Thank you for your reply!
I couldn't scan using Rooter.exe with Microsoft Security Essentials' real time protection disabled. When I press the scan button it gives me a windows error "Malware Finder has stopped working".
It successfully scanned after I enabled MSE though.
Rooter logRooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.7600.16385
Mozilla Firefox 3.6.8 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:197 Go - Free:49 Go )
D:\ [Fixed-NTFS] .. ( Total:100 Go - Free:30 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
.
Scan : 15:19.01
Path : C:\Users\Tom\Desktop\Rooter.exe
User : Tom ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ???"?????? (308)
______ ???"?????? (488)
______ ???"?????? (552)
______ ???"?????? (572)
______ ???"?????? (616)
______ ???"?????? (652)
______ ???"?????? (664)
______ ???"?????? (672)
______ ???"?????? (796)
______ ???"?????? (872)
______ ???"?????? (932)
______ ???"?????? (324)
______ ???"?????? (480)
______ ???"?????? (744)
______ ???"?????? (492)
______ ???"?????? (1084)
______ ???"?????? (1116)
______ ???"?????? (1232)
______ ???"?????? (1308)
______ ???"?????? (1360)
______ ???"?????? (1672)
______ ???"?????? (1708)
______ ???"?????? (1796)
______ ???"?????? (1904)
______ ???"?????? (1280)
______ C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (344)
______ ???"?????? (1216)
______ C:\Program Files (x86)\gdipp\gdipp_svc_32.exe (1872)
______ ???"?????? (1880)
______ C:\Windows\SysWOW64\DllHost.exe (2172)
______ C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (2236)
______ ???"?????? (2464)
______ ???"?????? (2672)
______ ???"?????? (2844)
______ ???"?????? (2872)
______ ???"?????? (464)
______ ???"?????? (3132)
______ ???"?????? (3176)
______ ???"?????? (3408)
______ ???"?????? (3436)
______ ???"?????? (3476)
______ ???"?????? (3496)
______ ???"?????? (3888)
______ ???"?????? (3916)
______ ???"?????? (3980)
______ ???"?????? (4040)
______ ???"?????? (3652)
______ ???"?????? (3452)
______ ???"?????? (2564)
______ ???"?????? (768)
______ C:\Users\Tom\xwd202\XWD.exe (2820)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4488)
______ C:\Users\Tom\Desktop\Rooter.exe (108)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:212277919744)
\Device\Harddisk0\Partition3 (Start_Offset:212383825920 | Length:107687706624)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3513507862-3738819510-2213337168-1001Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3513507862-3738819510-2213337168-1001UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 15:19.29
.
C:\Rooter$\Rooter_1.txt - (14/08/2010 | 15:19.29)
OTL.TxtOTL logfile created on: 8/14/2010 03:00:38 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 197.70 Gb Total Space | 49.25 Gb Free Space | 24.91% Space Free | Partition Type: NTFS
Drive D: | 100.29 Gb Total Space | 30.62 Gb Free Space | 30.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM-PC
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/08/14 14:59:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2010/06/16 14:18:58 | 000,109,056 | ---- | M] (gdipp Project) -- C:\Program Files (x86)\gdipp\gdipp_svc_32.exe
PRC - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/14 12:15:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
========== Modules (SafeList) ========== MOD - [2010/08/14 14:59:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
MOD - [2010/06/16 14:18:52 | 000,662,528 | ---- | M] (gdipp Project) -- C:\Program Files (x86)\gdipp\gdimm_32.dll
MOD - [2010/06/16 14:18:36 | 000,295,936 | ---- | M] (gdipp Project) -- C:\Program Files (x86)\gdipp\gdipp_common_32.dll
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010/04/26 01:09:32 | 000,098,304 | ---- | M] () -- C:\Windows\SysWOW64\EasyHook32.dll
MOD - [2009/07/13 20:15:21 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll
MOD - [2009/07/13 20:15:13 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
MOD - [2009/07/13 20:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2009/07/13 20:15:07 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:
64bit: - [2010/06/27 01:31:30 | 000,346,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:
64bit: - [2010/06/27 01:31:30 | 000,012,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:
64bit: - [2010/06/01 19:00:54 | 002,348,600 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:
64bit: - [2009/09/03 17:15:38 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:
64bit: - [2009/09/01 11:15:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2009/08/05 17:06:34 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV:
64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:
64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/29 18:09:32 | 000,017,920 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/06/16 14:19:54 | 000,121,856 | ---- | M] (gdipp Project) [Auto | Running] -- C:\Program Files (x86)\gdipp\gdipp_svc_64.exe -- (gdipp_svc_64) gdipp Service (64 bit)
SRV - [2010/06/16 14:18:58 | 000,109,056 | ---- | M] (gdipp Project) [Auto | Running] -- C:\Program Files (x86)\gdipp\gdipp_svc_32.exe -- (gdipp_svc_32) gdipp Service (32 bit)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/11/27 17:58:16 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/12 12:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
