 - Winlogon Notify: igfxcui - igfxdev.dll

O21 - ShellServiceObjectDelayLoad: WebCheck -

O22 - SharedTaskScheduler: Component Categories cache daemon - C:\Windows\system32\browseui.dll

O23 - Service: a-squared Free Service - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Application Experience Service - C:\Windows\system32\svchost.exe

O23 - Service: Agere Modem Call Progress Audio - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Application Layer Gateway Service - C:\Windows\System32\alg.exe

O23 - Service: Application Information Service - C:\Windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe

O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe

O23 - Service: Automatic LiveUpdate Scheduler - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Background Intelligent Transfer Service - C:\Windows\System32\svchost.exe

O23 - Service: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Computer Browser Service DLL - C:\Windows\System32\svchost.exe

O23 - Service: Symantec Event Manager - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe

O23 - Service: CyberLink Background Capture Service (CBCS) - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

O23 - Service: CyberLink Task Scheduler (CTS) - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: COMSysApp - C:\Windows\system32\dllhost.exe

O23 - Service: Cryptographic Services - C:\Windows\system32\svchost.exe

O23 - Service: CyberLink Media Library Service - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: DFSR - C:\Windows\system32\DFSR.exe

O23 - Service: DHCP Client Service - C:\Windows\system32\svchost.exe

O23 - Service: DNS Client API DLL - C:\Windows\system32\svchost.exe

O23 - Service: Wired AutoConfig Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft EAPHost service - C:\Windows\System32\svchost.exe

O23 - Service: eDataSecurity Service - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: ReadyBoost Service - C:\Windows\system32\svchost.exe

O23 - Service: eNet Service - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Event Logging Service - C:\Windows\System32\svchost.exe

O23 - Service: EventSystem - C:\Windows\system32\svchost.exe

O23 - Service: WS Discovery Service - C:\Windows\system32\svchost.exe

O23 - Service: Function Discovery Resource Publication Service - C:\Windows\system32\svchost.exe

O23 - Service: Windows Presentation Foundation Host - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

O23 - Service: Google Updater Service - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HID Service - C:\Windows\system32\svchost.exe

O23 - Service: Key Management Service - C:\Windows\System32\svchost.exe

O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IKE extension - C:\Windows\system32\svchost.exe

O23 - Service: PnP-X IP Bus Enumerator DLL - C:\Windows\system32\svchost.exe

O23 - Service: Service that offers IPv6 connectivity over an IPv4 network. - C:\Windows\System32\svchost.exe

O23 - Service: iPod Service - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Infrared Monitor - C:\Windows\system32\svchost.exe

O23 - Service: Symantec IS Password Validation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: KeyIso - C:\Windows\system32\lsass.exe

O23 - Service: KtmRm - C:\Windows\System32\svchost.exe

O23 - Service: Server Service DLL - C:\Windows\system32\svchost.exe

O23 - Service: Workstation Service DLL - C:\Windows\System32\svchost.exe

O23 - Service: LightScribeService Direct Disc Labeling Service - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Link-Layer Topology Discovery Resources - C:\Windows\System32\svchost.exe

O23 - Service: TCPIP NetBios Transport Services DLL - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft Office Groove Audit Service - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe

O23 - Service: MobilityService - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Windows Firewall API - C:\Windows\system32\svchost.exe

O23 - Service: MSDTC - C:\Windows\System32\msdtc.exe

O23 - Service: iSCSI Discovery api - C:\Windows\system32\svchost.exe

O23 - Service: Windows® Installer International Messages - C:\Windows\system32\msiexec

O23 - Service: Quarantine Agent Service Run-Time - C:\Windows\System32\svchost.exe

O23 - Service: Net Logon Services DLL - C:\Windows\system32\lsass.exe

O23 - Service: Network Connections Manager - C:\Windows\System32\svchost.exe

O23 - Service: Network Profile Management UI - C:\Windows\System32\svchost.exe

O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Network Location Awareness 2 - C:\Windows\System32\svchost.exe

O23 - Service: Network Store Interface RPC server - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft Office Diagnostics Service - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

O23 - Service: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe

O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe

O23 - Service: Program Compatibility Assistant Service - C:\Windows\system32\svchost.exe

