ohgodhelp

Members
  • Content Count

    16
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ohgodhelp

  • Rank
    Member
  1. No problems here, everything cleaned up successfully, thanks again for your help. You've done me a wonderful service.
  2. [code][email protected] as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=7.00.6000.16827 (vista_gdr.090226-1506) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-03-20 08:53:05 # local_time=2010-03-20 04:53:05 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.2.3790 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 1546782 1546782 0 0 # compatibility_mode=1797 16775125 100 100 0 44557544 0 0 # compatibility_mode=3073 16777213 80 100 31438737 34949283 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=301916 # found=3 # cleaned=3 # scan_time=15279 C:\Documents and Settings\Administrator\My Documents\Downloads\KingsSmithSetup.exe a variant of Win32/FenomenGame application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP451\A0080198.dll a variant of Win32/Kryptik.CRP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTM\MovedFiles3022010_091503\C_WINDOWS\ibatibuxerugug.dll a variant of Win32/Cimag.BX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C[/code]
  3. [code]Avira AntiVir Personal Report file date&#58; Friday, March 19, 2010 05&#58;00 Scanning for 1876413 virus strains and unwanted programs. Licensee &#58; Avira AntiVir Personal - FREE Antivirus Serial number &#58; 0000149996-ADJIE-0000001 Platform &#58; Windows XP 64 Bit Windows version &#58; &#40;Service Pack 1&#41; &#91;5.2.3790&#93; Boot mode &#58; Normally booted Username &#58; SYSTEM Computer name &#58; THE-BL7D5N9D5A8 Version information&#58; BUILD.DAT &#58; 9.0.0.419 21701 Bytes 1/22/2010 18&#58;29&#58;00 AVSCAN.EXE &#58; 9.0.3.10 466689 Bytes 11/20/2009 09&#58;28&#58;21 AVSCAN.DLL &#58; 9.0.3.0 40705 Bytes 2/27/2009 15&#58;58&#58;24 LUKE.DLL &#58; 9.0.3.2 209665 Bytes 2/20/2009 16&#58;35&#58;49 LUKERES.DLL &#58; 9.0.2.0 12033 Bytes 2/27/2009 15&#58;58&#58;52 VBASE000.VDF &#58; 7.10.0.0 19875328 Bytes 11/6/2009 09&#58;28&#58;20 VBASE001.VDF &#58; 7.10.1.0 1372672 Bytes 11/19/2009 09&#58;28&#58;21 VBASE002.VDF &#58; 7.10.3.1 3143680 Bytes 1/20/2010 10&#58;02&#58;51 VBASE003.VDF &#58; 7.10.3.75 996864 Bytes 1/26/2010 09&#58;28&#58;25 VBASE004.VDF &#58; 7.10.4.203 1579008 Bytes 3/5/2010 09&#58;28&#58;56 VBASE005.VDF &#58; 7.10.4.204 2048 Bytes 3/5/2010 09&#58;28&#58;56 VBASE006.VDF &#58; 7.10.4.205 2048 Bytes 3/5/2010 09&#58;28&#58;56 VBASE007.VDF &#58; 7.10.4.206 2048 Bytes 3/5/2010 09&#58;28&#58;56 VBASE008.VDF &#58; 7.10.4.207 2048 Bytes 3/5/2010 09&#58;28&#58;56 VBASE009.VDF &#58; 7.10.4.208 2048 Bytes 3/5/2010 09&#58;28&#58;57 VBASE010.VDF &#58; 7.10.4.209 2048 Bytes 3/5/2010 09&#58;28&#58;57 VBASE011.VDF &#58; 7.10.4.210 2048 Bytes 3/5/2010 09&#58;28&#58;57 VBASE012.VDF &#58; 7.10.4.211 2048 Bytes 3/5/2010 09&#58;28&#58;57 VBASE013.VDF &#58; 7.10.4.242 153088 Bytes 3/8/2010 09&#58;27&#58;42 VBASE014.VDF &#58; 7.10.5.17 99328 Bytes 3/10/2010 09&#58;27&#58;42 VBASE015.VDF &#58; 7.10.5.44 107008 Bytes 3/11/2010 09&#58;27&#58;41 VBASE016.VDF &#58; 7.10.5.69 92672 Bytes 3/12/2010 08&#58;27&#58;43 VBASE017.VDF &#58; 7.10.5.91 119808 Bytes 3/15/2010 08&#58;27&#58;39 VBASE018.VDF &#58; 7.10.5.121 112640 Bytes 3/18/2010 08&#58;28&#58;09 VBASE019.VDF &#58; 7.10.5.122 2048 Bytes 3/18/2010 08&#58;28&#58;09 VBASE020.VDF &#58; 7.10.5.123 2048 Bytes 3/18/2010 08&#58;28&#58;10 VBASE021.VDF &#58; 7.10.5.124 2048 Bytes 3/18/2010 08&#58;28&#58;10 VBASE022.VDF &#58; 7.10.5.125 2048 Bytes 3/18/2010 08&#58;28&#58;10 VBASE023.VDF &#58; 7.10.5.126 2048 Bytes 3/18/2010 08&#58;28&#58;10 VBASE024.VDF &#58; 7.10.5.127 2048 Bytes 3/18/2010 08&#58;28&#58;10 VBASE025.VDF &#58; 7.10.5.128 2048 Bytes 3/18/2010 08&#58;28&#58;10 VBASE026.VDF &#58; 7.10.5.129 2048 Bytes 3/18/2010 08&#58;28&#58;10 VBASE027.VDF &#58; 7.10.5.130 2048 Bytes 3/18/2010 08&#58;28&#58;11 VBASE028.VDF &#58; 7.10.5.131 2048 Bytes 3/18/2010 08&#58;28&#58;11 VBASE029.VDF &#58; 7.10.5.132 2048 Bytes 3/18/2010 08&#58;28&#58;11 VBASE030.VDF &#58; 7.10.5.133 2048 Bytes 3/18/2010 08&#58;28&#58;11 VBASE031.VDF &#58; 7.10.5.136 153600 Bytes 3/18/2010 08&#58;28&#58;12 Engineversion &#58; 8.2.1.194 AEVDF.DLL &#58; 8.1.1.3 106868 Bytes 1/23/2010 09&#58;27&#58;46 AESCRIPT.DLL &#58; 8.1.3.18 1024378 Bytes 3/18/2010 08&#58;31&#58;09 AESCN.DLL &#58; 8.1.5.0 127347 Bytes 2/26/2010 00&#58;38&#58;52 AESBX.DLL &#58; 8.1.2.1 254323 Bytes 3/18/2010 08&#58;31&#58;12 AERDL.DLL &#58; 8.1.4.3 541043 Bytes 3/18/2010 08&#58;30&#58;58 AEPACK.DLL &#58; 8.2.1.0 426356 Bytes 3/3/2010 09&#58;27&#58;42 AEOFFICE.DLL &#58; 8.1.0.41 201083 Bytes 3/18/2010 08&#58;30&#58;50 AEHEUR.DLL &#58; 8.1.1.13 2470262 Bytes 3/18/2010 08&#58;30&#58;48 AEHELP.DLL &#58; 8.1.10.2 237941 Bytes 3/18/2010 08&#58;30&#58;21 AEGEN.DLL &#58; 8.1.2.2 373107 Bytes 3/18/2010 08&#58;30&#58;19 AEEMU.DLL &#58; 8.1.1.0 393587 Bytes 10/3/2009 08&#58;55&#58;56 AECORE.DLL &#58; 8.1.12.3 188789 Bytes 3/18/2010 08&#58;30&#58;14 AEBB.DLL &#58; 8.1.0.3 53618 Bytes 10/9/2008 19&#58;32&#58;40 AVWINLL.DLL &#58; 9.0.0.3 18177 Bytes 12/12/2008 13&#58;47&#58;59 AVPREF.DLL &#58; 9.0.3.0 44289 Bytes 9/9/2009 08&#58;27&#58;41 AVREP.DLL &#58; 8.0.0.7 159784 Bytes 2/18/2010 09&#58;27&#58;44 AVREG.DLL &#58; 9.0.0.0 36609 Bytes 12/5/2008 15&#58;32&#58;09 AVARKT.DLL &#58; 9.0.0.3 292609 Bytes 3/24/2009 20&#58;05&#58;41 AVEVTLOG.DLL &#58; 9.0.0.7 167169 Bytes 1/30/2009 15&#58;37&#58;08 SQLITE3.DLL &#58; 3.6.1.0 326401 Bytes 1/28/2009 20&#58;03&#58;49 SMTPLIB.DLL &#58; 9.2.0.25 28417 Bytes 2/2/2009 13&#58;21&#58;33 NETNT.DLL &#58; 9.0.0.0 11521 Bytes 12/5/2008 15&#58;32&#58;10 RCIMAGE.DLL &#58; 9.0.0.25 2438913 Bytes 5/15/2009 20&#58;39&#58;58 RCTEXT.DLL &#58; 9.0.73.0 86785 Bytes 11/20/2009 09&#58;28&#58;20 Configuration settings for the scan&#58; Jobname.............................&#58; Local Hard Disks Configuration file..................&#58; c&#58;\program files &#40;x86&#41;\avira\antivir desktop\alldiscs.avp Logging.............................&#58; low Primary action......................&#58; interactive Secondary action....................&#58; ignore Scan master boot sector.............&#58; on Scan boot sector....................&#58; on Boot sectors........................&#58; C&#58;, D&#58;, F&#58;, Process scan........................&#58; on Scan registry.......................&#58; on Search for rootkits.................&#58; off Integrity checking of system files..&#58; off Scan all files......................&#58; Intelligent file selection Scan archives.......................&#58; on Recursion depth.....................&#58; 20 Smart extensions....................&#58; on Macro heuristic.....................&#58; on File heuristic......................&#58; medium Start of the scan&#58; Friday, March 19, 2010 05&#58;00 The scan of running processes will be started Scan process &#39;avscan.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;avnotify.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;AAWTray.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;unsecapp.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;AAWService.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;EVEMon.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;firefox.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;Steam.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;wuauclt.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;wmiprvse.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;alg.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;svchost.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;nvsvc64.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;svchost.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;jusched.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;avgnt.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;PDVDServ.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;winampa.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;TeamSpeak.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;pidgin.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;Dropbox.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;ctfmon.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;daemon.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;ctfmon.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;LWEMon.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;cfp.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;RTHDCPL.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;rundll32.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;explorer.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;svchost.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;avguard.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;sched.exe&#39; - &#39;1&#39; Module&#40;s&#41; have been scanned Scan process &#39;spoolsv.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;svchost.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;svchost.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;svchost.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;cmdagent.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;svchost.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;svchost.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;lsass.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;services.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;winlogon.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;csrss.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned Scan process &#39;smss.exe&#39; - &#39;0&#39; Module&#40;s&#41; have been scanned 19 processes with 19 modules were scanned Starting master boot sector scan&#58; Master boot sector HD0 &#91;INFO&#93; No virus was found! Start scanning boot sectors&#58; Boot sector &#39;C&#58;\&#39; &#91;INFO&#93; No virus was found! Boot sector &#39;D&#58;\&#39; &#91;INFO&#93; No virus was found! Boot sector &#39;F&#58;\&#39; &#91;INFO&#93; No virus was found! Starting to scan executable files &#40;registry&#41;. The registry was scanned &#40; &#39;42&#39; files &#41;. Starting the file scan&#58; Begin scan in &#39;C&#58;\&#39; <The Workshop> C&#58;\pagefile.sys &#91;WARNING&#93; The file could not be opened! &#91;NOTE&#93; This file is a Windows system file. &#91;NOTE&#93; This file cannot be opened for scanning. C&#58;\Documents and Settings\Administrator\My Documents\Downloads\Elton John Collection\1999 - The Muse Soundtrack1 - Elton John - Driving Home.mp3 &#91;0&#93; Archive type&#58; CAB &#40;Microsoft&#41; --> msihnd.dll &#91;WARNING&#93; No further files can be extracted from this archive. The archive will be closed &#91;WARNING&#93; No further files can be extracted from this archive. The archive will be closed C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP413\A0074443.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076552.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076555.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076556.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076558.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076560.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076562.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076563.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076567.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076568.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076569.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076570.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076571.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076572.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan C&#58;\WINDOWS\system32\drivers\sptd.sys &#91;WARNING&#93; The file could not be opened! C&#58;\_OTM\MovedFiles2262010_103543\C_WINDOWS\SysWOW64\vonamaji.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan Begin scan in &#39;D&#58;\&#39; <The Arcade> Begin scan in &#39;F&#58;\&#39; <The Warehouse> Beginning disinfection&#58; C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP413\A0074443.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4bd37552.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076552.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4f51e9f3.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076555.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4f50d13b.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076556.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4f56c6ab.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076558.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4fad08d3.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076560.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4f57d963.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076562.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4f52e18b.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076563.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4f55ce93.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076567.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4d1908bb.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076568.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4d18f0e3.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076569.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4d1ff82b.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076570.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4d1ee013.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076571.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4d1de85b.qua&#39;! C&#58;\System Volume Information\_restore{B033583C-1F18-4DD2-9CE8-9220CD082F71}\RP419\A0076572.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4d1cd183.qua&#39;! C&#58;\_OTM\MovedFiles2262010_103543\C_WINDOWS\SysWOW64\vonamaji.dll &#91;DETECTION&#93; Is the TR/Vundo.Gen2 Trojan &#91;NOTE&#93; The file was moved to &#39;4c117591.qua&#39;! End of the scan&#58; Friday, March 19, 2010 08&#58;59 Used time&#58; 2&#58;03&#58;23 Hour&#40;s&#41; The scan has been done completely. 17901 Scanned directories 637281 Files were scanned 15 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 15 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 637264 Files not concerned 8587 Archives were scanned 4 Warnings 16 Notes[/code]
  4. The old error message stopped popping up, however, Avira found some new evil .dlls early this morning, which I think is the first automated scan that has completed since the last fix. I'll run the ESET scan today, but I figured I ought to post about this now, since I expect the ESET scan will take several hours.