========== Driver Services (SafeList) ========== DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:
64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:
64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)
DRV:
64bit: - [2010/07/20 17:39:18 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:
64bit: - [2010/06/29 23:56:42 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:
64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:
64bit: - [2010/01/11 19:58:32 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:
64bit: - [2009/11/07 20:28:47 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:
64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2009/10/09 21:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:
64bit: - [2009/09/28 20:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:
64bit: - [2009/09/09 11:04:46 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:
64bit: - [2009/09/01 11:15:16 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2009/08/05 17:06:34 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:
64bit: - [2009/08/05 17:06:32 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:
64bit: - [2009/08/05 17:06:32 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:
64bit: - [2009/08/05 17:06:32 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:
64bit: - [2009/08/05 17:06:32 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:
64bit: - [2009/07/24 10:54:32 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:
64bit: - [2009/07/22 16:16:48 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:
64bit: - [2009/07/22 16:15:20 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:
64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/13 15:19:54 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:
64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:
64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:
64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:
64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:
64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:
64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:
64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:
64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:
64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:
64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:
64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:
64bit: - [2007/08/03 06:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:
64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV - [2010/06/10 05:03:28 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/08/27 00:30:17 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 CB F3 B7 A4 2F CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.addSBtoToolbar: false
FF - prefs.js..browser.search.autosizerwizard: ""
FF - prefs.js..browser.search.minwidth: 125
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: abhere2@moztw.org:3.6.20100801
FF - prefs.js..extensions.enabledItems: apptabs@frankyan.com:0.6.2
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {21cfaec0-dbb3-11dc-95ff-0800200c9a66}:1.1.2.4
FF - prefs.js..extensions.enabledItems: {E6463D12-450D-45eb-9D47-804AEB0A9561}:2.2.0
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.8
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {210249CE-F888-11DD-B868-4CB456D89593}:2.1.5
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
FF - prefs.js..extensions.enabledItems: savefileto@mozdev.org:2.0.2
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.6
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:1.6.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6b4
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.69.1
FF - prefs.js..extensions.enabledItems: realurl@rod.whiteley:0.52
FF - prefs.js..extensions.enabledItems: {70171e70-9057-11da-9562-00e08161165f}:1.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: bug447571@alice0775:1.5
FF - prefs.js..extensions.enabledItems: findtocenter@alice0775:0.2010070901
FF - prefs.js..extensions.enabledItems: {39952c40-5197-11da-8cd6-0800200c9a66}:0.5.3
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:3.6.10021200
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}:2.0
FF - prefs.js..extensions.enabledItems: {113c2360-15a3-11de-8c30-0800200c9a66}:0.9
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2
FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.6.1
FF - prefs.js..extensions.enabledItems: macfox_nostalgia@smartbright:1.04.03
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 21:32:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 21:32:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/24 18:46:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010/06/01 15:13:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2010/06/01 15:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/07 20:10:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/08/14 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions
[2010/07/08 22:03:22 | 000,000,000 | ---D | M] (URL Fixer) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}