O23 - Service: Performance Logs & Alerts - C:\Windows\System32\svchost.exe

O23 - Service: User-mode Plug-and-Play Service - C:\Windows\system32\svchost.exe

O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe

O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe

O23 - Service: Policy Storage dll - C:\Windows\system32\svchost.exe

O23 - Service: ProfSvc - C:\Windows\system32\svchost.exe

O23 - Service: Protected Storage default provider - C:\Windows\system32\lsass.exe

O23 - Service: Windows NT - C:\Windows\\system32\svchost.exe

O23 - Service: Remote Access AutoDial Manager - C:\Windows\system32\svchost.exe

O23 - Service: Remote Access Connection Manager - C:\Windows\system32\svchost.exe

O23 - Service: RemoteRegistry - C:\Windows\system32\svchost.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Rpc Locator - C:\Windows\system32\locator.exe

O23 - Service: Smart Card Resource Management Server - C:\Windows\system32\svchost.exe

O23 - Service: Task Scheduler Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft® Windows Backup Service - C:\Windows\system32\svchost.exe

O23 - Service: System Event Notification Service (SENS) - C:\Windows\system32\svchost.exe

O23 - Service: Terminal Services Configuration service - C:\Windows\System32\svchost.exe

O23 - Service: Microsoft NAT Helper Components - C:\Windows\System32\svchost.exe

O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe

O23 - Service: Microsoft Software Licensing Service - C:\Windows\system32\SLsvc.exe

O23 - Service: Software Licensing UI Notification Service - C:\Windows\system32\svchost.exe

O23 - Service: SNMP Trap - C:\Windows\System32\snmptrap.exe

O23 - Service: SSDP Service DLL - C:\Windows\system32\svchost.exe

O23 - Service: Still Image Devices Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft® Volume Shadow Copy Service software provider - C:\Windows\System32\svchost.exe

O23 - Service: Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Superfetch Service Host - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft Tablet PC Input Service - C:\Windows\System32\svchost.exe

O23 - Service: Microsoft® Windows Telephony Server - C:\Windows\System32\svchost.exe

O23 - Service: TBS Service - C:\Windows\System32\svchost.exe

O23 - Service: Terminal Server Remote Connections Manager - C:\Windows\System32\svchost.exe

O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe

O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe

O23 - Service: Interactive services detection - C:\Windows\system32\UI0Detect.exe

O23 - Service: UPnP Device Host - C:\Windows\system32\svchost.exe

O23 - Service: Desktop Window Manager - C:\Windows\System32\svchost.exe

O23 - Service: Virtual Disk Service - C:\Windows\System32\vds.exe

O23 - Service: Viewpoint Manager Service - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Microsoft® Volume Shadow Copy Service - C:\Windows\system32\vssvc.exe

O23 - Service: Windows Time Service - C:\Windows\system32\svchost.exe

O23 - Service: Windows Connect Now - Config Registrar Service - C:\Windows\System32\svchost.exe

O23 - Service: WcsPlugInService DLL - C:\Windows\system32\svchost.exe

O23 - Service: Web DAV Service DLL - C:\Windows\system32\svchost.exe

O23 - Service: Event Collector Service - C:\Windows\system32\svchost.exe

O23 - Service: Problem Reports and Solutions - C:\Windows\System32\svchost.exe

O23 - Service: Windows Error Reporting Service - C:\Windows\System32\svchost.exe

O23 - Service: Resource Module - C:\Windows\System32\svchost.exe

O23 - Service: Windows HTTP Services - C:\Windows\system32\svchost.exe

O23 - Service: WMI - C:\Windows\system32\svchost.exe

O23 - Service: WSMan Service - C:\Windows\System32\svchost.exe

O23 - Service: Windows WLAN AutoConfig Service DLL - C:\Windows\system32\svchost.exe

O23 - Service: WMI Performance Reverse Adapter - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: ePower Service - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: Windows Media Player Network Sharing Service - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: WPC Filtering Service - C:\Windows\system32\svchost.exe

O23 - Service: Portable Device Enumerator - C:\Windows\system32\svchost.exe

O23 - Service: Windows Security Center Service - C:\Windows\System32\svchost.exe

O23 - Service: Microsoft Windows Search Indexer - C:\Windows\system32\SearchIndexer.exe

O23 - Service: Windows Update Agent - C:\Windows\system32\svchost.exe

O23 - Service: Windows Driver Foundation - User-mode Driver Framework Service - C:\Windows\system32\svchost.exe

[/code

Share this post


Link to post
Share on other sites

Hi dont click the exe

Welcome to the forum

Your log files show that you are using keygens /cracks / illegal Software

As you read in the instruction http://forum.emsisof...?g=posts&t=1930

there is a special clause about using illegal Software

You must uninstall / remove all illegal Software before posting reports, otherwise you will not be assisted by malware fighter.