  5. [code]All processes killed ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Upabifexeme deleted successfully. ========== COMMANDS ========== &#91;EMPTYTEMP&#93; User&#58; Administrator ->Temp folder emptied&#58; 417700920 bytes ->Temporary Internet Files folder emptied&#58; 13482759 bytes ->Java cache emptied&#58; 12463608 bytes ->FireFox cache emptied&#58; 58776965 bytes User&#58; All Users User&#58; Default User ->Temp folder emptied&#58; 0 bytes ->Temporary Internet Files folder emptied&#58; 33170 bytes User&#58; LocalService ->Temp folder emptied&#58; 0 bytes ->Temporary Internet Files folder emptied&#58; 33170 bytes User&#58; NetworkService ->Temp folder emptied&#58; 0 bytes ->Temporary Internet Files folder emptied&#58; 0 bytes %systemdrive% .tmp files removed&#58; 0 bytes %systemroot% .tmp files removed&#58; 0 bytes %systemroot%\System32 .tmp files removed&#58; 0 bytes %systemroot%\System32\drivers .tmp files removed&#58; 0 bytes Windows Temp folder emptied&#58; 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied&#58; 0 bytes RecycleBin emptied&#58; 33619245 bytes Total Files Cleaned = 511.00 mb OTM by OldTimer - Version 3.1.9.0 log created on 03172010_121405 Files moved on Reboot... File C&#58;\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\3204 not found! Registry entries deleted on Reboot...[/code] Kaspersky is not working for me. It caused Firefox to freeze up on me twice. Then I remembered the last time I used Kaspersky I had to use Internet Explorer instead of Firefox. When I tried that, it told me that it does not work under 64-bit operating systems. I'll try running the scan in firefox again tonight, and hope it doesn't freeze up after a few hour, but I'm not expecting any different results.
  6. Hey. Sorry, RL has been a little busy for me lately. The fix didn't work right the first time, and I thought I might have just been doing it wrong, but it still hasn't worked out. My OTS has a different window setup than your post implied. There's a separate "Custom Scans" from the "Paste Fix Here" window. I tried both, neither made a difference. Anyway, here is my latest scan. [code]&#91;code&#93; OTS logfile created on&#58; 3/16/2010 9&#58;52&#58;28 AM - Run 5 OTS by OldTimer - Version 3.1.22.0 Folder = C&#58;\Documents and Settings\Administrator\Desktop 64bit-Windows Server 2003 Service Pack 1 &#40;Version = 5.2.3790&#41; - Type = NTWorkstation Internet Explorer &#40;Version = 7.0.5730.13&#41; Locale&#58; 00000409 | Country&#58; United States | Language&#58; ENU | Date Format&#58; M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free Paging file location&#40;s&#41;&#58; C&#58;\pagefile.sys 2046 4092 &#91;binary data&#93; %SystemDrive% = C&#58; | %SystemRoot% = C&#58;\WINDOWS | %ProgramFiles% = C&#58;\Program Files &#40;x86&#41; Drive C&#58; | 195.31 Gb Total Space | 43.30 Gb Free Space | 22.17% Space Free | Partition Type&#58; NTFS Drive D&#58; | 292.97 Gb Total Space | 48.88 Gb Free Space | 16.68% Space Free | Partition Type&#58; NTFS Drive E&#58; | 55.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type&#58; CDFS Drive F&#58; | 443.22 Gb Total Space | 122.67 Gb Free Space | 27.68% Space Free | Partition Type&#58; NTFS G&#58; Drive not present or media not loaded H&#58; Drive not present or media not loaded I&#58; Drive not present or media not loaded Computer Name&#58; THE-BL7D5N9D5A8 Current User Name&#58; Administrator Logged in as Administrator. Current Boot Mode&#58; Normal Scan Mode&#58; Current user Include 64bit Scans Company Name Whitelist&#58; On Skip Microsoft Files&#58; On File Age = 14 Days Quick Scan &#91;Processes - Safe List&#93; dropbox.exe -> C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> &#91;2010/02/26 01&#58;10&#58;20 | 021,979,992 | ---- | M&#93; &#40;&#41; ots.exe -> C&#58;\Documents and Settings\Administrator\Desktop\OTS.exe -> &#91;2010/02/21 01&#58;06&#58;15 | 000,632,320 | ---- | M&#93; &#40;OldTimer Tools&#41; aawservice.exe -> C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWService.exe -> &#91;2010/02/19 00&#58;16&#58;34 | 001,229,232 | ---- | M&#93; &#40;Lavasoft&#41; reader_sl.exe -> C&#58;\Program Files &#40;x86&#41;\Adobe\Reader 9.0\Reader\reader_sl.exe -> &#91;2009/12/22 02&#58;57&#58;28 | 000,035,760 | ---- | M&#93; &#40;Adobe Systems Incorporated&#41; adobearm.exe -> C&#58;\Program Files &#40;x86&#41;\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> &#91;2009/12/11 16&#58;57&#58;56 | 000,948,672 | R--- | M&#93; &#40;Adobe Systems Incorporated&#41; jusched.exe -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jusched.exe -> &#91;2009/10/11 05&#58;17&#58;36 | 000,149,280 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41; jqs.exe -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jqs.exe -> &#91;2009/10/11 05&#58;17&#58;35 | 000,153,376 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41; avguard.exe -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe -> &#91;2009/07/21 14&#58;34&#58;33 | 000,185,089 | ---- | M&#93; &#40;Avira GmbH&#41; sched.exe -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\sched.exe -> &#91;2009/05/13 16&#58;48&#58;22 | 000,108,289 | ---- | M&#93; &#40;Avira GmbH&#41; daemon.exe -> C&#58;\Program Files &#40;x86&#41;\DAEMON Tools Lite\daemon.exe -> &#91;2009/04/23 09&#58;51&#58;38 | 000,691,656 | ---- | M&#93; &#40;DT Soft Ltd&#41; avgnt.exe -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avgnt.exe -> &#91;2009/03/02 13&#58;08&#58;47 | 000,209,153 | ---- | M&#93; &#40;Avira GmbH&#41; winampa.exe -> C&#58;\Program Files &#40;x86&#41;\Winamp\winampa.exe -> &#91;2008/08/03 19&#58;02&#58;20 | 000,036,352 | ---- | M&#93; &#40;&#41; rthdcpl.exe -> C&#58;\WINDOWS\RTHDCPL.exe -> &#91;2007/12/12 02&#58;55&#58;02 | 016,859,136 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41; pidgin.exe -> C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe -> &#91;2007/12/07 14&#58;53&#58;28 | 000,044,658 | ---- | M&#93; &#40;The Pidgin developer community&#41; pdvdserv.exe -> C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\PDVDServ.exe -> &#91;2006/12/06 19&#58;37&#58;40 | 000,069,216 | ---- | M&#93; &#40;Cyberlink Corp.&#41; richvideo.exe -> C&#58;\Program Files &#40;x86&#41;\CyberLink\Shared Files\RichVideo.exe -> &#91;2005/08/08 14&#58;54&#58;00 | 000,167,936 | ---- | M&#93; &#40;&#41; teamspeak.exe -> C&#58;\Program Files &#40;x86&#41;\Teamspeak2_RC2\TeamSpeak.exe -> &#91;2003/08/29 17&#58;13&#58;04 | 001,436,160 | ---- | M&#93; &#40;Dominating Bytes Design&#41; &#91;Modules - Safe List&#93; ots.exe -> C&#58;\Documents and Settings\Administrator\Desktop\OTS.exe -> &#91;2010/02/21 01&#58;06&#58;15 | 000,632,320 | ---- | M&#93; &#40;OldTimer Tools&#41; guard32.dll -> C&#58;\WINDOWS\SysWOW64\guard32.dll -> &#91;2009/03/08 19&#58;55&#58;49 | 000,155,384 | ---- | M&#93; &#40;&#41; wininet.dll -> C&#58;\WINDOWS\SysWOW64\wininet.dll -> &#91;2009/03/03 14&#58;43&#58;34 | 000,826,368 | ---- | M&#93; &#40;Microsoft Corporation&#41; normaliz.dll -> C&#58;\WINDOWS\SysWOW64\normaliz.dll -> &#91;2006/06/29 09&#58;05&#58;44 | 000,023,552 | ---- | M&#93; &#40;Microsoft Corporation&#41; comres.dll -> C&#58;\WINDOWS\SysWOW64\comres.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,796,672 | ---- | M&#93; &#40;Microsoft Corporation&#41; comdlg32.dll -> C&#58;\WINDOWS\SysWOW64\comdlg32.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,281,088 | ---- | M&#93; &#40;Microsoft Corporation&#41; framedyn.dll -> C&#58;\WINDOWS\SysWOW64\wbem\framedyn.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,178,688 | ---- | M&#93; &#40;Microsoft Corporation&#41; msctfime.ime -> C&#58;\WINDOWS\SysWOW64\MSCTFIME.IME -> &#91;2005/03/25 08&#58;00&#58;00 | 000,177,152 | ---- | M&#93; &#40;Microsoft Corporation&#41; ws2help.dll -> C&#58;\WINDOWS\SysWOW64\ws2help.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,019,968 | ---- | M&#93; &#40;Microsoft Corporation&#41; fltlib.dll -> C&#58;\WINDOWS\SysWOW64\fltlib.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,017,408 | ---- | M&#93; &#40;Microsoft Corporation&#41; comctl32.dll -> C&#58;\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_0213CDC8\comctl32.dll -> &#91;2005/03/24 14&#58;29&#58;42 | 001,051,648 | ---- | M&#93; &#40;Microsoft Corporation&#41; &#91;Win32 Services - Safe List&#93; 64bit-&#40;cmdAgent&#41; &#91;Auto | Running&#93; -> C&#58;\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -> &#91;2009/03/08 19&#58;55&#58;05 | 001,043,192 | ---- | M&#93; &#40;&#41; &#40;Lavasoft Ad-Aware Service&#41; Lavasoft Ad-Aware Service &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWService.exe -> &#91;2010/02/19 00&#58;16&#58;34 | 001,229,232 | ---- | M&#93; &#40;Lavasoft&#41; &#40;JavaQuickStarterService&#41; Java Quick Starter &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jqs.exe -> &#91;2009/10/11 05&#58;17&#58;35 | 000,153,376 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41; &#40;DAUpdaterSvc&#41; Dragon Age&#58; Origins - Content Updater &#91;On_Demand | Stopped&#93; -> D&#58;\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -> &#91;2009/07/26 07&#58;43&#58;14 | 000,025,832 | ---- | M&#93; &#40;BioWare&#41; &#40;AntiVirService&#41; Avira AntiVir Guard &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe -> &#91;2009/07/21 14&#58;34&#58;33 | 000,185,089 | ---- | M&#93; &#40;Avira GmbH&#41; &#40;AntiVirSchedulerService&#41; Avira AntiVir Scheduler &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\sched.exe -> &#91;2009/05/13 16&#58;48&#58;22 | 000,108,289 | ---- | M&#93; &#40;Avira GmbH&#41; &#40;clr_optimization_v2.0.50727_64&#41; .NET Runtime Optimization Service v2.0.50727_x64 &#91;On_Demand | Stopped&#93; -> C&#58;\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> &#91;2008/07/25 11&#58;13&#58;48 | 000,093,184 | ---- | M&#93; &#40;Microsoft Corporation&#41; &#40;aspnet_state&#41; ASP.NET State Service &#91;On_Demand | Stopped&#93; -> C&#58;\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> &#91;2008/07/25 11&#58;13&#58;44 | 000,046,088 | ---- | M&#93; &#40;Microsoft Corporation&#41; &#40;WMPNetworkSvc&#41; Windows Media Player Network Sharing Service &#91;On_Demand | Stopped&#93; -> C&#58;\Program Files &#40;x86&#41;\Windows Media Player\WMPNetwk.exe -> &#91;2006/10/18 20&#58;05&#58;24 | 000,913,408 | ---- | M&#93; &#40;Microsoft Corporation&#41; &#40;RichVideo&#41; Cyberlink RichVideo Service&#40;CRVS&#41; &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\CyberLink\Shared Files\RichVideo.exe -> &#91;2005/08/08 14&#58;54&#58;00 | 000,167,936 | ---- | M&#93; &#40;&#41; &#40;IASJet&#41; IAS Jet Database Access &#91;On_Demand | Stopped&#93; -> C&#58;\WINDOWS\SysWOW64\iasrecst.