Unfortunately my computer was infected with some malware and attempts to remove it have been partially successful (I've tried spybot, avast, malwarebytes' anti-malware, and superantispyware). Now whenever my computer is connected to the internet, at fairly regular intervals avast's On-Access scanner detects the same two infections. Here is a snippet of the log file:
2009/12/31 14:48:38 SYSTEM 1936 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\hlld.tmp\svchost.exe" file.
2009/12/31 14:48:45 SYSTEM 1936 Sign of "Win32:Zbot-MML [Trj]" has been found in "C:\WINDOWS\TEMP\yftt.tmp\svchost.exe" file.
2009/12/31 14:53:52 SYSTEM 1936 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ikba.tmp\svchost.exe" file.
2009/12/31 14:53:59 SYSTEM 1936 Sign of "Win32:Zbot-MML [Trj]" has been found in "C:\WINDOWS\TEMP\qxno.tmp\svchost.exe" file.
2009/12/31 14:59:05 SYSTEM 1936 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\nkfh.tmp\svchost.exe" file.
2009/12/31 14:59:12 SYSTEM 1936 Sign of "Win32:Zbot-MML [Trj]" has been found in "C:\WINDOWS\TEMP\svfc.tmp\svchost.exe" file.
I keep selecting "Move to chest" in Avast to quarantine each infection.
I've followed your guide for preparation to submit a request for help. One problem is my system restore has been disabled and I can't restore it manually. Here are the steps I've followed and the resulting logs:
- TFC was run to remove temporary files.
- SysRestorePoint gave an error message saying a restore point couldn't be generated.
- erunt was run to backup the registry.
- Malwarebytes' Anti-Malware reported "An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team." with the error code "731 (0, 6)" at the same time that it detected the first infected key.
Malwarebytes' Anti-Malware log:
Malwarebytes' Anti-Malware 1.43
Database version: 3461
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2009/12/31 13:30:35
mbam-log-2009-12-31 (13-30-35).txt
Scan type: Quick Scan
Objects scanned: 115547
Time elapsed: 14 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
- gmer produces an unhandled exception while initially scanning (just after startup without any user intervention). After that the computer needs to be rebooted because the system slows down considerably.
- OTL was run with the following dumped files:
OTL logfile created on: 2009/12/31 14:29:31 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 2.24 Gb Free Space | 2.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BRETT-0HK85V6C6
Current User Name: brett
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/31 13:23:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\security\OTL.exe
PRC - [2009/12/24 21:16:34 | 01,027,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/12/19 08:10:16 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/25 08:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 08:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 08:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 08:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/30 18:15:52 | 00,065,024 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/07/17 22:32:00 | 03,576,320 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/07/14 21:10:53 | 00,808,224 | ---- | M] (ABBYY Software Ltd) -- C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
PRC - [2008/03/17 14:00:00 | 07,230,736 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe
PRC - [2008/02/22 05:46:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/01/25 12:00:00 | 00,111,912 | ---- | M] (株式会社ジャストシステム) -- C:\Program Files\JustSystems\ATOK21\ATOK21MN.EXE
PRC - [2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 10:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/02/07 16:29:50 | 00,173,616 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2006/11/20 23:30:54 | 00,250,368 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
PRC - [2005/10/14 19:51:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
========== Modules (SafeList) ==========
MOD - [2009/12/31 13:23:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\security\OTL.exe
MOD - [2008/01/25 12:00:00 | 05,072,168 | ---- | M] (株式会社ジャストシステム) -- C:\WINDOWS\system32\ATOK21W.IME
MOD - [2008/01/25 12:00:00 | 00,705,832 | ---- | M] (株式会社ジャストシステム) -- C:\WINDOWS\system32\ATOK21DE.DLL
MOD - [2008/01/25 12:00:00 | 00,460,072 | ---- | M] (株式会社ジャストシステム) -- C:\WINDOWS\system32\ATOK21AE.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (WAVE Launcher Service)
SRV - File not found [Auto | Stopped] -- -- (warible)
SRV - File not found [Auto | Stopped] -- -- (ssswxplosre)
SRV - File not found [Auto | Stopped] -- -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - File not found [On_Demand | Stopped] -- -- (DAUpdaterSvc)
SRV - File not found [Auto | Stopped] -- -- (Artificial Dynamics SafeSpace Agent)
SRV - [2009/11/25 08:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 08:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 08:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/21 03:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/30 18:15:52 | 00,065,024 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/07/17 22:32:00 | 03,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2008/11/25 13:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/25 13:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/14 21:10:53 | 00,808,224 | ---- | M] (ABBYY Software Ltd) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.Lingvo.Desktop.14.0)
SRV - [2008/02/22 05:46:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/08/05 13:22:04 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2007/02/07 16:29:50 | 00,173,616 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/12/02 06:17:54 | 02,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2005/10/14 19:51:45 | 28,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://nvs.gss.ne.j...Carte/wCInit.do
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ISearch"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "ISearch"
FF - prefs.js..browser.startup.homepage: "http://ephemeris.alcuinus.net"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 2
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {7067a92c-1db4-4e5e-869c-25f841287f8b}:0.2.3
FF - prefs.js..extensions.enabledItems: {75739dec-72db-4020-aa9a-6afa6744759b}:0.3.0.20090902
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.08
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.5.7.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca}:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27
FF - prefs.js..extensions.enabledItems: {87F33C12-9641-45e5-AAF5-6215F89AF01B}:0.6.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.3.20091214_AMO
FF - prefs.js..extensions.enabledItems: {c4f1fdfb-49f5-4cb5-a4e5-3b857ca2ef95}:2.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.3
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.2.5.0
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.56
FF - prefs.js..keyword.URL: "http://www.isearch.com/?q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/29 17:00:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/29 17:00:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/29 17:00:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/12/29 17:00:00 | 00,000,000 | ---D | M]
[2008/06/27 08:29:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Mozilla\Extensions
[2009/12/30 22:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions
[2009/12/09 13:05:36 | 00,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/12/25 11:02:48 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/06/28 11:42:47 | 00,000,000 | ---D | M] (mozImage) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{2485990f-d3b0-4e57-bd0f-5abdffa70773}
[2007/11/01 15:14:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/12/02 00:58:22 | 00,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2009/10/25 19:00:05 | 00,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009/12/28 11:20:59 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2009/02/14 12:32:38 | 00,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/11/06 23:33:27 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{7067a92c-1db4-4e5e-869c-25f841287f8b}
[2009/07/25 17:12:10 | 00,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2009/12/20 07:25:31 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/09/12 11:28:58 | 00,000,000 | ---D | M] (Extension Developer) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}
[2009/12/09 13:05:30 | 00,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2008/06/28 11:58:17 | 00,000,000 | ---D | M] (Permit Cookies) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{87F33C12-9641-45e5-AAF5-6215F89AF01B}
[2007/11/01 15:14:31 | 00,000,000 | ---D | M] (Brauserix) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{8DD78DDF-6BFD-436e-A6BA-18BFFDABA53F}
[2009/06/25 12:04:38 | 00,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/09/21 11:04:49 | 00,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2007/11/01 15:14:31 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2008/07/27 19:21:43 | 00,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/11/03 00:01:45 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/28 10:29:07 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2008/11/20 00:30:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{c4f1fdfb-49f5-4cb5-a4e5-3b857ca2ef95}
[2008/07/24 12:30:56 | 00,000,000 | ---D | M] (JSView) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
[2009/12/14 22:44:31 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/30 07:19:19 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/14 22:44:25 | 00,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/12/14 22:44:07 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/08 10:55:07 | 00,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2008/06/28 11:50:21 | 00,000,000 | ---D | M] (Edit Cookies) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2009/06/05 22:59:43 | 00,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2008/03/27 14:29:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\[email protected]
[2009/11/17 10:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\[email protected]
[2008/11/02 14:26:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\[email protected]
[2009/12/17 11:16:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\SkipScreen@SkipScreen
[2007/11/01 15:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\extensions\temp
[2006/11/25 00:15:30 | 00,001,215 | ---- | M] () -- C:\Documents and Settings\brett\Application Data\Mozilla\Firefox\Profiles\zxkjzl8j.default\searchplugins\isearch.xml
[2009/12/30 22:30:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/10 15:54:03 | 00,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2007/02/04 23:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/12/14 12:48:56 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/09/10 13:49:14 | 05,817,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
O1 HOSTS File: (371255 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 12779 more lines...