[2010/08/13 12:04:04 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/11/25 22:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{113c2360-15a3-11de-8c30-0800200c9a66}
[2010/02/11 19:26:55 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/07/06 19:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{1fbe1e70-502c-11de-8a39-0800200c9a66}
[2010/07/05 00:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
[2009/11/07 14:27:15 | 000,000,000 | ---D | M] (Easy DragToGo) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
[2009/11/19 16:18:26 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2009/11/07 14:27:14 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/07/27 13:14:55 | 000,000,000 | ---D | M] (Tab Control) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}
[2009/11/07 14:27:15 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/08/09 23:21:55 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/07/04 23:58:12 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010/08/12 00:57:08 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/06/24 02:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{70171e70-9057-11da-9562-00e08161165f}
[2009/12/09 21:46:39 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010/07/06 19:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{bb230b90-cfd6-11dd-ad8b-0800200c9a66}
[2010/01/01 00:45:59 | 000,000,000 | ---D | M] (StrataStripe) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
[2010/07/31 16:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/07/10 12:43:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/31 16:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/07/13 23:14:29 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/28 18:08:24 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2010/04/08 22:30:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/13 08:27:18 | 000,000,000 | ---D | M] (Find Toolbar Tweaks) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{E6463D12-450D-45eb-9D47-804AEB0A9561}
[2009/11/07 14:27:13 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/07/17 18:04:49 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/08/07 00:17:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\abhere2@moztw.org
[2010/01/05 19:37:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\apptabs@frankyan.com
[2010/05/20 14:36:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\bettergmail2@ginatrapani.org
[2010/07/06 19:48:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\bug447571@alice0775
[2010/03/29 18:11:10 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\CompactMenuCE@Merci.chao
[2010/07/11 14:51:54 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\findtocenter@alice0775
[2010/07/31 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\firegestures@xuldev.org
[2010/07/07 19:41:58 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\Foxdie@tanjihay.com
[2010/07/07 19:42:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\foxdie_ext_ocelot@foxdie.us
[2010/04/06 12:47:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\isreaditlater@ideashower.com
[2010/07/27 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\macfox_nostalgia@smartbright
[2010/06/15 22:08:52 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\realurl@rod.whiteley
[2010/05/30 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\savefileto@mozdev.org
[2010/08/13 12:04:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\staged-xpis
[2010/04/19 20:38:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\Strata40@SpewBoy.au
[2010/04/18 19:05:47 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\StrataBuddy@ReduxTeam
[2010/07/13 14:08:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\support@lastpass.com
[2010/07/01 16:45:14 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\tineye@ideeinc.com
[2010/04/19 20:38:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2010/08/12 18:38:39 | 000,002,726 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\demonoid---by-seeders.xml
[2010/01/25 03:31:05 | 000,002,102 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\digitalhive.xml
[2010/08/09 18:59:23 | 000,002,492 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\flixster.xml
[2010/08/12 18:38:39 | 000,001,811 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\h33t.xml
[2009/08/26 01:47:34 | 000,001,512 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\imdb.xml
[2009/09/03 19:21:08 | 000,002,305 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\lastfm.xml
[2010/08/12 18:38:39 | 000,002,307 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\rotten-tomatoes.xml
[2010/08/14 00:34:08 | 000,001,400 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\ultimate-guitar---tabs.xml
[2009/08/14 01:34:08 | 000,002,013 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\urban-dictionary.xml
[2009/12/13 22:35:44 | 000,001,987 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\wolframalpha.xml
[2009/08/26 01:47:18 | 000,004,153 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9yj7c25j.default\searchplugins\youtube.xml
[2010/08/14 00:14:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/06 13:09:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/07/14 18:51:53 | 000,000,861 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activation.guitar-pro.com