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,162,816 | ---- | M&#93; &#40;Microsoft Corporation&#41; &#40;helpsvc&#41; Help and Support &#91;Auto | Running&#93; -> C&#58;\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,077,824 | ---- | M&#93; &#40;Microsoft Corporation&#41; &#91;Registry - Safe List&#93; < 64bit-Internet Explorer Settings &#91;HKEY_LOCAL_MACHINE\&#93; > -> -> HKEY_LOCAL_MACHINE\&#58; Main\\&#34;Local Page&#34; -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings &#91;HKEY_LOCAL_MACHINE\&#93; > -> -> HKEY_LOCAL_MACHINE\&#58; Main\\&#34;Local Page&#34; -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings &#91;HKEY_CURRENT_USER\&#93; > -> -> HKEY_CURRENT_USER\&#58; &#34;ProxyEnable&#34; -> 0 -> < FireFox Settings &#91;Prefs.js&#93; > -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\prefs.js -> extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}&#58;1.1.3 -> extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}&#58;0.8.20091209.4 -> extensions.enabledItems -> [email protected]&#58;1.0 -> extensions.enabledItems -> [email protected]&#58;1.5.1 -> extensions.enabledItems -> {11B4695B-1FC3-4A19-B63B-2789EDDA7A35}&#58;1.9.1 -> < FireFox Settings &#91;User.js&#93; > -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\user.js -> < FireFox Extensions &#91;HKLM&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C&#58;\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} &#91;C&#58;\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35}&#93; -> &#91;2010/02/25 20&#58;40&#58;28 | 000,000,000 | ---D | M&#93; HKLM\software\mozilla\Mozilla Firefox 3.6\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C&#58;\Program Files &#40;x86&#41;\Mozilla Firefox\components &#91;C&#58;\PROGRAM FILES &#40;X86&#41;\MOZILLA FIREFOX\COMPONENTS&#93; -> &#91;2010/03/11 16&#58;20&#58;24 | 000,000,000 | ---D | M&#93; HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C&#58;\Program Files &#40;x86&#41;\Mozilla Firefox\plugins &#91;C&#58;\PROGRAM FILES &#40;X86&#41;\MOZILLA FIREFOX\PLUGINS&#93; -> &#91;2010/03/11 16&#58;20&#58;24 | 000,000,000 | ---D | M&#93; < FireFox Extensions &#91;User Folders&#93; > -> -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> &#91;2009/01/28 21&#58;22&#58;28 | 000,000,000 | ---D | M&#93; -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions -> &#91;2010/03/14 20&#58;49&#58;54 | 000,000,000 | ---D | M&#93; Adblock Plus -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> &#91;2010/01/09 23&#58;10&#58;23 | 000,000,000 | ---D | M&#93; Greasemonkey -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> &#91;2009/12/13 20&#58;24&#58;14 | 000,000,000 | ---D | M&#93; -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\[email protected] -> &#91;2010/01/21 01&#58;55&#58;20 | 000,000,000 | ---D | M&#93; < FireFox Extensions &#91;Program Folders&#93; > -> -> C&#58;\Program Files &#40;x86&#41;\Mozilla Firefox\extensions -> &#91;2010/03/14 20&#58;49&#58;54 | 000,000,000 | ---D | M&#93; Hosts file not found -> -> < BHO&#39;s &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} &#91;HKLM&#93; -> C&#58;\Program Files &#40;x86&#41;\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll &#91;Adobe PDF Link Helper&#93; -> &#91;2009/12/21 19&#58;27&#58;44 | 000,075,200 | ---- | M&#93; &#40;Adobe Systems Incorporated&#41; {DBC80044-A445-435b-BC74-9C25C1C588A9} &#91;HKLM&#93; -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jp2ssv.dll &#91;Java&#40;tm&#41; Plug-In 2 SSV Helper&#93; -> &#91;2009/10/11 05&#58;17&#58;29 | 000,041,760 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41; {E7E6F031-17CE-4C07-BC86-EABFE594F69C} &#91;HKLM&#93; -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll &#91;JQSIEStartDetectorImpl Class&#93; -> &#91;2009/10/11 05&#58;17&#58;12 | 000,073,728 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41; < 64bit-Run &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> &#34;Alcmtr&#34; -> C&#58;\WINDOWS\Alcmtr.exe &#91;ALCMTR.EXE&#93; -> &#91;2005/05/03 06&#58;43&#58;28 | 000,069,632 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41; &#34;AlcWzrd&#34; -> C&#58;\WINDOWS\alcwzrd.exe &#91;ALCWZRD.EXE&#93; -> &#91;2006/05/04 04&#58;26&#58;36 | 002,808,832 | R--- | M&#93; &#40;RealTek Semicoductor Corp.&#41; &#34;COMODO Internet Security&#34; -> C&#58;\Program Files\Comodo\COMODO Internet Security\cfp.exe &#91;&#34;C&#58;\Program Files\Comodo\COMODO Internet Security\cfp.exe&#34; -h&#93; -> &#91;2009/03/08 19&#58;55&#58;15 | 009,247,480 | ---- | M&#93; &#40;&#41; &#34;NvCplDaemon&#34; -> C&#58;\WINDOWS\SysNative\NvCpl.DLL &#91;RUNDLL32.EXE C&#58;\WINDOWS\system32\NvCpl.dll,NvStartup&#93; -> File not found &#34;NvMediaCenter&#34; -> C&#58;\WINDOWS\SysNative\NvMcTray.DLL &#91;RUNDLL32.EXE C&#58;\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit&#93; -> File not found &#34;nwiz&#34; -> &#91;nwiz.exe /install&#93; -> File not found &#34;RTHDCPL&#34; -> C&#58;\WINDOWS\RTHDCPL.exe &#91;RTHDCPL.EXE&#93; -> &#91;2007/12/12 02&#58;55&#58;02 | 016,859,136 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41; &#34;SkyTel&#34; -> C&#58;\WINDOWS\SkyTel.exe &#91;SkyTel.EXE&#93; -> &#91;2007/11/20 06&#58;15&#58;58 | 001,826,816 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41; &#34;SoundMan&#34; -> C&#58;\WINDOWS\SoundMan.exe &#91;SOUNDMAN.EXE&#93; -> &#91;2006/07/21 04&#58;14&#58;36 | 000,086,016 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41; &#34;Start WingMan Profiler&#34; -> C&#58;\Program Files\Logitech\Gaming Software\LWEMon.exe &#91;C&#58;\Program Files\Logitech\Gaming Software\LWEMon.exe /noui&#93; -> &#91;2008/04/04 14&#58;30&#58;28 | 000,120,328 | ---- | M&#93; &#40;Logitech Inc.&#41; < Run &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> &#34;Adobe ARM&#34; -> C&#58;\Program Files &#40;x86&#41;\Common Files\Adobe\ARM\1.0\AdobeARM.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Common Files\Adobe\ARM\1.0\AdobeARM.exe&#34;&#93; -> &#91;2009/12/11 16&#58;57&#58;56 | 000,948,672 | R--- | M&#93; &#40;Adobe Systems Incorporated&#41; &#34;Adobe Reader Speed Launcher&#34; -> C&#58;\Program Files &#40;x86&#41;\Adobe\Reader 9.0\Reader\Reader_sl.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Adobe\Reader 9.0\Reader\Reader_sl.exe&#34;&#93; -> &#91;2009/12/22 02&#58;57&#58;28 | 000,035,760 | ---- | M&#93; &#40;Adobe Systems Incorporated&#41; &#34;avgnt&#34; -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avgnt.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avgnt.exe&#34; /min&#93; -> &#91;2009/03/02 13&#58;08&#58;47 | 000,209,153 | ---- | M&#93; &#40;Avira GmbH&#41; &#34;LanguageShortcut&#34; -> C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\Language\Language.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\Language\Language.exe&#34;&#93; -> &#91;2006/12/05 23&#58;55&#58;32 | 000,054,832 | ---- | M&#93; &#40;&#41; &#34;QuickTime Task&#34; -> C&#58;\Program Files &#40;x86&#41;\QuickTime\qttask.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\QuickTime\qttask.exe&#34; -atboottime&#93; -> &#91;2009/05/26 17&#58;18&#58;30 | 000,413,696 | ---- | M&#93; &#40;Apple Inc.&#41; &#34;RemoteControl&#34; -> C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\PDVDServ.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\PDVDServ.exe&#34;&#93; -> &#91;2006/12/06 19&#58;37&#58;40 | 000,069,216 | ---- | M&#93; &#40;Cyberlink Corp.&#41; &#34;SunJavaUpdateSched&#34; -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jusched.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jusched.exe&#34;&#93; -> &#91;2009/10/11 05&#58;17&#58;36 | 000,149,280 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41; &#34;Upabifexeme&#34; -> C&#58;\WINDOWS\ibatibuxerugug.DLL &#91;rundll32.exe &#34;C&#58;\WINDOWS\ibatibuxerugug.dll&#34;,Startup&#93; -> File not found &#34;WinampAgent&#34; -> C&#58;\Program Files &#40;x86&#41;\Winamp\winampa.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Winamp\winampa.exe&#34;&#93; -> &#91;2008/08/03 19&#58;02&#58;20 | 000,036,352 | ---- | M&#93; &#40;&#41; < Run &#91;HKEY_CURRENT_USER\&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> &#34;DAEMON Tools Lite&#34; -> C&#58;\Program Files &#40;x86&#41;\DAEMON Tools Lite\daemon.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\DAEMON Tools Lite\daemon.exe&#34; -autorun&#93; -> &#91;2009/04/23 09&#58;51&#58;38 | 000,691,656 | ---- | M&#93; &#40;DT Soft Ltd&#41; &#34;Paladin Antivirus&#34; -> C&#58;\Program Files &#40;x86&#41;\Paladin Antivirus\pav.