After that update a-squared, rescan and repost all log files into this thread.

My regards

Share this post


Link to post
Share on other sites

"

Hi dont click the exe

Welcome to the forum

Your log files show that you are using keygens /cracks / illegal Software

As you read in the instruction http://forum.emsisof...?g=posts&t=1930

there is a special clause about using illegal Software

You must uninstall / remove all illegal Software before posting reports, otherwise you will not be assisted by malware fighter."

To Whom It May Concern:

Thanks for the expeditious response. Please be advised that this computer doesn't have any keygen/cracks/illegal software. Please confirm what is specifically illegal/a crack/or a keygen on this computer. Just because a file is named "keygen" doesn't mean it actually is a keygen. Judgement shouldn't be passed based simply on a malicious .exe file name. trojan writers can name .exe files containing dangerous trojans "pirated illegal cam copy of best movie from hollywood", and configure that file to be impossible to delete. but should that file, by virtue of its name, be deemed illegal? a specific file name doesn't make a file illegal, last time i checked.

this .exe i clicked is pretty malicious as whoever created it likely knew that if they name it with an "illegal sounding name", that no forum support would be provided to help delete it; thus the trojan will continue to operate. Thus the .exe with a malicious sounding file name will live on!

i was put into a bit of a catch22. wat a great way to start the weekend. your policy clause about 'illegal software/crack/keygen' is well intentioned, but is weak, as it seems you are deeming malicious trojan-containing .exe files as illegal by virtue of it's name. i dont' think this is valid. one can name any file with an 'illegal sounding name' but does that make the file automatically illegal? just because a .jpg file of an elephant is called "picture of a duck" doesn't make the file a picture of a duck.

malicious hackers/trojan writers! policies with well-intentioned clauses that deems the user guilty by virtue of a file name!

humbug.

is there nothing else you can suggest? is this computer stuck forever with the trojan and its un-erasable parent .exe source file because the source file has the word "keygen' in it?

please advise, and thank you for your time.

Share this post


Link to post
Share on other sites

dont click the exe,

Rules are rules and as I pointed - malware fighter will decide.

..."keygen" doesn't mean it actually is a keygen. Judgement shouldn't be passed based simply on a malicious .exe file name

Nobody is judging just by the file names.

The flagged file is in your report

C:\Users\MeEiLaH\Desktop\Jamilla\Keygen.Rhinoceros.4.0.SR4.exe

Rhinoceros 3d Modelling is known Software Package. Current version is 4

The said keygen (under that particular name) is available for download from many file sharing sites.

The file must be removed and if there is a patched Software installed that has to be uninstalled.

Other than that please wait for the response from ShadowPuterDude

My regards

Share this post


Link to post
Share on other sites

Keygen.Rhinoceros.4.0.SR4.exe is a keygen, it's that simple.

-----------------------------------------------------------

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.

-----------------------------------------------------------

Post fresh logs for:

  • ComboFix (C:\combofix.txt)
  • a-squared Free
  • ISeeYouXP

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Keygen.Rhinoceros.4.0.SR4.exe is a keygen, it's that simple.

-----------------------------------------------------------

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.