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Acrobat Speed Launcher.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\IPv6アドレス取得ツール(NTT西日本).lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\SnagIt 7.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Tester activation.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\スタートアップツール for ATOK 2008.lnk = C:\Program Files\JustSystems\ATOK21\ATOK21PC.EXE (株式会社ジャストシステム)
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\スタートアップツール.lnk = C:\WINDOWS\Installer\{2C8A6306-401F-4F78-B425-E966B4A6C53D}\_AA780967D620A088EF31CB.exe ()
O4 - Startup: C:\Documents and Settings\brett\スタート メニュー\プログラム\スタートアップ\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE File not found
O9 - Extra 'Tools' menuitem : Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE File not found
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193840258343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.24.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (現在のホーム ページ) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/16 17:24:49 | 00,000,025 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/01 06:44:13 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 14 Days ==========
[2009/12/31 13:11:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/31 10:49:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/31 10:48:27 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/31 10:48:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\brett\Application Data\SUPERAntiSpyware.com
[2009/12/30 23:32:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\brett\D-Fend Reloaded
[2009/12/30 23:32:48 | 00,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2009/12/30 16:57:21 | 00,000,000 | ---D | C] -- C:\security
[2009/12/29 14:43:46 | 00,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2010
[2009/12/29 12:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\brett\My Documents\Downloads
[2009/12/28 12:28:44 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/28 12:28:44 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/28 12:28:44 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/28 12:28:43 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/28 12:28:42 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/28 12:28:42 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/28 12:28:42 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/28 12:28:42 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/28 12:28:13 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/28 12:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/28 12:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/28 12:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/28 12:23:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/28 12:23:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/28 11:34:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\brett\Application Data\Malwarebytes
[2009/12/28 11:34:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/28 11:34:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/28 11:34:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/28 11:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/27 18:47:36 | 00,000,000 | ---D | C] -- C:\Program Files\VIR
[2009/12/24 12:08:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/12/23 16:45:04 | 04,231,680 | ---- | C] (GetFLV) -- C:\WINDOWS\System32\vbsgf.dll
[2009/12/23 16:45:03 | 00,000,000 | ---D | C] -- C:\Program Files\GetFLV
[2009/12/23 16:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\brett\Application Data\DonationCoder
[2009/12/23 16:18:28 | 00,156,672 | ---- | C] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2009/12/23 16:18:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\brett\My Documents\My Recordings
[2009/12/23 16:15:21 | 00,323,584 | ---- | C] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2009/12/23 16:12:42 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Media Catcher
[2009/12/23 16:12:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher
[2009/12/23 16:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\URLSnooper2
[2009/12/23 16:06:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2009/12/23 15:48:45 | 00,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2009/12/21 11:29:42 | 00,000,000 | ---D | C] -- C:\ASK Video
[2009/12/21 00:29:18 | 01,177,600 | ---- | C] (AD) -- C:\WINDOWS\System32\SYNSOEMU.DLL
[2009/12/21 00:29:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2009/12/21 00:26:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2009/12/21 00:09:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2009/12/21 00:09:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2009/12/20 23:54:28 | 00,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2009/12/20 23:53:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\brett\Application Data\Steinberg
[2009/12/20 18:01:47 | 01,870,336 | ---- | C] (Native Instruments Software Synthesis GmbH) -- C:\WINDOWS\System32\bconvert.dll
[2009/12/19 07:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\brett\My Documents\Native Instruments
[2009/12/19 07:41:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2009/12/19 07:41:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2009/12/19 07:40:19 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
[2009/12/19 07:39:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
[2009/12/19 07:36:54 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2009/12/19 07:36:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2009/12/19 07:35:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2009/12/19 07:35:39 | 00,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2009/12/18 23:47:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2008/12/22 23:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Justsystem
[2008/12/22 23:30:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/09/20 11:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Justsystem
[2007/12/25 20:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/01 18:48:05 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2007/11/01 18:48:05 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2004/11/25 03:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2019/06/08 11:09:22 | 10,504,384 | ---- | M] () -- C:\Documents and Settings\brett\My Documents\V_200029.WMA
[2009/12/31 14:08:32 | 00,013,698 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/31 14:08:28 | 00,027,839 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/12/31 14:08:28 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\スタートアップツール.lnk
[2009/12/31 14:08:06 | 00,161,095 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/31 14:07:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/31 14:07:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/31 13:32:59 | 15,466,496 | -H-- | M] () -- C:\Documents and Settings\brett\NTUSER.DAT
[2009/12/31 13:32:59 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\brett\ntuser.ini
[2009/12/31 13:11:18 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\brett\デスクトップ\NTREGOPT.lnk
[2009/12/31 13:11:18 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\brett\デスクトップ\ERUNT.lnk
[2009/12/31 12:19:44 | 03,179,004 | -H-- | M] () -- C:\Documents and Settings\brett\Local Settings\Application Data\IconCache.db
[2009/12/31 01:41:52 | 00,027,839 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/12/30 23:33:52 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\D-Fend Reloaded.lnk
[2009/12/30 21:54:02 | 00,002,411 | ---- | M] () -- C:\Documents and Settings\brett\デスクトップ\HiJackThis.lnk
[2009/12/30 17:24:43 | 00,001,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 22:00:38 | 00,069,120 | ---- | M] () -- C:\Documents and Settings\brett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/29 19:35:04 | 00,001,584 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2009/12/29 18:30:38 | 00,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2009/12/29 16:59:30 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\QuickTime Player.lnk
[2009/12/29 16:55:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/29 14:43:51 | 00,000,761 | ---- | M] () -- C:\Documents and Settings\brett\デスクトップ\Your Uninstaller!.lnk
[2009/12/29 13:37:34 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\Amaya.lnk
[2009/12/28 12:44:54 | 00,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\Malwarebytes' Anti-Malware.lnk
[2009/12/28 12:28:45 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\avast! Antivirus.lnk