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Paladin Antivirus\pav.exe&#34; -noscan&#93; -> File not found < Administrator Startup Folder > -> C&#58;\Documents and Settings\Administrator\Start Menu\Programs\Startup -> C&#58;\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> &#91;2010/02/26 01&#58;10&#58;20 | 021,979,992 | ---- | M&#93; &#40;&#41; C&#58;\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to pidgin.lnk -> C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe -> &#91;2007/12/07 14&#58;53&#58;28 | 000,044,658 | ---- | M&#93; &#40;The Pidgin developer community&#41; C&#58;\Documents and Settings\Administrator\Start Menu\Programs\Startup\Teamspeak 2 RC2.lnk -> C&#58;\Program Files &#40;x86&#41;\Teamspeak2_RC2\TeamSpeak.exe -> &#91;2003/08/29 17&#58;13&#58;04 | 001,436,160 | ---- | M&#93; &#40;Dominating Bytes Design&#41; < All Users Startup Folder > -> C&#58;\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Software Policy Settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main \Main\\&#34;DisableFirstRunCustomize&#34; -> &#91;1&#93; -> File not found < CurrentVersion Policy Settings - Explorer &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\&#34;NoActiveDesktop&#34; -> &#91;1&#93; -> File not found \\&#34;HonorAutoRunSetting&#34; -> &#91;1&#93; -> File not found < CurrentVersion Policy Settings - System &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\&#34;EnableLUA&#34; -> &#91;0&#93; -> File not found < CurrentVersion Policy Settings - Explorer &#91;HKEY_CURRENT_USER&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\&#34;NoDriveTypeAutoRun&#34; -> &#91;145&#93; -> File not found < CurrentVersion Policy Settings - System &#91;HKEY_CURRENT_USER&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < 64bit-Internet Explorer Extensions &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {FB5F1910-F110-11d2-BB9E-00C04F795683}&#58;Exec &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Button&#58; Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41; {FB5F1910-F110-11d2-BB9E-00C04F795683}&#58;Exec &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Menu&#58; Windows Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41; < Internet Explorer Extensions &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {FB5F1910-F110-11d2-BB9E-00C04F795683}&#58;Exec &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Button&#58; Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41; {FB5F1910-F110-11d2-BB9E-00C04F795683}&#58;Exec &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Menu&#58; Windows Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41; < Internet Explorer Extensions &#91;HKEY_CURRENT_USER\&#93; > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 64bit-CmdMapping\\&#34;{FB5F1910-F110-11d2-BB9E-00C04F795683}&#34; &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41; CmdMapping\\&#34;{FB5F1910-F110-11d2-BB9E-00C04F795683}&#34; &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41; < 64bit-Internet Explorer Plugins &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http&#58;//activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix &#34;&#34; -> http&#58;// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix &#34;&#34; -> http&#58;// < 64bit-Trusted Sites Domains &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> &#91;Key&#93; 1 domain&#40;s&#41; found. -> 1 domain&#40;s&#41; and sub-domain&#40;s&#41; not assigned to a zone. < 64bit-Trusted Sites Ranges &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> &#91;Key&#93; 0 range&#40;s&#41; found. -> < Trusted Sites Domains &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> &#91;Key&#93; 3 domain&#40;s&#41; found. -> 1 domain&#40;s&#41; and sub-domain&#40;s&#41; not assigned to a zone. < Trusted Sites Ranges &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> &#91;Key&#93; 0 range&#40;s&#41; found. -> < Trusted Sites Domains &#91;HKEY_CURRENT_USER\&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> &#91;Key&#93; 5 domain&#40;s&#41; found. -> < Trusted Sites Ranges &#91;HKEY_CURRENT_USER\&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> &#91;Key&#93; 0 range&#40;s&#41; found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} &#91;HKLM&#93; -> http&#58;//java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab &#91;Java Plug-in 1.6.0_17&#93; -> {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} &#91;HKLM&#93; -> http&#58;//java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab &#91;Java Plug-in 1.6.0_17&#93; -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} &#91;HKLM&#93; -> http&#58;//java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab &#91;Java Plug-in 1.6.0_17&#93; -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} &#91;HKLM&#93; -> http&#58;//platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab &#91;Reg Error&#58; Key error.&#93; -> < Name Servers &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.10.1 -> < Name Servers &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {944C44C7-2DF1-496F-9075-FB92F9A12CAF}\\DhcpNameServer -> 192.168.10.1 &#40;Realtek RTL8169/8110 Family Gigabit Ethernet NIC&#41; -> < 64bit-Winlogon settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C&#58;\WINDOWS\explorer.exe -> &#91;2005/03/25 08&#58;00&#58;00 | 001,364,480 | ---- | M&#93; &#40;Microsoft Corporation&#41; *MultiFile Done* -> -> 64bit-*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> %SystemRoot%\system32\logonui.exe -> C&#58;\WINDOWS\SysNative\logonui.exe -> File not found *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> Control_RunDLL &#34;sysdm.cpl&#34; -> -> File not found *MultiFile Done* -> -> < Winlogon settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C&#58;\WINDOWS\SysWow64\explorer.exe -> &#91;2005/03/25 08&#58;00&#58;00 | 001,050,624 | ---- | M&#93; &#40;Microsoft Corporation&#41; *MultiFile Done* -> -> *System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System -> lsass.exe -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> crypt32chain -> -> File not found cryptnet -> -> File not found cscdll -> -> File not found dimsntfy -> -> File not found ScCertProp -> -> File not found Schedule -> -> File not found sclgntfy -> -> File not found SensLogn -> -> File not found termsrv -> -> File not found wlballoon -> -> File not found < Winlogon\Notify settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> ScCertProp -> -> File not found Schedule -> -> File not found SensLogn -> -> File not found wlballoon -> -> File not found < 64bit-SSODL &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> &#34;{35CEC8A3-2BE6-11D2-8773-92E220524153}&#34; &#91;HKLM&#93; -> C&#58;\WINDOWS\SysNative\stobject.dll &#91;SysTray&#93; -> File not found &#34;{AAA288BA-9A4C-45B0-95D7-94D524869DB5}&#34; &#91;HKLM&#93; -> C&#58;\WINDOWS\SysNative\WPDShServiceObj.dll &#91;WPDShServiceObj&#93; -> File not found < SSODL &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> &#34;{267567d2-fbba-4019-94da-8470f88fb05d}&#34; &#91;HKLM&#93; -> Reg Error&#58; Key error. &#91;dedosasab&#93; -> File not found &#34;{705c8702-2953-4700-85e2-372ac8232866}&#34; &#91;HKLM&#93; -> Reg Error&#58; Key error. &#91;gikuvihid&#93; -> File not found &#34;{f4db9296-7c54-4444-bfea-4dc2d0073a57}&#34; &#91;HKLM&#93; -> Reg Error&#58; Key error. &#91;yiniketub&#93; -> File not found < 64bit-ShellExecuteHooks &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> &#34;{AEB6717E-7E19-11d0-97EE-00C04FD91972}&#34; &#91;HKLM&#93; -> &#91;&#93; -> File not found < SecurityProviders &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll -> -> File not found schannel.dll -> -> File not found digest.dll -> -> File not found msnsspc.dll -> -> File not found *MultiFile Done* -> -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> &#34;%windir%\system32\sessmgr.exe&#34; -> C&#58;\WINDOWS\SysWow64\sessmgr.exe &#91;%windir%\system32\sessmgr.exe&#58;*&#58;enabled&#58;@xpsp2res.dll,-22019&#93; -> File not found &#34;C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe&#34; -> C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe &#91;C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe&#58;*&#58;Enabled&#58;Dropbox&#93; -> &#91;2010/02/26 01&#58;10&#58;20 | 021,979,992 | ---- | M&#93; &#40;&#41; &#34;C&#58;\Documents and Settings\Administrator\Desktop\OTM.exe&#34; -> C&#58;\Documents and Settings\Administrator\Desktop\OTM.exe &#91;C&#58;\Documents and Settings\Administrator\Desktop\OTM.exe&#58;*&#58;Enabled&#58;OTM&#93; -> &#91;2010/02/26 11&#58;33&#58;49 | 000,504,832 | ---- | M&#93; &#40;OldTimer Tools&#41; &#34;C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe &#91;C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe&#58;*&#58;Enabled&#58;avguard&#93; -> &#91;2009/07/21 14&#58;34&#58;33 | 000,185,089 | ---- | M&#93; &#40;Avira GmbH&#41; &#34;C&#58;\Program Files &#40;x86&#41;\CCP\EVE\bin\ExeFile.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\CCP\EVE\bin\ExeFile.exe &#91;C&#58;\Program Files &#40;x86&#41;\CCP\EVE\bin\ExeFile.exe&#58;*&#58;Enabled&#58;CCP ExeFile&#93; -> &#91;2009/12/11 19&#58;37&#58;23 | 000,516,936 | ---- | M&#93; &#40;CCP hf.&#41; &#34;C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWTray.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWTray.exe &#91;C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWTray.exe&#58;*&#58;Enabled&#58;AAWTray&#93; -> &#91;2010/02/19 00&#58;16&#58;36 | 000,815,184 | ---- | M&#93; &#40;Lavasoft&#41; &#34;C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe &#91;C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe&#58;*&#58;Enabled&#58;Pidgin&#93; -> &#91;2007/12/07 14&#58;53&#58;28 | 000,044,658 | ---- | M&#93; &#40;The Pidgin developer community&#41; &#34;C&#58;\Program Files &#40;x86&#41;\RndLabs\BaboViolent 2\bv2.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\RndLabs\BaboViolent 2\bv2.exe &#91;C&#58;\Program Files &#40;x86&#41;\RndLabs\BaboViolent 2\bv2.exe&#58;*&#58;Enabled&#58;bv2&#93; -> &#91;2008/04/21 00&#58;13&#58;44 | 000,778,240 | ---- | M&#93; &#40;&#41; &#34;C&#58;\Program Files &#40;x86&#41;\SEGA\Medieval II Total War\medieval2.