-----------------------------------------------------------

Post fresh logs for:

  • ComboFix (C:\combofix.txt)
  • a-squared Free
  • ISeeYouXP

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

thank you for your response and assistance.

i came across some trouble that i hope you can help with.

i've downloaded and installed combofix.exe.. as described in the combofix installation instructions, during installation, combofix said that it detected antivirus software running in the background, and that it should disabled to avoid conflicts.

i didn't realize that the norton (expired software which came with the pc) was running; as I didn't see it on the task manager. with the Combofix warning window still open (describing that continuing with combofix installation while other antivirus software is running is discouraged), and finding no other way to turn off/disable the expired norton software, I used control panel/add delete programs to uninstall the norton software. during norton uninstall, it said that some files were quarantined, and "do you want to delete these quarantined files". i clicked yes. (i think now that i shouldve said "no"). if i remember correctly, after norton uninstall, the pc automatically rebooted.

got back to desktop, and executed the combofix.exe. combofix installed (but didn't ask for windows recovery console" installation as far as i know. i came back to my after clicking the exe file expecting to see a window prompt regarding the windows recovery console installation, but didn't see anything). and produced a log, saved at default location.

i remember the computer rebooting. upon reboot, i tried to open the combofix.txt log, got the error "illegal operation attempted on a registry key that has been marked for deletion". i tried opening a-squared to continue with the process, but got the same error. i tried opening other files, and got the same error. i think this has to do with the uninstallation of norton, and it's question: "delete quarantined files", which i clicked yes.

am i screwed? if i reboot will everything be screwed up? or will a reboot "fix" things?, so that i can continue with the a-squared process? is my registry screwed? i don't think it should be, if quarantined viruses were selected to be deleted during norton uninstall. (this is my guess why this is happening).

i am posting this from a friends computer.

any suggestions of what to do at this stage, in which clicking any programs or files (jpgs seemingly excluded) produces the error: "ILLEGAL OPERATION ATTEMPTED ON A REGISTRY KEY THAT HAS BEEN MARKED FOR DELETION." Reboot? or is that risky? cuz the registry will be screwed?

I'd like to continue with your directions; or at a minimum, do something so that i can at least have access all my critical files, save it to a removable drive, then buy a new computer.

Please advise. thank you for your technical guidance and assistance.

best regards,

Share this post


Link to post
Share on other sites

Reboot your system. Sometimes that will fix the error you are receiving.

Attach the logs I asked for previously. If you still get the error let me know and we will try to resolve that issue first.

Share this post


Link to post
Share on other sites

Reboot your system. Sometimes that will fix the error you are receiving.

Attach the logs I asked for previously. If you still get the error let me know and we will try to resolve that issue first.

shadowputerdude,

rebooting solved the problem i described in my last post, thanks for your confirmation. requested logs attached. i notice on the iseeyouxp.txt log: "PPTP Haxdoor found!"

doc, what's your next suggested treatment?

please advise.

and i hope you guys are somehow being compensated; your team is providing an invaluable service.

best,

Share this post


Link to post
Share on other sites

I found on another forum post that the PPTP Haxdoor is likely a false positive detection.

Please confirm.

Doc, am i clear of all malware/infections according to the logs? if so, that's great news; but i am confused as to what happened to the trojan.win32.scar!IK, which initiated this.

it was orignally in a exe file which couldn't be deleted. i uploaded the exe to some online service which scans the file for malware/viruses, etc. it recieved many positives.

so i found a-squared via a google search (praise google!). a-squared scanned my computer, found the offending exe file containing the trojan.win32.scar!IK, and quarantined the exe.

then my posts in this forum began...

looking at the logs, is my pc all clear doc? (it appears that trojan.win32.scar!ik wasn't found; unless i overlooked it in the logs.)

you guys rock! keep up the great service.

Share this post


Link to post
Share on other sites

The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u16 available from Sun Microsystems.

-----------------------------------------------------------

Using Add or Remove Programs in the Control Panel; uninstall the following:

Java SE Runtime Environment 6 Update 1

-----------------------------------------------------------

The PPTP Haxdoor entry in ISeeYouXP is a False Postive.

-----------------------------------------------------------

Unless you are having problems from Malware it is time to do the final steps.

If you used ComboFix, uninstall ComboFix:

  • Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.)
  • AvoidTDSS /u or combofix /u
    Note: The space before /u, must be there.
    This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  • Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix.
    Delete everything in C:\!KillBox

Delete the following from your Desktop (If they exist)

Avenger.exe

Avenger.txt

Avenger.zip

DisableAutoRuns.reg

FixMe.reg

FixReg.reg

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

Anything else I had you use

Delete the following: (If they exist)

C:\Avenger.txt

C:\Avenger

C:\ComboFix.txt

C:\ComboFix

C:\SDFix

C:\Qoobox

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

4 Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.