O2 - BHO: (Microsoft Antimalware Script Scanner) - {97055CD1-F6C4-40F8-AF50-932F1890E7F5} - c:\Program Files (x86)\Microsoft Security Client\Antimalware\MpBHO.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:
64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:
64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:
64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:
64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWindows Dock.lnk = C:\Users\Tom\xwd202\XWD.exe (Lichonos Vladimir)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:
64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:
64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:
64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:
64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0}
https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:
64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:
64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:
64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:
64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/08/14 14:59:41 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2010/08/14 14:53:32 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Tom\Desktop\Rooter.exe
[2010/08/14 14:52:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/14 14:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/14 14:51:20 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Tom\Desktop\erunt-setup.exe
[2010/08/14 02:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plasma Pong
[2010/08/12 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Apps
[2010/08/11 16:29:27 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 16:29:25 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/11 16:29:25 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/11 16:29:13 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 16:29:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 16:29:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 16:29:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 16:29:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 16:29:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 16:29:07 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 16:29:06 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 16:29:05 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/10 15:26:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\eqs
[2010/08/07 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\ATI
[2010/08/07 15:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/08/07 15:32:37 | 000,000,000 | R--D | C] -- C:\Users\Tom\Searches
[2010/08/07 14:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/08/07 14:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/08/06 21:28:37 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2010/08/06 21:28:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/06 21:28:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/06 21:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/06 21:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/06 21:24:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/08/06 21:18:48 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tom\Desktop\TDSSKiller.exe
[2010/08/06 13:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/06 13:09:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/06 13:09:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/06 13:09:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/03 18:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010/07/31 21:27:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\The KMPlayer
[2010/07/31 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2010/07/31 21:10:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\.smplayer
[2010/07/31 14:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoreCodec
[2010/07/31 12:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prey
[2010/07/30 13:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/07/30 13:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/07/30 13:29:37 | 000,000,000 | ---D | C] -- C:\ATI
[2010/07/29 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\StarCraft II
[2010/07/27 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\ConvertXToDVD
[2010/07/27 21:45:17 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Vso
[2010/07/27 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\TCB Networks
[2010/07/20 17:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2010/07/20 17:48:25 | 000,000,000 | ---D | C] -- C:\Windows\TempA12C6131-1AFF-4A18-79B0-5DBA405C42DB-Signatures
[2010/07/20 17:48:00 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2010/07/20 17:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2010/07/20 17:39:18 | 000,230,352 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/08/14 15:00:44 | 003,932,160 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT
[2010/08/14 15:00:18 | 000,869,051 | ---- | M] () -- C:\Users\Tom\Desktop\SecurityCheck.exe