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\SEGA\Medieval II Total War\medieval2.exe &#91;C&#58;\Program Files &#40;x86&#41;\SEGA\Medieval II Total War\medieval2.exe&#58;*&#58;Enabled&#58;Medieval 2&#58; Total War&#93; -> &#91;2009/01/29 16&#58;20&#58;30 | 019,779,584 | ---- | M&#93; &#40;The Creative Assembly Ltd&#41; &#34;C&#58;\Program Files &#40;x86&#41;\uTorrent\uTorrent.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\uTorrent\uTorrent.exe &#91;C&#58;\Program Files &#40;x86&#41;\uTorrent\uTorrent.exe&#58;*&#58;Enabled&#58;µTorrent&#93; -> &#91;2010/03/14 15&#58;47&#58;20 | 000,319,792 | ---- | M&#93; &#40;BitTorrent, Inc.&#41; &#34;C&#58;\WINDOWS\system32\dpvsetup.exe&#34; -> C&#58;\WINDOWS\SysWow64\dpvsetup.exe &#91;C&#58;\WINDOWS\system32\dpvsetup.exe&#58;*&#58;Enabled&#58;Microsoft DirectPlay Voice Test&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 000,083,968 | ---- | M&#93; &#40;Microsoft Corporation&#41; &#34;C&#58;\WINDOWS\SysWOW64\javaw.exe&#34; -> C&#58;\WINDOWS\SysWOW64\javaw.exe &#91;C&#58;\WINDOWS\SysWOW64\javaw.exe&#58;*&#58;Enabled&#58;javaw&#93; -> &#91;2009/10/11 05&#58;17&#58;32 | 000,145,184 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41; &#34;D&#58;\EVE\bin\ExeFile.exe&#34; -> D&#58;\EVE\bin\ExeFile.exe &#91;D&#58;\EVE\bin\ExeFile.exe&#58;*&#58;Enabled&#58;CCP ExeFile&#93; -> &#91;2008/12/05 12&#58;39&#58;22 | 000,513,280 | ---- | M&#93; &#40;CCP hf.&#41; &#34;D&#58;\Games\Anno 1404\tools\Anno4Web.exe&#34; -> D&#58;\Games\Anno 1404\tools\Anno4Web.exe &#91;D&#58;\Games\Anno 1404\tools\Anno4Web.exe&#58;*&#58;Enabled&#58;Anno4Web&#93; -> &#91;2009/05/23 16&#58;48&#58;00 | 001,320,232 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Games\Dark Oberon\dark-oberon.exe&#34; -> D&#58;\Games\Dark Oberon\dark-oberon.exe &#91;D&#58;\Games\Dark Oberon\dark-oberon.exe&#58;*&#58;Enabled&#58;dark-oberon&#93; -> &#91;2006/11/01 15&#58;10&#58;40 | 000,532,480 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Games\Dead Space\Dead Space.exe&#34; -> D&#58;\Games\Dead Space\Dead Space.exe &#91;D&#58;\Games\Dead Space\Dead Space.exe&#58;*&#58;Disabled&#58;Dead Space â„¢&#93; -> &#91;2008/11/01 10&#58;17&#58;11 | 013,733,888 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Games\Dragon Age\bin_ship\daorigins.exe&#34; -> D&#58;\Games\Dragon Age\bin_ship\daorigins.exe &#91;D&#58;\Games\Dragon Age\bin_ship\daorigins.exe&#58;*&#58;Enabled&#58;Dragon Age Origins Game&#93; -> &#91;2009/11/02 03&#58;57&#58;00 | 009,909,480 | ---- | M&#93; &#40;BioWare&#41; &#34;D&#58;\Games\Dragon Age\bin_ship\daupdatersvc.service.exe&#34; -> D&#58;\Games\Dragon Age\bin_ship\daupdatersvc.service.exe &#91;D&#58;\Games\Dragon Age\bin_ship\daupdatersvc.service.exe&#58;*&#58;Enabled&#58;Dragon Age Origins Updater&#93; -> &#91;2009/07/26 07&#58;43&#58;14 | 000,025,832 | ---- | M&#93; &#40;BioWare&#41; &#34;D&#58;\Games\Dragon Age\DAOriginsLauncher.exe&#34; -> D&#58;\Games\Dragon Age\DAOriginsLauncher.exe &#91;D&#58;\Games\Dragon Age\DAOriginsLauncher.exe&#58;*&#58;Enabled&#58;Dragon Age Origins Launcher&#93; -> &#91;2009/08/10 11&#58;59&#58;08 | 001,246,440 | ---- | M&#93; &#40;BioWare&#41; &#34;D&#58;\Games\Glest_3.2.2\glest.exe&#34; -> D&#58;\Games\Glest_3.2.2\glest.exe &#91;D&#58;\Games\Glest_3.2.2\glest.exe&#58;*&#58;Enabled&#58;glest&#93; -> &#91;2009/04/02 20&#58;03&#58;30 | 001,230,336 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Games\Kane and Lynch Dead Men\kaneandlynch.exe&#34; -> D&#58;\Games\Kane and Lynch Dead Men\kaneandlynch.exe &#91;D&#58;\Games\Kane and Lynch Dead Men\kaneandlynch.exe&#58;*&#58;Enabled&#58;Kane & Lynch&#58; Dead Men&#93; -> &#91;2007/11/10 21&#58;11&#58;24 | 007,542,024 | ---- | M&#93; &#40;Io Interactive A/S&#41; &#34;D&#58;\Games\Mass Effect\Binaries\MassEffect.exe&#34; -> D&#58;\Games\Mass Effect\Binaries\MassEffect.exe &#91;D&#58;\Games\Mass Effect\Binaries\MassEffect.exe&#58;*&#58;Enabled&#58;Mass Effect Game&#93; -> &#91;2008/05/29 18&#58;34&#58;19 | 048,956,922 | ---- | M&#93; &#40;BioWare&#41; &#34;D&#58;\Games\Mass Effect\MassEffectLauncher.exe&#34; -> D&#58;\Games\Mass Effect\MassEffectLauncher.exe &#91;D&#58;\Games\Mass Effect\MassEffectLauncher.exe&#58;*&#58;Enabled&#58;Mass Effect Launcher&#93; -> &#91;2008/05/07 12&#58;19&#58;36 | 000,730,344 | ---- | M&#93; &#40;BioWare&#41; &#34;D&#58;\Games\Operation Flashpoint - Dragon Rising\OFDR.exe&#34; -> D&#58;\Games\Operation Flashpoint - Dragon Rising\OFDR.exe &#91;D&#58;\Games\Operation Flashpoint - Dragon Rising\OFDR.exe&#58;*&#58;Enabled&#58;OF Dragon Rising&#93; -> &#91;2009/10/06 17&#58;22&#58;36 | 020,094,976 | ---- | M&#93; &#40;Codemasters Software Company Limited&#41; &#34;D&#58;\Games\Prototype\prototypef.exe&#34; -> D&#58;\Games\Prototype\prototypef.exe &#91;D&#58;\Games\Prototype\prototypef.exe&#58;*&#58;Enabled&#58;Prototype&#40;TM&#41;&#93; -> &#91;2009/06/09 14&#58;43&#58;00 | 002,269,232 | ---- | M&#93; &#40;Activision&#41; &#34;D&#58;\Games\Warcraft III\Warcraft III.exe&#34; -> D&#58;\Games\Warcraft III\Warcraft III.exe &#91;D&#58;\Games\Warcraft III\Warcraft III.exe&#58;*&#58;Enabled&#58;Warcraft III&#93; -> &#91;2009/04/14 17&#58;00&#58;10 | 000,274,432 | ---- | M&#93; &#40;Blizzard Entertainment&#41; &#34;D&#58;\Games\Wolfenstein\MP\Wolf2MP.exe&#34; -> D&#58;\Games\Wolfenstein\MP\Wolf2MP.exe &#91;D&#58;\Games\Wolfenstein\MP\Wolf2MP.exe&#58;*&#58;Enabled&#58;Wolfenstein&#40;TM&#41;&#93; -> &#91;2009/07/22 19&#58;46&#58;40 | 006,399,248 | ---- | M&#93; &#40;Activision&#41; &#34;D&#58;\Games\Wolfenstein\MP\Wolf2MPLite.exe&#34; -> D&#58;\Games\Wolfenstein\MP\Wolf2MPLite.exe &#91;D&#58;\Games\Wolfenstein\MP\Wolf2MPLite.exe&#58;*&#58;Enabled&#58;Wolfenstein&#40;TM&#41;&#93; -> &#91;2009/07/22 19&#58;46&#58;40 | 006,042,896 | ---- | M&#93; &#40;Activision&#41; &#34;D&#58;\Games\Worms Armageddon - New Edition\WA.exe&#34; -> D&#58;\Games\Worms Armageddon - New Edition\WA.exe &#91;D&#58;\Games\Worms Armageddon - New Edition\WA.exe&#58;*&#58;Enabled&#58;Worms Armageddon&#93; -> &#91;2007/07/05 12&#58;05&#58;59 | 004,378,624 | ---- | M&#93; &#40;Team17 Software Ltd&#41; &#34;D&#58;\Steam\Steam.exe&#34; -> D&#58;\Steam\Steam.exe &#91;D&#58;\Steam\Steam.exe&#58;*&#58;Enabled&#58;Steam&#93; -> &#91;2010/02/26 14&#58;30&#58;48 | 001,217,872 | ---- | M&#93; &#40;Valve Corporation&#41; &#34;D&#58;\Steam\steamapps\andre2account\the ship\ship.exe&#34; -> D&#58;\Steam\steamapps\andre2account\the ship\ship.exe &#91;D&#58;\Steam\steamapps\andre2account\the ship\ship.exe&#58;*&#58;Enabled&#58;ship&#93; -> &#91;2009/04/03 18&#58;46&#58;35 | 000,090,112 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe&#34; -> D&#58;\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe &#91;D&#58;\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe&#58;*&#58;Enabled&#58;AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity Demo&#93; -> &#91;2009/10/19 20&#58;06&#58;33 | 000,049,152 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\batman arkham asylum\Batman_Revoker.exe&#34; -> D&#58;\Steam\steamapps\common\batman arkham asylum\Batman_Revoker.exe &#91;D&#58;\Steam\steamapps\common\batman arkham asylum\Batman_Revoker.exe&#58;*&#58;Enabled&#58;Batman&#58; Arkham Asylum - License Revoking Tool&#93; -> &#91;2010/03/13 23&#58;10&#58;45 | 006,969,480 | ---- | M&#93; &#40;Sony DADC Austria AG&#41; &#34;D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\BmLauncher.exe&#34; -> D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\BmLauncher.exe &#91;D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\BmLauncher.exe&#58;*&#58;Enabled&#58;Batman&#58; Arkham Asylum&#93; -> &#91;2010/03/13 23&#58;09&#58;54 | 008,578,312 | ---- | M&#93; &#40;Rocksteady Studios Ltd&#41; &#34;D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\ShippingPC-BmGame.exe&#34; -> D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\ShippingPC-BmGame.exe &#91;D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\ShippingPC-BmGame.exe&#58;*&#58;Enabled&#58;BmGame&#93; -> &#91;2010/03/13 23&#58;44&#58;43 | 040,387,848 | ---- | M&#93; &#40;Rocksteady Studios Ltd&#41; &#34;D&#58;\Steam\steamapps\common\battleforge\Bootstrapper.exe&#34; -> D&#58;\Steam\steamapps\common\battleforge\Bootstrapper.exe &#91;D&#58;\Steam\steamapps\common\battleforge\Bootstrapper.exe&#58;*&#58;Enabled&#58;Battleforge Demo&#93; -> &#91;2009/08/13 13&#58;12&#58;36 | 005,797,240 | ---- | M&#93; &#40;EA Phenomic&#41; &#34;D&#58;\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe&#34; -> D&#58;\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe &#91;D&#58;\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe&#58;*&#58;Enabled&#58;Bioshock&#93; -> &#91;2009/10/23 22&#58;57&#58;26 | 009,932,800 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe&#34; -> D&#58;\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe &#91;D&#58;\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe&#58;*&#58;Enabled&#58;Blueberry Garden Demo&#93; -> &#91;2009/12/14 01&#58;02&#58;01 | 000,160,256 | ---- | M&#93; &#40;Erik Svedäng&#41; &#34;D&#58;\Steam\steamapps\common\champions online\Champions Online.exe&#34; -> D&#58;\Steam\steamapps\common\champions online\Champions Online.exe &#91;D&#58;\Steam\steamapps\common\champions online\Champions Online.exe&#58;*&#58;Enabled&#58;Cryptic Game Launcher&#93; -> File not found &#34;D&#58;\Steam\steamapps\common\company of heroes\help.htm&#34; -> D&#58;\Steam\steamapps\common\company of heroes\help.htm &#91;D&#58;\Steam\steamapps\common\company of heroes\help.htm&#58;*&#58;Enabled&#58;Company of Heroes&#93; -> &#91;2009/04/16 14&#58;00&#58;27 | 000,000,213 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\company of heroes\RelicCOH.exe&#34; -> D&#58;\Steam\steamapps\common\company of heroes\RelicCOH.exe &#91;D&#58;\Steam\steamapps\common\company of heroes\RelicCOH.exe&#58;*&#58;Enabled&#58;Company of Heroes&#93; -> &#91;2009/12/24 03&#58;10&#58;25 | 009,266,056 | ---- | M&#93; &#40;THQ Canada Inc.