[2009/12/28 12:28:42 | 00,003,058 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/28 01:28:05 | 00,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2009/12/25 11:00:58 | 00,371,255 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/24 12:32:04 | 01,087,726 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/24 12:32:04 | 00,535,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/24 12:32:04 | 00,322,602 | ---- | M] () -- C:\WINDOWS\System32\perfh011.dat
[2009/12/24 12:32:04 | 00,107,390 | ---- | M] () -- C:\WINDOWS\System32\perfc011.dat
[2009/12/24 12:32:04 | 00,107,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/24 12:26:33 | 01,621,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/24 12:18:36 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/24 12:15:45 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/23 16:45:19 | 00,000,606 | ---- | M] () -- C:\Documents and Settings\brett\デスクトップ\GetFLV.lnk
[2009/12/23 16:20:20 | 00,000,046 | ---- | M] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2009/12/23 16:18:44 | 00,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/12/23 16:18:44 | 00,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2009/12/23 16:18:41 | 00,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2009/12/23 16:11:00 | 00,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\Replay Media Catcher.lnk
[2009/12/23 16:11:00 | 00,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\Flash Video Player.lnk
[2009/12/23 16:06:51 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\brett\デスクトップ\URLSnooper 2.lnk
[2009/12/23 15:49:53 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\-1
[2009/12/23 13:46:47 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\Sothink FLV Player.lnk
[2009/12/23 13:46:44 | 00,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\Sothink Web Video Downloader.lnk
[2009/12/20 23:54:30 | 00,001,704 | ---- | M] () -- C:\Documents and Settings\brett\デスクトップ\Cubase 5.lnk
[2009/12/19 07:44:52 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\デスクトップ\Guitar Rig 4.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/12/31 13:11:18 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\brett\デスクトップ\NTREGOPT.lnk
[2009/12/31 13:11:18 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\brett\デスクトップ\ERUNT.lnk
[2009/12/30 23:33:52 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\D-Fend Reloaded.lnk
[2009/12/30 18:24:37 | 00,002,411 | ---- | C] () -- C:\Documents and Settings\brett\デスクトップ\HiJackThis.lnk
[2009/12/29 16:59:30 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\QuickTime Player.lnk
[2009/12/29 14:43:51 | 00,000,761 | ---- | C] () -- C:\Documents and Settings\brett\デスクトップ\Your Uninstaller!.lnk
[2009/12/29 13:37:34 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\Amaya.lnk
[2009/12/28 12:28:45 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\avast! Antivirus.lnk
[2009/12/28 11:34:29 | 00,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\Malwarebytes' Anti-Malware.lnk
[2009/12/24 12:15:45 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/23 16:45:19 | 00,000,606 | ---- | C] () -- C:\Documents and Settings\brett\デスクトップ\GetFLV.lnk
[2009/12/23 16:45:04 | 00,641,024 | ---- | C] () -- C:\WINDOWS\System32\gfkernel.dll
[2009/12/23 16:45:04 | 00,641,024 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dat
[2009/12/23 16:20:20 | 00,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2009/12/23 16:18:28 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/12/23 16:11:00 | 00,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\Replay Media Catcher.lnk
[2009/12/23 16:11:00 | 00,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\Flash Video Player.lnk
[2009/12/23 16:06:51 | 00,000,655 | ---- | C] () -- C:\Documents and Settings\brett\デスクトップ\URLSnooper 2.lnk
[2009/12/23 15:49:52 | 00,000,068 | ---- | C] () -- C:\WINDOWS\System32\-1
[2009/12/23 13:46:47 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\Sothink FLV Player.lnk
[2009/12/23 13:46:44 | 00,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\Sothink Web Video Downloader.lnk
[2009/12/20 23:54:30 | 00,001,704 | ---- | C] () -- C:\Documents and Settings\brett\デスクトップ\Cubase 5.lnk
[2009/12/19 07:44:52 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\デスクトップ\Guitar Rig 4.lnk
[2009/12/03 18:14:17 | 00,007,168 | ---- | C] () -- C:\WINDOWS\libDSPXUtils.dll
[2009/12/02 18:31:46 | 00,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2009/12/01 11:55:19 | 00,001,584 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/10/29 13:04:00 | 00,001,682 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/29 13:04:00 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\2CDE2E6588.sys
[2009/10/26 11:56:49 | 00,002,031 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2009/10/21 03:19:30 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/02 19:40:25 | 00,000,452 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2009/09/22 15:29:29 | 00,000,045 | ---- | C] () -- C:\WINDOWS\juman.ini
[2009/08/09 14:58:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/05/16 20:09:40 | 00,000,608 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2009/05/16 20:09:40 | 00,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/04/24 15:23:33 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/04/20 15:50:01 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/03/31 23:47:21 | 00,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/03/15 17:29:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\UT_VM.dll
[2009/02/09 23:57:13 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/12/21 10:59:08 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/12/21 10:59:07 | 00,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/25 15:01:44 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\fmd.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/19 23:50:15 | 00,000,639 | ---- | C] () -- C:\WINDOWS\tlknw20.ini
[2008/09/19 12:17:45 | 00,000,618 | ---- | C] () -- C:\WINDOWS\tlknw28.ini
[2008/09/18 00:38:41 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/09/18 00:38:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/09/18 00:38:40 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/09/18 00:38:38 | 00,000,173 | ---- | C] () -- C:\WINDOWS\YdpDict.ini
[2008/08/17 12:43:26 | 00,000,048 | ---- | C] () -- C:\Documents and Settings\brett\Application Data\msdreg.dat
[2008/08/16 22:42:48 | 00,000,060 | ---- | C] () -- C:\WINDOWS\BlueFace.INI
[2008/08/16 21:39:18 | 00,001,928 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
[2008/08/14 10:21:20 | 00,000,032 | ---- | C] () -- C:\WINDOWS\ollysnake.ini
[2008/07/31 00:37:55 | 00,000,049 | ---- | C] () -- C:\WINDOWS\CyrKbd.ini
[2008/07/13 21:46:42 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/06/26 12:53:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/05/06 11:47:52 | 00,004,096 | R--- | C] () -- C:\WINDOWS\System32\detoured.dll
[2008/04/30 11:38:14 | 00,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008/04/07 14:04:49 | 00,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/04/07 14:04:49 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/02/10 16:36:27 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/02/01 08:04:20 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/12/29 16:49:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/12/24 17:12:37 | 00,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/18 23:28:53 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/12/13 21:55:47 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/13 21:55:47 | 00,440,320 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/12/13 21:55:47 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/04 15:33:08 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2007/12/02 11:41:57 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/01 21:15:05 | 00,001,047 | ---- | C] () -- C:\WINDOWS\EDVIEWER.INI
[2007/11/29 08:54:47 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PS_setup.ini
[2007/11/25 23:53:18 | 00,000,803 | ---- | C] () -- C:\WINDOWS\SUPERLEX.INI
[2007/11/25 23:49:41 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/11/23 20:53:44 | 00,003,227 | ---- | C] () -- C:\Documents and Settings\brett\Application Data\glide_wrapper.zbag.ini
[2007/11/16 19:35:27 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2007/11/08 15:58:30 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\brett\Local Settings\Application Data\fusioncache.dat