[2010/08/14 14:59:58 | 000,743,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/14 14:59:58 | 000,635,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/14 14:59:58 | 000,111,610 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/14 14:59:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2010/08/14 14:55:28 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 14:55:28 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 14:55:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/14 14:55:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/14 14:53:33 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Tom\Desktop\Rooter.exe
[2010/08/14 14:51:58 | 000,000,894 | ---- | M] () -- C:\Users\Tom\Desktop\NTREGOPT.lnk
[2010/08/14 14:51:58 | 000,000,875 | ---- | M] () -- C:\Users\Tom\Desktop\ERUNT.lnk
[2010/08/14 14:51:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Tom\Desktop\erunt-setup.exe
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/14 14:48:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/14 14:47:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/14 14:47:53 | 3195,289,600 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/14 01:36:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3513507862-3738819510-2213337168-1001UA.job
[2010/08/14 00:36:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3513507862-3738819510-2213337168-1001Core.job
[2010/08/13 00:10:50 | 003,590,026 | -H-- | M] () -- C:\Users\Tom\AppData\Local\IconCache.db
[2010/08/12 12:59:06 | 000,000,062 | ---- | M] () -- C:\Windows\settings.ini
[2010/08/12 12:19:43 | 000,422,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/08 23:54:28 | 000,000,920 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWindows Dock.lnk
[2010/08/08 12:57:22 | 000,001,023 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/06 22:43:48 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg
[2010/08/06 22:43:48 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg
[2010/08/06 21:58:01 | 000,525,824 | ---- | M] () -- C:\Users\Tom\Desktop\dds.scr
[2010/08/06 21:51:00 | 000,000,020 | ---- | M] () -- C:\Users\Tom\defogger_reenable
[2010/08/06 21:50:19 | 000,050,477 | ---- | M] () -- C:\Users\Tom\Desktop\Defogger.exe
[2010/08/04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tom\Desktop\TDSSKiller.exe
[2010/08/03 19:02:14 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/31 16:52:47 | 000,014,336 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/29 01:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/07/27 22:35:48 | 000,001,173 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\vso_ts_preview.xml
[2010/07/20 17:48:43 | 000,757,008 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/20 17:39:18 | 000,230,352 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2010/07/17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/15 19:34:01 | 000,214,592 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/08/14 15:00:17 | 000,869,051 | ---- | C] () -- C:\Users\Tom\Desktop\SecurityCheck.exe
[2010/08/14 14:51:58 | 000,000,894 | ---- | C] () -- C:\Users\Tom\Desktop\NTREGOPT.lnk
[2010/08/14 14:51:58 | 000,000,875 | ---- | C] () -- C:\Users\Tom\Desktop\ERUNT.lnk
[2010/08/08 12:57:22 | 000,001,023 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/07 15:42:22 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/08/07 15:33:15 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/08/06 22:04:20 | 000,293,376 | ---- | C] () -- C:\Users\Tom\Desktop\gmer.exe
[2010/08/06 21:58:17 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/08/06 21:57:38 | 000,525,824 | ---- | C] () -- C:\Users\Tom\Desktop\dds.scr
[2010/08/06 21:50:59 | 000,000,020 | ---- | C] () -- C:\Users\Tom\defogger_reenable
[2010/08/06 21:49:34 | 000,050,477 | ---- | C] () -- C:\Users\Tom\Desktop\Defogger.exe
[2010/08/03 22:09:55 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/08/03 21:38:58 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/08/03 18:51:43 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/27 21:45:17 | 000,001,173 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\vso_ts_preview.xml
[2010/06/21 19:17:22 | 000,000,062 | ---- | C] () -- C:\Windows\settings.ini
[2010/04/26 01:09:32 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2010/04/25 14:41:08 | 000,757,008 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
========== LOP Check ========== [2010/06/30 14:47:42 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\CD Art Display
[2009/11/07 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite
[2010/08/14 14:49:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Dropbox
[2010/06/03 00:14:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GARMIN
[2010/05/17 15:54:52 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ImgBurn
[2010/01/21 00:19:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\IrfanView
[2010/06/21 22:42:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mp3tag
[2010/08/10 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\MusicBee
[2010/07/01 17:13:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Rainmeter
[2009/11/30 01:20:51 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Razer
[2010/03/04 04:12:05 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\rockbox.org
[2010/07/27 12:36:06 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TCB Networks