&#41; &#34;D&#58;\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe&#34; -> D&#58;\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe &#91;D&#58;\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe&#58;*&#58;Enabled&#58;Dangerous High School Girls in Trouble&#93; -> &#91;2009/12/24 01&#58;15&#58;36 | 000,038,400 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\fallout 3\Fallout3.exe&#34; -> D&#58;\Steam\steamapps\common\fallout 3\Fallout3.exe &#91;D&#58;\Steam\steamapps\common\fallout 3\Fallout3.exe&#58;*&#58;Enabled&#58;Fallout3&#93; -> &#91;2009/08/14 23&#58;02&#58;52 | 015,044,024 | ---- | M&#93; &#40;Bethesda Softworks&#41; &#34;D&#58;\Steam\steamapps\common\fallout 3\FalloutLauncher.exe&#34; -> D&#58;\Steam\steamapps\common\fallout 3\FalloutLauncher.exe &#91;D&#58;\Steam\steamapps\common\fallout 3\FalloutLauncher.exe&#58;*&#58;Enabled&#58;Fallout 3&#93; -> &#91;2009/01/28 21&#58;47&#58;38 | 001,900,544 | ---- | M&#93; &#40;Bethesda Softworks&#41; &#34;D&#58;\Steam\steamapps\common\just cause 2 demo\JustCause2.exe&#34; -> D&#58;\Steam\steamapps\common\just cause 2 demo\JustCause2.exe &#91;D&#58;\Steam\steamapps\common\just cause 2 demo\JustCause2.exe&#58;*&#58;Enabled&#58;Just Cause 2 Demo&#93; -> &#91;2010/03/11 14&#58;28&#58;08 | 014,547,744 | ---- | M&#93; &#40;Avalanche Studios&#41; &#34;D&#58;\Steam\steamapps\common\just cause\JCSetup.exe&#34; -> D&#58;\Steam\steamapps\common\just cause\JCSetup.exe &#91;D&#58;\Steam\steamapps\common\just cause\JCSetup.exe&#58;*&#58;Enabled&#58;Just Cause&#93; -> &#91;2010/03/14 01&#58;22&#58;20 | 000,196,608 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\just cause\JustCause.exe&#34; -> D&#58;\Steam\steamapps\common\just cause\JustCause.exe &#91;D&#58;\Steam\steamapps\common\just cause\JustCause.exe&#58;*&#58;Enabled&#58;Just Cause&#93; -> &#91;2010/03/14 01&#58;27&#58;21 | 001,846,272 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\killingfloor\System\KillingFloor.exe&#34; -> D&#58;\Steam\steamapps\common\killingfloor\System\KillingFloor.exe &#91;D&#58;\Steam\steamapps\common\killingfloor\System\KillingFloor.exe&#58;*&#58;Enabled&#58;Killing Floor&#93; -> &#91;2009/11/04 22&#58;05&#58;47 | 000,192,512 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe&#34; -> D&#58;\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe &#91;D&#58;\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe&#58;*&#58;Enabled&#58;left4dead2&#93; -> &#91;2009/11/03 20&#58;51&#58;14 | 000,385,024 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\left 4 dead 2\left4dead2.exe&#34; -> D&#58;\Steam\steamapps\common\left 4 dead 2\left4dead2.exe &#91;D&#58;\Steam\steamapps\common\left 4 dead 2\left4dead2.exe&#58;*&#58;Enabled&#58;Left 4 Dead 2&#93; -> &#91;2009/11/17 09&#58;47&#58;27 | 000,385,024 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\left 4 dead\left4dead.exe&#34; -> D&#58;\Steam\steamapps\common\left 4 dead\left4dead.exe &#91;D&#58;\Steam\steamapps\common\left 4 dead\left4dead.exe&#58;*&#58;Enabled&#58;Left 4 Dead&#93; -> &#91;2009/04/22 11&#58;10&#58;00 | 000,098,304 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe&#34; -> D&#58;\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe &#91;D&#58;\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe&#58;*&#58;Enabled&#58;Oddworld&#58; Abe&#39;s Exoddus&#93; -> &#91;2009/12/24 01&#58;34&#58;50 | 002,289,664 | ---- | M&#93; &#40;Oddworld Inhabitants, Inc.&#41; &#34;D&#58;\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe&#34; -> D&#58;\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe &#91;D&#58;\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe&#58;*&#58;Enabled&#58;Oddworld&#58; Abe&#39;s Oddysee&#93; -> &#91;2009/12/24 03&#58;21&#58;37 | 001,132,032 | ---- | M&#93; &#40;Oddworld Inhabitants, Inc.&#41; &#34;D&#58;\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe&#34; -> D&#58;\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe &#91;D&#58;\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe&#58;*&#58;Enabled&#58;R.U.S.E. Beta&#93; -> &#91;2010/03/11 19&#58;24&#58;45 | 024,486,912 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\common\raycatcher demo\Raycatcher.exe&#34; -> D&#58;\Steam\steamapps\common\raycatcher demo\Raycatcher.exe &#91;D&#58;\Steam\steamapps\common\raycatcher demo\Raycatcher.exe&#58;*&#58;Enabled&#58;Raycatcher Demo&#93; -> &#91;2009/04/18 16&#58;14&#58;05 | 002,287,104 | ---- | M&#93; &#40;GarageGames&#41; &#34;D&#58;\Steam\steamapps\common\time gentlemen, please!\TGP.exe&#34; -> D&#58;\Steam\steamapps\common\time gentlemen, please!\TGP.exe &#91;D&#58;\Steam\steamapps\common\time gentlemen, please!\TGP.exe&#58;*&#58;Enabled&#58;Time Gentlemen, Please!&#93; -> &#91;2010/01/10 19&#58;46&#58;02 | 074,077,811 | ---- | M&#93; &#40;Chris Jones&#41; &#34;D&#58;\Steam\steamapps\common\time gentlemen, please!\winsetup.exe&#34; -> D&#58;\Steam\steamapps\common\time gentlemen, please!\winsetup.exe &#91;D&#58;\Steam\steamapps\common\time gentlemen, please!\winsetup.exe&#58;*&#58;Enabled&#58;Time Gentlemen, Please!&#93; -> &#91;2010/01/10 19&#58;45&#58;15 | 000,110,612 | ---- | M&#93; &#40;Chris Jones&#41; &#34;D&#58;\Steam\steamapps\common\tomb raider anniversary\tra.exe&#34; -> D&#58;\Steam\steamapps\common\tomb raider anniversary\tra.exe &#91;D&#58;\Steam\steamapps\common\tomb raider anniversary\tra.exe&#58;*&#58;Enabled&#58;Tomb Raider&#58; Anniversary&#93; -> &#91;2009/04/03 18&#58;46&#58;33 | 001,170,944 | ---- | M&#93; &#40;Eidos Inc.&#41; &#34;D&#58;\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe&#34; -> D&#58;\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe &#91;D&#58;\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe&#58;*&#58;Enabled&#58;DOW2&#93; -> File not found &#34;D&#58;\Steam\steamapps\common\world of goo\WorldOfGoo.exe&#34; -> D&#58;\Steam\steamapps\common\world of goo\WorldOfGoo.exe &#91;D&#58;\Steam\steamapps\common\world of goo\WorldOfGoo.exe&#58;*&#58;Enabled&#58;World of Goo&#93; -> &#91;2009/03/08 19&#58;31&#58;13 | 002,203,648 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\[email protected]\age of chivalry\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\age of chivalry\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\age of chivalry\hl2.exe&#58;*&#58;Disabled&#58;hl2&#93; -> &#91;2009/12/26 13&#58;08&#58;01 | 000,098,304 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\[email protected]\counter-strike source\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\counter-strike source\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\counter-strike source\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2009/12/14 11&#58;37&#58;06 | 000,106,496 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\[email protected]\day of defeat source\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\day of defeat source\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\day of defeat source\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2010/03/15 20&#58;00&#58;13 | 000,103,736 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\[email protected]\dystopia\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\dystopia\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\dystopia\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2009/03/04 01&#58;08&#58;33 | 000,106,496 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\[email protected]\eternal-silence\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\eternal-silence\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\eternal-silence\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2009/02/20 13&#58;24&#58;33 | 000,106,496 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]ail.com\pirates, vikings, and knights ii\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2010/02/14 22&#58;25&#58;43 | 000,098,304 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\[email protected]\smashball\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\smashball\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\smashball\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2009/08/12 15&#58;33&#58;52 | 000,098,304 | ---- | M&#93; &#40;&#41; &#34;D&#58;\Steam\steamapps\[email protected]\team fortress 2\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\team fortress 2\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\team fortress 2\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> File not found < SafeBoot AlternateShell &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting &#91;HKEY_LOCAL_MACHINE&#93;> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> &#34;AutoRun&#34; -> 1 -> &#34;DisplayName&#34; -> CD-ROM Driver -> &#34;ImagePath&#34; -> C&#58;\WINDOWS\SysNative\DRIVERS\cdrom.sys &#91;system32\DRIVERS\cdrom.sys&#93; -> File not found < Drives with AutoRun files > -> -> C&#58;\AUTOEXEC.BAT &#91;&#93; -> C&#58;\AUTOEXEC.BAT &#91; NTFS &#93; -> &#91;2009/01/28 21&#58;14&#58;31 | 000,000,000 | ---- | M&#93; &#40;&#41; E&#58;\Autorun.inf &#91;&#91;autorun&#93; | Open=demo32.exe | Icon=Lws.Ico | &#93; -> E&#58;\Autorun.inf &#91; CDFS &#93; -> &#91;2007/10/15 15&#58;03&#58;27 | 000,000,040 | R--- | M&#93; &#40;&#41; < MountPoints2 &#91;HKEY_CURRENT_USER&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\\&#34;&#34; -> &#91;AutoRun&#93; -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\\&#34;&#34; -> &#91;Auto&Play&#93; -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command\\&#34;&#34; -> H&#58;\LaunchU3.exe &#91;H&#58;\LaunchU3.exe -a&#93; -> File not found \{885b927e-a78c-11de-83d9-00e04c77ba7a} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell \{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\\&#34;&#34; -> &#91;AutoRun&#93; -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun \{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun\\&#34;&#34; -> &#91;Auto&Play&#93; -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\&#91;command&#93;\command -> 64bit-comfile &#91;open&#93; -> &#34;%1&#34; %* -> File not found 64bit-exefile &#91;open&#93; -> &#34;%1&#34; %* -> File not found comfile &#91;open&#93; -> &#34;%1&#34; %* -> exefile &#91;open&#93; -> &#34;%1&#34; %* -> &#91;Files/Folders - Created Within 14 Days&#93; Comical -> C&#58;\Program Files &#40;x86&#41;\Comical -> &#91;2010/03/14 23&#58;36&#58;47 | 000,000,000 | ---D | C&#93; JustCause -> C&#58;\Documents and Settings\Administrator\My Documents\JustCause -> &#91;2010/03/14 15&#58;03&#58;51 | 000,000,000 | ---D | C&#93; _OTS -> C&#58;\_OTS -> &#91;2010/03/12 20&#58;16&#58;34 | 000,000,000 | ---D | C&#93; RootRepeal.exe -> C&#58;\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> &#91;2010/03/04 11&#58;29&#58;55 | 000,472,064 | ---- | C&#93; &#40; &#41; Microsoft -> C&#58;\Documents and Settings\LocalService\Application Data\Microsoft -> &#91;2009/10/29 15&#58;31&#58;04 | 000,000,000 | --SD | M&#93; Microsoft -> C&#58;\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> &#91;2009/01/28 21&#58;14&#58;30 | 000,000,000 | --SD | M&#93; Microsoft -> C&#58;\Documents and Settings\NetworkService\Application Data\Microsoft -> &#91;2009/01/28 21&#58;14&#58;30 | 000,000,000 | --SD | M&#93; Microsoft -> C&#58;\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> &#91;2009/01/28 21&#58;14&#58;30 | 000,000,000 | --SD | M&#93; &#91;Files/Folders - Modified Within 14 Days&#93; Ad-Aware Update &#40;Weekly&#41;.job -> C&#58;\WINDOWS\tasks\Ad-Aware Update &#40;Weekly&#41;.job -> &#91;2010/03/16 09&#58;53&#58;52 | 000,000,496 | ---- | M&#93; &#40;&#41; SA.DAT -> C&#58;\WINDOWS\tasks\SA.DAT -> &#91;2010/03/16 09&#58;51&#58;57 | 000,000,006 | -H-- | M&#93; &#40;&#41; bootstat.dat -> C&#58;\WINDOWS\bootstat.dat -> &#91;2010/03/16 09&#58;51&#58;56 | 000,002,048 | --S- | M&#93; &#40;&#41; NTUSER.DAT -> C&#58;\Documents and Settings\Administrator\NTUSER.DAT -> &#91;2010/03/16 09&#58;50&#58;42 | 018,350,080 | -H-- | M&#93; &#40;&#41; ntuser.ini -> C&#58;\Documents and Settings\Administrator\ntuser.ini -> &#91;2010/03/16 09&#58;50&#58;42 | 000,000,178 | -HS- | M&#93; &#40;&#41; PUTTY.RND -> C&#58;\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND -> &#91;2010/03/16 00&#58;32&#58;49 | 000,000,600 | ---- | M&#93; &#40;&#41; .recently-used.xbel -> C&#58;\Documents and Settings\Administrator\.recently-used.xbel -> &#91;2010/03/15 23&#58;14&#58;51 | 000,005,761 | ---- | M&#93; &#40;&#41; DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C&#58;\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> &#91;2010/03/15 23&#58;14&#58;40 | 000,062,976 | ---- | M&#93; &#40;&#41; 6416_124306430616_628425616_2338583_6738809_n.jpg -> C&#58;\Documents and Settings\Administrator\Desktop\6416_124306430616_628425616_2338583_6738809_n.jpg -> &#91;2010/03/09 18&#58;51&#58;16 | 000,086,213 | ---- | M&#93; &#40;&#41; 8127_152408343582_627158582_2838317_4272532_n.jpg -> C&#58;\Documents and Settings\Administrator\Desktop\8127_152408343582_627158582_2838317_4272532_n.jpg -> &#91;2010/03/09 18&#58;49&#58;32 | 000,030,257 | ---- | M&#93; &#40;&#41; EVEMon_Settings_2138.xml.bak -> C&#58;\Documents and Settings\Administrator\My Documents\EVEMon_Settings_2138.xml.bak -> &#91;2010/03/09 17&#58;58&#58;34 | 000,326,163 | ---- | M&#93; &#40;&#41; Adobe Reader 9.lnk -> C&#58;\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> &#91;2010/03/05 14&#58;42&#58;10 | 000,001,771 | ---- | M&#93; &#40;&#41; SCP-080.rtf -> C&#58;\Documents and Settings\Administrator\My Documents\SCP-080.rtf -> &#91;2010/03/05 13&#58;44&#58;02 | 000,003,192 | ---- | M&#93; &#40;&#41; RootRepeal.exe -> C&#58;\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> &#91;2010/03/04 11&#58;29&#58;55 | 000,472,064 | ---- | M&#93; &#40; &#41; mbr.exe -> C&#58;\Documents and Settings\Administrator\Desktop\mbr.exe -> &#91;2010/03/03 11&#58;49&#58;25 | 000,077,312 | ---- | M&#93; &#40;&#41; 18 C&#58;\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C&#58;\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> &#91;Files - No Company Name&#93; .recently-used.xbel -> C&#58;\Documents and Settings\Administrator\.recently-used.xbel -> &#91;2010/03/15 23&#58;14&#58;51 | 000,005,761 | ---- | C&#93; &#40;&#41; EVEMon_Settings_2138.xml.bak -> C&#58;\Documents and Settings\Administrator\My Documents\EVEMon_Settings_2138.xml.bak -> &#91;2010/03/09 19&#58;53&#58;54 | 000,326,163 | ---- | C&#93; &#40;&#41; 6416_124306430616_628425616_2338583_6738809_n.jpg -> C&#58;\Documents and Settings\Administrator\Desktop\6416_124306430616_628425616_2338583_6738809_n.jpg -> &#91;2010/03/09 18&#58;51&#58;16 | 000,086,213 | ---- | C&#93; &#40;&#41; 8127_152408343582_627158582_2838317_4272532_n.jpg -> C&#58;\Documents and Settings\Administrator\Desktop\8127_152408343582_627158582_2838317_4272532_n.jpg -> &#91;2010/03/09 18&#58;49&#58;32 | 000,030,257 | ---- | C&#93; &#40;&#41; gmer.exe -> C&#58;\Documents and Settings\Administrator\Desktop\gmer.exe -> &#91;2010/03/08 00&#58;46&#58;20 | 000,293,376 | ---- | C&#93; &#40;&#41; SCP-080.rtf -> C&#58;\Documents and Settings\Administrator\My Documents\SCP-080.rtf -> &#91;2010/03/05 13&#58;44&#58;02 | 000,003,192 | ---- | C&#93; &#40;&#41; mbr.exe -> C&#58;\Documents and Settings\Administrator\Desktop\mbr.exe -> &#91;2010/03/03 11&#58;49&#58;23 | 000,077,312 | ---- | C&#93; &#40;&#41; xlive.dll.cat -> C&#58;\WINDOWS\SysWow64\xlive.dll.cat -> &#91;2009/07/14 18&#58;15&#58;00 | 000,178,432 | ---- | C&#93; &#40;&#41; WORDPAD.INI -> C&#58;\WINDOWS\WORDPAD.INI -> &#91;2009/05/25 22&#58;44&#58;55 | 000,000,754 | ---- | C&#93; &#40;&#41; WA.INI -> C&#58;\WINDOWS\WA.INI -> &#91;2009/05/23 23&#58;43&#58;42 | 000,000,122 | ---- | C&#93; &#40;&#41; wininit.ini -> C&#58;\WINDOWS\wininit.ini -> &#91;2009/03/10 11&#58;25&#58;50 | 000,000,238 | ---- | C&#93; &#40;&#41; BlendSettings.ini -> C&#58;\WINDOWS\BlendSettings.ini -> &#91;2009/02/20 15&#58;32&#58;42 | 000,000,023 | ---- | C&#93; &#40;&#41; FoxImager.dll -> C&#58;\WINDOWS\SysWow64\FoxImager.dll -> &#91;2009/02/17 19&#58;29&#58;59 | 000,323,584 | ---- | C&#93; &#40;&#41; PerfStringBackup.INI -> C&#58;\WINDOWS\SysWow64\PerfStringBackup.INI -> &#91;2009/01/29 01&#58;16&#58;32 | 000,553,690 | ---- | C&#93; &#40;&#41; Ascd_tmp.ini -> C&#58;\WINDOWS\Ascd_tmp.ini -> &#91;2009/01/28 22&#58;03&#58;03 | 000,006,274 | ---- | C&#93; &#40;&#41; ASUSHWIO.SYS -> C&#58;\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS -> &#91;2009/01/28 22&#58;02&#58;55 | 000,010,288 | ---- | C&#93; &#40;&#41; guard32.dll -> C&#58;\WINDOWS\SysWow64\guard32.dll -> &#91;2009/01/28 21&#58;30&#58;25 | 000,155,384 | ---- | C&#93; &#40;&#41; nview.dll -> C&#58;\WINDOWS\SysWow64\nview.dll -> &#91;2009/01/15 09&#58;19&#58;00 | 001,507,328 | ---- | C&#93; &#40;&#41; nvwimg.dll -> C&#58;\WINDOWS\SysWow64\nvwimg.dll -> &#91;2009/01/15 09&#58;19&#58;00 | 001,101,824 | ---- | C&#93; &#40;&#41; qt-dx331.dll -> C&#58;\WINDOWS\SysWow64\qt-dx331.dll -> &#91;2008/11/06 12&#58;37&#58;32 | 003,596,288 | ---- | C&#93; &#40;&#41; physxcudart_20.dll -> C&#58;\WINDOWS\SysWow64\physxcudart_20.dll -> &#91;2008/10/07 10&#58;13&#58;30 | 000,197,912 | ---- | C&#93; &#40;&#41; AgCPanelTraditionalChinese.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll -> &#91;2008/10/07 10&#58;13&#58;22 | 000,058,648 | ---- | C&#93; &#40;&#41; AgCPanelSwedish.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelSwedish.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41; AgCPanelSpanish.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelSpanish.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41; AgCPanelSimplifiedChinese.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41; AgCPanelPortugese.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelPortugese.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41; AgCPanelKorean.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelKorean.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41; AgCPanelJapanese.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelJapanese.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41; AgCPanelGerman.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelGerman.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41; AgCPanelFrench.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelFrench.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41; GlobalUserInterface.CompositeFont -> C&#58;\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> &#91;2006/06/29 15&#58;58&#58;52 | 000,030,808 | ---- | C&#93; &#40;&#41; GlobalSansSerif.CompositeFont -> C&#58;\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> &#91;2006/06/29 15&#58;53&#58;56 | 000,026,489 | ---- | C&#93; &#40;&#41; GlobalSerif.CompositeFont -> C&#58;\WINDOWS\Fonts\GlobalSerif.CompositeFont -> &#91;2006/04/18 16&#58;39&#58;28 | 000,029,779 | ---- | C&#93; &#40;&#41; GlobalMonospace.CompositeFont -> C&#58;\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> &#91;2006/04/18 16&#58;39&#58;28 | 000,026,040 | ---- | C&#93; &#40;&#41; quartz.dll -> C&#58;\WINDOWS\SysWow64\quartz.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 001,291,264 | ---- | C&#93; &#40;&#41; qedwipes.dll -> C&#58;\WINDOWS\SysWow64\qedwipes.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,733,696 | ---- | C&#93; &#40;&#41; qedit.dll -> C&#58;\WINDOWS\SysWow64\qedit.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,512,512 | ---- | C&#93; &#40;&#41; dxmasf.dll -> C&#58;\WINDOWS\SysWow64\dxmasf.