[2007/11/05 21:30:24 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/11/05 21:30:24 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/11/05 21:30:24 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/11/05 21:30:23 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/11/05 21:30:23 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/11/04 01:20:15 | 00,000,175 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/01 23:12:08 | 00,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/11/01 23:12:06 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/11/01 19:14:09 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/11/01 17:37:28 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2007/11/01 16:08:46 | 00,069,120 | ---- | C] () -- C:\Documents and Settings\brett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/01 11:02:44 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/01 11:02:44 | 01,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/01 11:02:44 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/01 11:02:44 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/01 10:49:57 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/07 08:22:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/03/12 21:31:28 | 01,732,608 | ---- | C] () -- C:\WINDOWS\System32\BCGPStyle2007Luna.dll
[2006/10/24 09:20:18 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll
[2006/10/24 09:15:50 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\imsise.dll
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/06/20 01:45:22 | 00,258,048 | ---- | C] () -- C:\WINDOWS\glide3x.dll
[2005/06/20 01:45:18 | 00,262,144 | ---- | C] () -- C:\WINDOWS\glide2x.dll
[2004/08/22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/06/11 06:14:07 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\imslevel.dll
[2004/01/12 17:32:52 | 00,249,910 | ---- | C] () -- C:\WINDOWS\System32\VIR_Lib.dll
[2003/04/03 21:00:00 | 00,229,088 | ---- | C] () -- C:\WINDOWS\System32\lanman.drv
[2003/04/03 21:00:00 | 00,065,392 | ---- | C] () -- C:\WINDOWS\System32\msimek.sys
[2003/04/03 21:00:00 | 00,054,700 | ---- | C] () -- C:\WINDOWS\System32\$ias.sys
[2003/04/03 21:00:00 | 00,044,496 | ---- | C] () -- C:\WINDOWS\System32\msimei.sys
[2003/04/03 21:00:00 | 00,042,841 | ---- | C] () -- C:\WINDOWS\System32\key02.sys
[2003/04/03 21:00:00 | 00,042,633 | ---- | C] () -- C:\WINDOWS\System32\keyax.sys
[2003/04/03 21:00:00 | 00,039,808 | ---- | C] () -- C:\WINDOWS\System32\msime.sys
[2003/04/03 21:00:00 | 00,027,956 | ---- | C] () -- C:\WINDOWS\System32\appsicon.dll
[2003/04/03 21:00:00 | 00,020,688 | ---- | C] () -- C:\WINDOWS\System32\$disp.sys
[2003/04/03 21:00:00 | 00,013,597 | ---- | C] () -- C:\WINDOWS\System32\msimed.sys
[2003/04/03 21:00:00 | 00,004,701 | ---- | C] () -- C:\WINDOWS\System32\kkcfunc.sys
[2003/04/03 21:00:00 | 00,004,125 | ---- | C] () -- C:\WINDOWS\System32\$prnescp.sys
[2003/04/03 21:00:00 | 00,002,990 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys
[2003/04/03 21:00:00 | 00,000,901 | ---- | C] () -- C:\WINDOWS\System32\ntfont.sys
[2003/04/03 21:00:00 | 00,000,852 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys
[2002/10/07 03:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 08:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 08:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 08:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
========== LOP Check ==========
[2008/02/08 23:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/12/01 23:59:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artificial Dynamics
[2007/11/01 18:22:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/11/20 23:34:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/11/17 23:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/08/15 21:56:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2008/06/28 15:57:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CambridgeSoft
[2009/09/29 00:04:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2009/12/23 16:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2007/11/05 21:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/12/19 07:41:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2009/11/25 13:44:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/11/04 01:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/03/15 18:25:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PRMT
[2008/02/01 08:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/12/21 00:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2009/01/25 13:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/12/31 13:53:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/17 23:37:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2007/11/29 08:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/12/21 00:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2009/12/19 07:41:35 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2009/12/19 07:40:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
[2008/09/17 23:37:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{53DDDDA7-EBF3-4523-BD4F-F0B48B818C1B}
[2009/09/03 13:00:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{93A26C09-F616-4638-9531-4BEF144B1A69}
[2009/12/19 07:39:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
[2009/12/19 07:45:32 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2009/12/19 07:36:13 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2009/12/19 07:36:54 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2009/12/29 13:42:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\.anki
[2007/12/03 00:31:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\.bsnes
[2008/02/08 23:03:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\ACD Systems
[2009/09/28 18:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Antares
[2009/03/16 22:56:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Audacity
[2007/11/29 23:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Azureus
[2009/11/21 00:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Babylon
[2008/03/29 12:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\BitTorrent
[2009/08/15 19:10:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\BitTyrant
[2007/11/05 18:36:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Cakewalk
[2008/06/17 12:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Canon
[2008/07/14 13:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Clue
[2008/08/14 10:47:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Datarescue
[2009/12/23 16:20:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\DonationCoder
[2008/02/23 12:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Echo Software
[2008/07/25 15:40:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Ectaco
[2009/12/14 12:49:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Foxit
[2009/10/23 22:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Games
[2008/05/09 11:42:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\gtk-2.0
[2007/12/17 13:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\i4
[2007/11/30 01:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Inspiration Software
[2008/09/11 22:27:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Justsystem
[2009/12/09 13:26:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Korg
[2009/11/02 01:28:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Leadertech
[2008/06/28 14:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Lionhead Studios
[2009/04/30 15:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\mplayer
[2008/08/17 12:43:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\MSDict
[2009/10/02 20:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\MusE
[2009/12/05 21:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Music Recognition
[2009/12/02 11:11:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\NetMedia Providers
[2008/11/23 21:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\OpenOffice.org
[2009/03/15 18:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\PRMT
[2009/12/02 11:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Propellerhead Software
[2007/11/08 16:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Publish Providers
[2009/05/24 15:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\PyScripter
[2007/11/18 16:50:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\RadiantSettings
[2009/12/02 14:26:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\REAPER
[2009/12/02 11:11:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Sony
[2009/12/21 00:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Steinberg
[2008/12/01 22:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Stellarium
[2007/11/01 09:53:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\SystemRequirementsLab
[2007/11/01 15:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Thunderbird
[2009/12/24 01:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\TotalRecorder
[2009/12/29 14:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\URSoft
[2009/12/30 00:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\uTorrent
[2009/02/22 15:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\VanDale
[2007/12/13 12:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\WinMX Music
[2009/06/06 23:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\Wireshark