[2010/06/01 15:13:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Thunderbird
[2010/07/23 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TrueCrypt
[2010/08/12 21:59:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent
[2010/07/27 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Vso
[2010/08/14 14:55:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\XWindows Dock
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/08/14 14:48:08 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/06/28 13:39:12 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== < End of report >
Extras.TxtOTL Extras logfile created on: 8/14/2010 03:00:38 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 197.70 Gb Total Space | 49.25 Gb Free Space | 24.91% Space Free | Partition Type: NTFS
Drive D: | 100.29 Gb Total Space | 30.62 Gb Free Space | 30.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM-PC
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E6FB0F-C681-4FE6-B230-ABDD9337FCA0}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{48A49473-FD82-491D-B681-B8446A7D4B25}" = PDF-XChange Viewer
"{4AB37210-D5CC-4784-92BC-A3DA41629376}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{71596D05-3463-439F-A0D4-4D04768A5E87}" = gdipp
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{AF81FB63-8419-35A3-D9B1-BAFB441C81DE}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F8597D20-ACC7-FD03-56FA-23894108BA06}" = ATI Catalyst Install Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"QuickSFV" = QuickSFV (Remove only)
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{002DD827-7FAC-A09F-7382-BCF61E6744C8}" = CCC Help Portuguese
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C255F02-22AF-F50B-E945-B8D763E1A077}" = CCC Help Greek
"{0C5F09B4-5C7A-6F41-89F4-65B419A639B9}" = CCC Help Chinese Standard
"{0CA267D3-3CBC-4852-910C-5995698F4914}" = MusicBee
"{1730D13B-7517-4321-A88B-64627CF67CDC}_is1" = Logon Screen 2.20
"{180641E1-F6C2-6053-1022-78B9C49D173D}" = CCC Help Finnish
"{18A2FD82-910A-0208-3AE1-169E92F2AFA4}" = CCC Help Dutch
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2822F016-69E9-A368-B612-685CCF4A9B83}" = CCC Help English
"{2A07F8DD-96E5-8A5D-3C6A-D60F38D1F34B}" = CCC Help Turkish
"{2D397BD2-ED49-F9B9-4F65-D60D00AD6C5F}" = CCC Help Norwegian
"{30C4566A-85AC-1713-71B2-3BE50C7146F8}" = CCC Help Thai
"{3380D2BE-EAE4-034C-1096-3CA28F82A2F9}" = CCC Help French
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{4067974F-F2E5-5893-E7A3-10C345089305}" = CCC Help Polish
"{4177BBB8-D654-4364-A898-BA00A68D7897}" = CCC Help Swedish
"{41CD70E9-E193-8358-A837-A3A900565840}" = CCC Help Russian
"{44B4C2E3-D570-16B4-8CED-3D83AAF5D6F7}" = Catalyst Control Center Localization All
"{473937BF-F1ED-764D-01A8-12A672DED3E0}" = CCC Help Spanish
"{48A25E19-D9AE-4BBE-9411-6F4C5D328B39}" = Skype™ Beta 5.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECC1D06-672F-2935-E570-CA2D210AE0CE}" = Catalyst Control Center InstallProxy
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7CCD59-BEBB-57D4-23EC-B9A9DB173EAA}" = Catalyst Control Center Graphics Previews Vista
"{8EE4C584-C82E-9BE3-41C1-BC2A53774DE6}" = CCC Help Korean
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{940C416E-1BE6-58C0-949E-1A588349B0C7}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B7D833B7-915D-C859-D7A6-3639423E878C}" = CCC Help Danish
"{B9F76257-02B5-EB70-2A72-6D56C9359985}" = CCC Help Italian
"{BB778F28-FD55-C8FD-8E0B-482814C05D6B}" = CCC Help Chinese Traditional
"{BF076135-7D69-3255-D72B-487E67146727}" = CCC Help Japanese
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB829D09-6426-F17D-C95D-303A6613A190}" = ccc-core-static
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E5A5844F-80CB-665D-0AF9-9D712F4E6238}" = CCC Help German
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F958FF6B-B2B8-03F6-B56D-7D5E04768AA8}" = CCC Help Czech
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"CD Art Display_is1" = CD Art Display 3.0.1212 Beta
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Digsby" = Digsby
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"Mp3tag" = Mp3tag v2.46a
"Picasa 3" = Picasa 3
"Plasma Pong_is1" = Plasma Pong v1.2
"Rainmeter" = Rainmeter (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.89
"Samsung ML-2525W Series" = Maintenance Samsung ML-2525W Series
"StarCraft II" = StarCraft II
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"Warcraft III" = Warcraft III
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"cd436d2f0be5b427" = GVNotifier
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
checkup.txt Results of screen317's Security Check version 0.99.5
Windows 7
(UAC is disabled!) Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update. ```````````````````````````````
Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 21
Adobe Flash Player 10.1.53.64
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.1.)
Thunderbird Out of Date! ````````````````````````````````
Process Check:
objlist.exe by Laurent Windows Defender MSMpEng.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
````````````````````````````````
DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Attach.txt 6.93KB
2 downloads
Back to top