[2009/07/06 15:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\brett\Application Data\xm1
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/04/14 03:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 03:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 15:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2003/04/03 21:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/14 03:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 03:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 14:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2004/08/04 16:55:11 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6013080F0A7551D5B599CDBEB72A0903 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 11:25:50 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=BA772C4BE222DEA00BFDF1D63DB428CB -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 11:25:50 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=BA772C4BE222DEA00BFDF1D63DB428CB -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: IASTOR.SYS >
[2007/02/12 13:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\dell\drivers\R154200\iastor.sys
< MD5 for: NETLOGON.DLL >
[2004/08/04 16:55:20 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=54104E2AF7A0578E22A3F973CFE9EEEA -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 11:25:55 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=BF2BC608180C67A535BF07F52E5842A5 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 11:25:55 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=BF2BC608180C67A535BF07F52E5842A5 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 16:55:24 | 00,175,104 | ---- | M] (Microsoft Corporation) MD5=394814C58864702C1988044BAB75DC06 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 11:25:59 | 00,176,128 | ---- | M] (Microsoft Corporation) MD5=3EF97982126C0C03C7F055B5BA13360E -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 11:25:59 | 00,176,128 | ---- | M] (Microsoft Corporation) MD5=3EF97982126C0C03C7F055B5BA13360E -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 11:24:19 | 00,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101.dll
[2008/04/14 11:24:19 | 00,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd106.dll
[2008/04/14 11:24:19 | 00,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbdnec.dll
[2009/02/09 19:52:32 | 00,636,416 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdll.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\brett\My Documents\V_200029.WMA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\brett\My Documents\Roho.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\brett\My Documents\Hakurozan.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\brett\My Documents\Great_Teacher_Onizuka_-_34_[id-tv.blogspot.com].avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\brett\My Documents\dictcapture1.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\brett\My Documents\2007 Tax return slips.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\brett\My Documents\[Soldats] Monster - 04.avi:Roxio EMC Stream
@Alternate Data Stream - 520 bytes -> C:\Documents and Settings\brett\My Documents\IfIFell.mid:{8AE92B1A-88F3-440a-8E61-32CCE1B60EDB}
@Alternate Data Stream - 520 bytes -> C:\Documents and Settings\brett\My Documents\AHardDaysNight.mid:{8AE92B1A-88F3-440a-8E61-32CCE1B60EDB}
@Alternate Data Stream - 346873 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6F9610D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
< End of report >
OTL Extras logfile created on: 2009/12/31 14:29:31 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 2.24 Gb Free Space | 2.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BRETT-0HK85V6C6
Current User Name: brett
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = NetscapeMarkup] -- C:\PROGRA~1\Netscape\COMMUN~1\Program\netscape.exe File not found
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\quickset.exe" = C:\WINDOWS\system32\quickset.exe:*:Enabled:UPnP Firewall -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Quake III Arena\quake3.exe" = C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3 -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Program Files\QQ\Africa2003\QQ.exe" = C:\Program Files\QQ\Africa2003\QQ.exe:*:Enabled:QQ -- File not found
"C:\Program Files\Tencent\QQ\QQ.exe" = C:\Program Files\Tencent\QQ\QQ.exe:*:Enabled:QQ -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:μTorrent -- (BitTorrent, Inc.)
"C:\Program Files\IDA\idag.exe" = C:\Program Files\IDA\idag.exe:*:Enabled:Interactive Disassembler (32-bit) -- (Datarescue sa/nv)
"C:\Program Files\IDA\idag64.exe" = C:\Program Files\IDA\idag64.exe:*:Enabled:Interactive Disassembler (64-bit) -- (Datarescue sa/nv)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\Mobile Systems\MSDict\MSDictWin.exe" = C:\Program Files\Mobile Systems\MSDict\MSDictWin.exe:*:Enabled:MSDict Viewer -- (Mobile Systems, Inc.)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\BitTyrant\Azureus.exe" = C:\Program Files\BitTyrant\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"C:\Program Files\Vidalia Bundle\Tor\tor.exe" = C:\Program Files\Vidalia Bundle\Tor\tor.exe:*:Enabled:tor -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe" = C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe -- ()
"C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe" = C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe -- (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"E:\Program Files\Dragon Age\bin_ship\daorigins.exe" = E:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- File not found
"E:\Program Files\Dragon Age\DAOriginsLauncher.exe" = E:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- File not found
"E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- File not found
"E:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = E:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- File not found
"E:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = E:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- File not found
"E:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = E:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- File not found
"E:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = E:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- File not found
"E:\Program Files\Dragon Age\tools\DragonAgeToolset.exe" = E:\Program Files\Dragon Age\tools\DragonAgeToolset.exe:*:Enabled:Dragon Age Toolset -- File not found
"E:\Program Files\Dragon Age\tools\RPU.exe" = E:\Program Files\Dragon Age\tools\RPU.exe:*:Enabled:Dragon Age Toolset RPU -- File not found
"E:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe" = E:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe:*:Enabled:Dragon Age Toolset Lightmapper -- File not found
"C:\WINDOWS\system32\regsvr32.exe" = C:\WINDOWS\system32\regsvr32.exe:*:Enabled:Microsoft© Register Server -- (Microsoft Corporation)
"C:\Documents and Settings\brett\Local Settings\Temp\MvNetdhcp.exe" = C:\Documents and Settings\brett\Local Settings\Temp\MvNetdhcp.exe:*:Enabled:28132 -- File not found
"C:\Documents and Settings\brett\Local Settings\Temp\ntexplore.exe" = C:\Documents and Settings\brett\Local Settings\Temp\ntexplore.exe:*:Enabled:906567 -- File not found
"C:\Documents and Settings\brett\Local Settings\Temp\a2dspi.exe" = C:\Documents and Settings\brett\Local Settings\Temp\a2dspi.exe:*:Enabled:a2dspi.exe -- File not found
"C:\Documents and Settings\brett\Local Settings\Temp\halvsc.exe" = C:\Documents and Settings\brett\Local Settings\Temp\halvsc.exe:*:Enabled:77404 -- File not found
"C:\Documents and Settings\brett\Local Settings\Temp\crssc.exe" = C:\Documents and Settings\brett\Local Settings\Temp\crssc.exe:*:Enabled:crssc.exe -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\quickset.exe" = C:\WINDOWS\system32\quickset.exe:*:Enabled:UPnP Firewall -- File not found
"C:\WINDOWS\TEMP\xlbc.tmp\svchost.exe" = C:\WINDOWS\TEMP\xlbc.tmp\svchost.exe:*:Enabled:353535599 -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{090D0218-BE60-4D89-A1FD-83BFEB0C8E05}" = SlovoEd Deluxe 6.3 English-Russian
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E3C30D6-338B-4930-838B-F026964DA18D}" = Personal Dictionary for EIJIRO II
"{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{146303B2-EA46-4BFB-8054-FC75A0D0088B}" = VOCALOID Voice DB (Miriam)
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1864B4F0-7777-4A57-9930-C2B307597966}" = MusicLab RealGuitar 2.0
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CC77244-09F3-443C-9A53-6520CECB0020}" = Exercitia Latina
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{1F45C99D-D5F7-4784-8A5A-DC19DDA2F051}" = Familia Romana
"{20D9BFA9-E303-48D0-9175-4FB67FF0B835}" = GrammarPro!
"{218A55DF-0FF0-4BBE-9020-AD2E57B2B9A6}" = NDoc 1.3
"{230CCBE9-14B0-4008-97AF-30C10F99E42C}" = ArcSoft PhotoStudio 5.5
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A1B0AD5-9DD9-4D03-AC41-BE5FDFB762FF}" = Windows Presentation Foundation Language Pack (JPN)
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C8A6306-401F-4F78-B425-E966B4A6C53D}" = スタートアップツール
"{2CD6D5FD-4847-489E-9502-CFB6C1455FFC}" = Python nltk-2.0b4
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{34E128CA-F8DC-4D25-898E-58F3DF8F7F2C}_is1" = memoWORDS Russian Free 1.0
"{350C97B1-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{377B0725-8AA2-47AB-9F31-E2C4CFBE0F47}" = LINGO 11.0
"{37EF63D9-3E31-45A9-A90F-BDE07CE88095}" = Sibelius Scorch (all browsers)
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A30DFDF-238C-4DE4-B8D8-D764AF468AA5}" = KORG USB-MIDI Driver Tools for Windows
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes versus Jack the Ripper
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{44F77FBE-828D-4B04-A02B-C70426F65C86}" = VOCALOID Expression DB (Miriam)
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{4B9757A7-810A-4BD8-BCEC-6989FDC09394}" = ATOK 2008
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51B6E32D-5FE8-4A07-AD54-43B5A383883E}_is1" = V1.2.1
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553E9F67-799C-4C97-B652-FDF219EB8A4B}" = Oxford English-Russian Dictionary
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55641498-D428-4EE8-9694-5534706C4A62}" = JUSTオンラインアップデート
"{55CD2575-CD3C-40CC-A492-3BBBDE44D811}" = Visual Prolog 7.2 Personal Edition
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{579BD25E-8A86-44A3-8845-C430F23C373E}" = LanguageNow - Latin
"{58206080-3E1F-4418-8117-D190FC71BF58}" = RealStrat 1.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E09FA7C-4B4A-46FB-A554-B7A88E8D7B62}" = Melodyne 3.2
"{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1" = Community Expansion Pack version 1.01b
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63686BEF-04CA-461C-B364-53BBC322F7BF}" = Sherlock Holmes Nemesis
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{699FBC32-57E8-4258-A311-923FC971B3AA}" = Russian Phonetic YaWert - RusWin.net
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A09FF5F-C19B-445A-98E5-23AD860493C3}" = NextUp.com-NeoSpeech Paul16 Voice
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C15DC29-040C-433F-B1AE-783D37E9C08B}" = Python 2.6 pygame-1.9.1
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AAEC5C-BA64-4655-A7B7-67874574530B}" = e-tax 2009
"{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi
"{76AA11B8-F691-46E5-A527-799B7D9EECFF}" = NextUp.com-NeoSpeech Japanese Show16 Voice
"{7748DBCD-E811-49ec-96E3-1C9F3336E3E3}" = ATOK辞書・辞典の削除
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{79CE4140-DC0C-42C2-BDC5-705CFB9D858B}" = "mora win" type1 plug-in
"{7BA37596-55EA-4B8C-AA9E-F8B1DF853A26}" = Microsoft .NET Framework 3.0 Japanese Language Pack
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7E351356-81B3-4339-96FA-04A1F652CF2C}" = Dizionario Oxford-Paravia
"{82B9A04E-80C3-11D7-875A-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{869A829F-7952-4825-AA1E-7F4E669162A8}" = 百年プリント@コニカミノルタ注文用ソフトウェア
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8BBB3758-6759-4086-835B-1D665DBE979F}" = VOCALOID SKIN (Zero-G MIRIAM)
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C52A46C-7961-4A81-AB4B-92CF65CB4772}_is1" = Sothink Web Video Downloader
"{8CAE7CB3-B7C0-41A2-B2E3-9BD16124A091}" = EasyInfo
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{907A5FE4-2A3B-4BAA-B992-C07F06C32EF9}" = Emulator Images for Windows Mobile 5.0 with MSFP
"{9129446E-F7AB-4FC5-8FCF-8EC3384F8212}" = Windows Workflow Foundation JA Language Pack
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{977CEF18-AB33-4C8C-8D6A-B05972CA3F6C}" = UltraEdit v14.00a
"{982F3C5C-6157-11D7-875A-0090CC005647}" = PIF DESIGNER2.1
"{9B89EB0D-68C3-4E5D-A705-CD8D37DABF50}" = VOCALOID Expression DB (Standard)
"{9BA2156D-EB9A-4B4C-BAD7-2CD3FA4AA26F}" = 筆王2005[SELECT]
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}" = Enter The Matrix
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{9DBAFB61-EF34-4A5B-9DA2-623FE13E6B1C}" = Lingua Latina Per Se Illustrata
"{A110A03C-BB6D-48A4-A6D6-D8ECB05E9683}" = Visual Prolog Examples
"{A1400000-0000-0000-0000-074957833700}" = ABBYY Lingvo x3
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.2
"{A267A14C-6FDA-41A1-8B22-50A5D1E4444E}" = Mathematica 5
"{A29CB961-AE05-4CB8-AD3F-7452843732CB}" = Windows Communication Foundation Language Pack - JPN
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"{A8B6F571-EA7C-4128-811A-E1CD38334387}" = Microsoft .NET Framework 2.0 Language Pack - JPN
"{A9301434-CEF4-4BA6-B404-117AB1CC8208}" = EPSON Multi-PrintQuicker
"{AAE4B36C-7A25-4513-975B-ACE7437572A0}" = Korg Kontrol Editor
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}" = VOCALOID Editor V1.1.1.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BF0517BA-240B-471F-824B-3BAA55A12857}" = New Zealand Maori Keyboard
"{BFA5441E-B7E6-46F5-A15D-1B74707AE93A}" = ACID Pro 7.0
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies™ Stunts & Effects
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3986D16-9FF3-4F0E-B198-321E7995C256}" = VoiceText-TTS-NeoSpeech-Japanese-Voice-Misaki
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{C6790A71-65B6-484E-808A-180092CF8747}" = Clue 7.3
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA97B421-06CB-4040-8EC9-6ED02EA87930}" = Microsoft DirectX SDK (November 2007)
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype? 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E207AC33-470A-4DBD-BEE0-8156848144EB}" = Concise Oxford-Paravia Italian Dictionary
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBF842A1-1B1D-4AEC-8CF2-3B168E839999}" = Artificial Dynamics SafeSpace 2.0.41
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{EF3F2EF6-FBF4-4773-8FE6-9422EE3DAF1C}" = Byki
"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional
"{EFC8558B-34C1-4981-B90E-A764CEAB297E}" = Dragon BASIC
"{EFF9D22F-2549-4A83-A7F1-BF6776A499AD}" = @promt Expert 8 English Giant
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F377AA9E-D12C-11D4-A4ED-00C04F25604E}" = API Monitor 1.5
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{FAC611DA-E445-4D7A-8311-7389C627FA32}" = VOCALOID VSTi V1.1.1.0
"{FD391DC6-0714-4DE3-8661-199BD4A4703F}" = KRyLack Password Recovery
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"「MyEPSON」アシスタント" = 「MyEPSON」アシスタント
"Absolute MP3 Splitter_is1" = Absolute MP3 Splitter version 2.7.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Amaya" = Amaya
"Anki" = Anki
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"AnyDVD" = AnyDVD
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"APIS32" = APIS32
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"Azureus Vuze" = Azureus Vuze
"Babylon" = Babylon
"BB_is1" = Band-in-a-Box 2008 Update
"Bears and Bees" = Bears and Bees 1.0
"Bink and Smacker" = Bink and Smacker
"BitLord" = BitLord 1.1
"BitTyrant" = BitTyrant
"Blender" = Blender (remove only)
"Bome's Mouse Keyboard_is1" = Bome's Mouse Keyboard 2.00
"Byki Express" = Byki Express
"CDisplay_is1" = CDisplay 1.8
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"comtypes-py2.5" = Python 2.5 comtypes-0.5.1
"Cyrillic Starter Kit 5.0" = Cyrillic Starter Kit 5.0
"devkitProUpdater" = devkitProUpdater 1.4.9
"D-Fend Reloaded" = D-Fend Reloaded 0.9.0 (deinstall)
"D-Fend v2" = D-Fend v2
"DVD Shrink_is1" = DVD Shrink 3.2
"Earope Advanced Ear Training_is1" = Earope Advanced Ear Training v1.65
"eMule" = eMule
"EPSON PM-G700 操作ガイド" = EPSON PM-G700 操作ガイド
"EPSON Printer and Utilities" = EPSONプリンタドライバ・ユーティリティ
"ERUNT_is1" = ERUNT 1.1j
"eSpeak_is1" = eSpeak version 1.40.01
"e-tax 2008" = e-tax 2008
"Exult" = Exult Version 1.2
"Exult Studio_is1" = Exult Studio CVS
"FollowMe" = FollowMe
"FormatFactory" = FormatFactory 2.10
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Game Maker 7.0" = Game Maker 7.0
"GCFScape_is1" = GCFScape 1.6.7
"GetFLV Pro 8.8.7.2_is1" = GetFLV Pro
"GlidewrapZbag" = zeckensack's Glide wrapper (remove only)
"Glpk-4.9_is1" = GnuWin32: Glpk-4.9
"GNU Prolog_is1" = GNU Prolog version 1.3.1
"Handbrake" = HandBrake 0.9.3
"Hide IP Platinum_is1" = Hide IP Platinum 3.43
"HijackThis" = HijackThis 1.99.1
"IDA Pro_is1" = IDA Pro Advanced v5.2 with WinCE v5.0 debugger
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImTOO DVD Ripper Platinum 5" = ImTOO DVD Ripper Platinum 5
"Inspiration 8" = Inspiration 8
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"InstallShield_{A267A14C-6FDA-41A1-8B22-50A5D1E4444E}" = Mathematica 5
"InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"intelliScore Ensemble" = intelliScore Ensemble
"Interlex_is1" = Interlex 2.5
"IORTutorial" = IORTutorial
"JUMAN_is1" = JUMAN 5.1
"LHTTSFRF" = L&H TTS3000 Fran軋is
"LHTTSGED" = L&H TTS3000 Deutsch
"LHTTSITI" = L&H TTS3000 Italiano
"LHTTSPTB" = L&H TTS3000 Portugu黌 (Brasil)
"LHTTSRUR" = L&H TTS3000 Russian
"LHTTSSPE" = L&H TTS3000 Espal
"LingvoSoft Talking Dictionary 2008 English<->Russian for Windows" = LingvoSoft Talking Dictionary 2008 English<->Russian for Windows
"LingvoSoft Talking Dictionary 2008 English<->Swedish for Windows" = LingvoSoft Talking Dictionary 2008 English<->Swedish for Windows
"LingvoSoft Talking PhraseBook 2007 English<->Swedish for Windows" = LingvoSoft Talking PhraseBook 2007 English<->Swedish for Windows
"Lua_is1" = Lua 5.1.4.21
"Macaw_is1" = Macaw 301
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Map001" = Map001
"MeCab_is1" = MeCab 0.98pre3
"MediaNavigation.APEpson" = アルバムプリント for EPSON
"MFGS1_1_is1" = Master Flatpick Guitar Volume 1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - JPN" = Microsoft .NET Framework 2.0 日本語 Language Pack
"Microsoft .NET Framework 3.0 Japanese Language Pack" = Microsoft .NET Framework 3.0 日本語 Language Pack
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MiKTeX 2.7" = MiKTeX 2.7
"MJGSolo_1-4_is1" = Master Jazz Guitar Solos SuperPAK
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MuseScore 0.9" = MuseScore 0.9 MuseScore score typesetter
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments GuitarRig Mobile IO Driver" = Native Instruments GuitarRig Mobile IO Driver
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS" = Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
"Nazghul_0.6.0" = Nazghul 0.6.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Ogg Codecs" = Ogg Codecs 0.81.15562
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Oxford dictionary" = Oxford dictionary
"PDF Image Extraction Wizard 3.1_is1" = PDF Image Extraction Wizard 3.1
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"PIL-py2.5" = Python 2.5 PIL-1.1.6
"PowerISO" = PowerISO
"Privoxy" = Privoxy 3.0.6
"py2exe-py2.5" = Python 2.5 py2exe-0.6.9
"pycairo-py2.5" = Python 2.5 pycairo-1.4.12
"pygobject-py2.5" = Python 2.5 pygobject-2.14.2
"pygtk-py2.5" = Python 2.5 pygtk-2.12.1
"pysqlite-py2.5" = Python 2.5 pysqlite-2.5.5
"pywin32-py2.5" = Python 2.5 pywin32-212
"QSynth" = QSynth
"RadLight Ogg Media DirectShow filter" = RadLight Ogg Media DirectShow filter (remove only)
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 6.0" = RealPlayer
"REAPER" = REAPER
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Sandboxie" = Sandboxie 3.40
"Sanny Builder 3_is1" = Sanny Builder 3.03
"SBPSolver" = SBPSolver
"SendKeys-py2.5" = Python 2.5 SendKeys-0.3
"Sibelius Sounds Essentials" = Sibelius Sounds Essentials
"Slice" = Slice Audio File Splitter
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = TranslationStation
"Steam App 211" = Source SDK
"Steam App 220" = Half-Life 2
"Steam App 4000" = Garry's Mod
"Stellarium_is1" = Stellarium 0.10.0
"SubtitDS" = DirectShow subtitle filter colleciton (remove only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SUPER ゥ" = SUPER ゥ Version 2009.bld.36 (June 10, 2009)
"TallStick TS-AudioToMIDI 3.30" = TallStick TS-AudioToMIDI 3.30 (remove only)
"Texmaker" = Texmaker
"TextAloud MP3_is1" = TextAloud
"Tor" = Tor 0.2.0.34
"TotalRecorder" = Total Recorder 7.1
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Universal Extractor_is1" = Universal Extractor 1.5
"URLSnooper 2_is1" = URL Snooper v2.26.01
"uTorrent" = μTorrent
"Valve Hammer Editor" = Valve Hammer Editor
"Van Dale Groot woordenboek hedendaags Nederlands" = Van Dale Groot woordenboek hedendaags Nederlands
"Van Dale Grote woordenboeken Engels" = Van Dale Grote woordenboeken Engels
"Vidalia" = Vidalia 0.1.15
"Visual MP3 Splitter & Joiner Update trial to full_is1" = Visual MP3 Splitter & Joiner 6.0
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.0
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"WIDI Recognition System Pro 3.32" = WIDI Recognition System Pro 3.32 (remove only)
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Winspector - Ultimate Windows Spy Utility_is1" = Winspector
"WinZip" = WinZip
"Wireshark" = Wireshark 1.2.5
"WM Recorder 11.0" = WM Recorder 11.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-docs-demos_is1" = wxPython Docs and Demos 2.8.8.1
"wxPython2.8-unicode-py25_is1" = wxPython 2.8.8.1 (unicode) for Python 2.5
"Xilisoft DVD Ripper Platinum" = Xilisoft DVD Ripper Platinum 4
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YdpDict100" = YDP Dictionary (English-Polish, Polish-English)
"YU2010_is1" = Your Uninstaller! 2010
"広辞苑第五版" = 広辞苑第五版
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = μTorrent
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2009/09/11 23:12:49 | Computer Name = BRETT-0HK85V6C6 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in PDICW32.EXE [2256]. Just-In-Time
debugging this exception failed with the following error: サーバーの実行に失敗しました Check the
documentation index for 'Just-in-time debugging, errors' for more information.
[ System Events ]
Error - 2009/12/31 0:50:52 | Computer Name = BRETT-0HK85V6C6 | Source = Service Control Manager | ID = 7000
Description = SQL Server (BWDATOOLSET) サービスは次のエラーのため開始できませんでした: %%3
Error - 2009/12/31 0:50:52 | Computer Name = BRETT-0HK85V6C6 | Source = Service Control Manager | ID = 7000
Description = npkcrypt サービスは次のエラーのため開始できませんでした: %%3
Error - 2009/12/31 0:50:52 | Computer Name = BRETT-0HK85V6C6 | Source = Service Control Manager | ID = 7000
Description = DNS Whois ip サービスは次のエラーのため開始できませんでした: %%2
Error - 2009/12/31 0:54:39 | Computer Name = BRETT-0HK85V6C6 | Source = Service Control Manager | ID = 7000
Description = SASDIFSV サービスは次のエラーのため開始できませんでした: %%183
Error - 2009/12/31 1:07:33 | Computer Name = BRETT-0HK85V6C6 | Source = Ftdisk | ID = 262189
Description = システムは、正常にクラッシュ ダンプ ドライバを読み込めませんでした。
Error - 2009/12/31 1:07:33 | Computer Name = BRETT-0HK85V6C6 | Source = Ftdisk | ID = 262193
Description = クラッシュ ダンプのページング ファイルの構成に失敗しました。ブート パーティションに ページング ファイルがあり、ページング ファイルの大きさがすべての物理メモリを含むのに十分であることを確認
してください。
Error - 2009/12/31 1:07:59 | Computer Name = BRETT-0HK85V6C6 | Source = Service Control Manager | ID = 7000
Description = Artificial Dynamics WAVE Launcher Service サービスは次のエラーのため開始できませんでした:
%%3
Error - 2009/12/31 1:07:59 | Computer Name = BRETT-0HK85V6C6 | Source = Service Control Manager | ID = 7000
Description = SQL Server (BWDATOOLSET) サービスは次のエラーのため開始できませんでした: %%3
Error - 2009/12/31 1:07:59 | Computer Name = BRETT-0HK85V6C6 | Source = Service Control Manager | ID = 7000
Description = npkcrypt サービスは次のエラーのため開始できませんでした: %%3
Error - 2009/12/31 1:07:59 | Computer Name = BRETT-0HK85V6C6 | Source = Service Control Manager | ID = 7000
Description = DNS Whois ip サービスは次のエラーのため開始できませんでした: %%2
< End of report >
My computer is running the Japanese version of Windows XP. If you need a translation of any Japanese messages in the logfiles above just let me know.
Thanks very much for your assistance. I'll be interested in knowing how this malware can be dealt with.
Brett
Sign In
Create Account