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,498,742 | ---- | C&#93; &#40;&#41; encdec.dll -> C&#58;\WINDOWS\SysWow64\encdec.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,396,288 | ---- | C&#93; &#40;&#41; qdvd.dll -> C&#58;\WINDOWS\SysWow64\qdvd.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,385,536 | ---- | C&#93; &#40;&#41; msjetoledb40.dll -> C&#58;\WINDOWS\SysWow64\msjetoledb40.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,355,112 | ---- | C&#93; &#40;&#41; qdv.dll -> C&#58;\WINDOWS\SysWow64\qdv.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,279,040 | ---- | C&#93; &#40;&#41; sbe.dll -> C&#58;\WINDOWS\SysWow64\sbe.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,276,992 | ---- | C&#93; &#40;&#41; ir32_32.dll -> C&#58;\WINDOWS\SysWow64\ir32_32.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,199,168 | ---- | C&#93; &#40;&#41; qcap.dll -> C&#58;\WINDOWS\SysWow64\qcap.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,192,512 | ---- | C&#93; &#40;&#41; msencode.dll -> C&#58;\WINDOWS\SysWow64\msencode.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,114,688 | ---- | C&#93; &#40;&#41; amstream.dll -> C&#58;\WINDOWS\SysWow64\amstream.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,072,704 | ---- | C&#93; &#40;&#41; mciqtz32.dll -> C&#58;\WINDOWS\SysWow64\mciqtz32.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,062,464 | ---- | C&#93; &#40;&#41; devenum.dll -> C&#58;\WINDOWS\SysWow64\devenum.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,061,440 | ---- | C&#93; &#40;&#41; tsd32.dll -> C&#58;\WINDOWS\SysWow64\tsd32.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,016,896 | ---- | C&#93; &#40;&#41; msdmo.dll -> C&#58;\WINDOWS\SysWow64\msdmo.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,014,336 | ---- | C&#93; &#40;&#41; msdxmlc.dll -> C&#58;\WINDOWS\SysWow64\msdxmlc.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,004,126 | ---- | C&#93; &#40;&#41; &#91;File - Lop Check&#93; .purple -> C&#58;\Documents and Settings\Administrator\Application Data\.purple -> &#91;2010/03/16 09&#58;53&#58;31 | 000,000,000 | ---D | M&#93; Bioshock -> C&#58;\Documents and Settings\Administrator\Application Data\Bioshock -> &#91;2010/02/07 21&#58;14&#58;34 | 000,000,000 | ---D | M&#93; DAEMON Tools -> C&#58;\Documents and Settings\Administrator\Application Data\DAEMON Tools -> &#91;2009/01/29 10&#58;38&#58;28 | 000,000,000 | ---D | M&#93; DAEMON Tools Lite -> C&#58;\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite -> &#91;2009/10/30 15&#58;08&#58;50 | 000,000,000 | ---D | M&#93; DAEMON Tools Pro -> C&#58;\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro -> &#91;2009/01/29 14&#58;48&#58;19 | 000,000,000 | ---D | M&#93; Dropbox -> C&#58;\Documents and Settings\Administrator\Application Data\Dropbox -> &#91;2010/03/16 09&#58;52&#58;25 | 000,000,000 | ---D | M&#93; EVEMon -> C&#58;\Documents and Settings\Administrator\Application Data\EVEMon -> &#91;2010/03/09 19&#58;54&#58;23 | 000,000,000 | ---D | M&#93; gtk-2.0 -> C&#58;\Documents and Settings\Administrator\Application Data\gtk-2.0 -> &#91;2010/03/11 11&#58;05&#58;26 | 000,000,000 | ---D | M&#93; leafChat -> C&#58;\Documents and Settings\Administrator\Application Data\leafChat -> &#91;2010/03/15 18&#58;02&#58;22 | 000,000,000 | ---D | M&#93; LucasArts -> C&#58;\Documents and Settings\Administrator\Application Data\LucasArts -> &#91;2009/07/17 19&#58;25&#58;25 | 000,000,000 | ---D | M&#93; Mount&Blade -> C&#58;\Documents and Settings\Administrator\Application Data\Mount&Blade -> &#91;2009/02/02 06&#58;32&#58;29 | 000,000,000 | ---D | M&#93; Mumble -> C&#58;\Documents and Settings\Administrator\Application Data\Mumble -> &#91;2009/06/29 10&#58;06&#58;36 | 000,000,000 | ---D | M&#93; My Battle for Middle-earth&#40;tm&#41; II Files -> C&#58;\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth&#40;tm&#41; II Files -> &#91;2009/10/09 15&#58;17&#58;12 | 000,000,000 | ---D | M&#93; PlayFirst -> C&#58;\Documents and Settings\Administrator\Application Data\PlayFirst -> &#91;2010/01/12 00&#58;27&#58;04 | 000,000,000 | ---D | M&#93; runic games -> C&#58;\Documents and Settings\Administrator\Application Data\runic games -> &#91;2009/11/05 20&#58;20&#58;31 | 000,000,000 | ---D | M&#93; RunningPillow -> C&#58;\Documents and Settings\Administrator\Application Data\RunningPillow -> &#91;2010/01/28 20&#58;53&#58;24 | 000,000,000 | ---D | M&#93; Slam Dunk Studios, LLC -> C&#58;\Documents and Settings\Administrator\Application Data\Slam Dunk Studios, LLC -> &#91;2009/04/18 16&#58;15&#58;40 | 000,000,000 | ---D | M&#93; Stardock -> C&#58;\Documents and Settings\Administrator\Application Data\Stardock -> &#91;2009/05/26 10&#58;12&#58;17 | 000,000,000 | ---D | M&#93; The Longest Journey Demo -> C&#58;\Documents and Settings\Administrator\Application Data\The Longest Journey Demo -> &#91;2009/05/31 10&#58;51&#58;27 | 000,000,000 | ---D | M&#93; Thinstall -> C&#58;\Documents and Settings\Administrator\Application Data\Thinstall -> &#91;2009/08/27 00&#58;58&#58;17 | 000,000,000 | ---D | M&#93; Ubisoft -> C&#58;\Documents and Settings\Administrator\Application Data\Ubisoft -> &#91;2010/03/09 20&#58;04&#58;52 | 000,000,000 | ---D | M&#93; uTorrent -> C&#58;\Documents and Settings\Administrator\Application Data\uTorrent -> &#91;2010/03/16 09&#58;47&#58;46 | 000,000,000 | ---D | M&#93; 2DBoy -> C&#58;\Documents and Settings\All Users\Application Data\2DBoy -> &#91;2009/03/08 19&#58;33&#58;50 | 000,000,000 | ---D | M&#93; BioWare -> C&#58;\Documents and Settings\All Users\Application Data\BioWare -> &#91;2010/01/09 21&#58;03&#58;56 | 000,000,000 | ---D | M&#93; CCP -> C&#58;\Documents and Settings\All Users\Application Data\CCP -> &#91;2009/01/29 14&#58;26&#58;40 | 000,000,000 | ---D | M&#93; DAEMON Tools Lite -> C&#58;\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> &#91;2009/01/29 10&#58;37&#58;39 | 000,000,000 | ---D | M&#93; MumboJumbo -> C&#58;\Documents and Settings\All Users\Application Data\MumboJumbo -> &#91;2009/10/29 21&#58;03&#58;50 | 000,000,000 | ---D | M&#93; PlayFirst -> C&#58;\Documents and Settings\All Users\Application Data\PlayFirst -> &#91;2010/01/12 00&#58;27&#58;04 | 000,000,000 | ---D | M&#93; PopCap Games -> C&#58;\Documents and Settings\All Users\Application Data\PopCap Games -> &#91;2009/05/24 17&#58;21&#58;50 | 000,000,000 | ---D | M&#93; Redirected -> C&#58;\Documents and Settings\All Users\Application Data\Redirected -> &#91;2009/08/15 23&#58;05&#58;33 | 000,000,000 | ---D | M&#93; Stardock -> C&#58;\Documents and Settings\All Users\Application Data\Stardock -> &#91;2009/05/26 10&#58;11&#58;28 | 000,000,000 | ---D | M&#93; {1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C&#58;\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> &#91;2009/05/26 10&#58;11&#58;45 | 000,000,000 | -H-D | M&#93; {74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C&#58;\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> &#91;2010/02/19 00&#58;15&#58;31 | 000,000,000 | -H-D | M&#93; Ad-Aware Update &#40;Weekly&#41;.job -> C&#58;\WINDOWS\Tasks\Ad-Aware Update &#40;Weekly&#41;.job -> &#91;2010/03/16 09&#58;53&#58;52 | 000,000,496 | ---- | M&#93; &#40;&#41; SchedLgU.Txt -> C&#58;\WINDOWS\Tasks\SchedLgU.Txt -> &#91;2010/03/16 09&#58;50&#58;47 | 000,032,526 | ---- | M&#93; &#40;&#41; &#91;File - Purity Scan&#93; < End of report >[/code] The same warning message is still popping up, but otherwise, things are great.
  7. Here's what I get at bootup. Aside from that, everything seems to be running smoothly as expected. Thanks a lot for this help, you've really made my life much easier here.
  8. GMER.TXT: CODEGMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-08 00:05:52 Windows 5.2.3790 Service Pack 1 Running: gmer.exe ---- Registry - GMER 1.0.15 ---- Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                   771343423 Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                   285507792 Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                   2 Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                  C:\Program Files (x86)\DAEMON Tools Lite\ Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                  1 Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                               0x10 0xE7 0xC4 0x28 ... Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001                             Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                         0x20 0x01 0x00 0x00 ... Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                      0xBF 0xEA 0x12 0x9A ... Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\gdq0                       Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\[email protected]                 0x3A 0x1B 0x08 0xD5 ... Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                  0 Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                               0xED 0xFD 0xA7 0x91 ... Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001                             Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                      0x33 0x9C 0x57 0x39 ... Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40                       Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                0xF6 0xD3 0x6C 0xE7 ... Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                      C:\Program Files (x86)\DAEMON Tools Lite\ Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                      1 Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                   0x10 0xE7 0xC4 0x28 ... Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001 (not active ControlSet)         Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                             0x20 0x01 0x00 0x00 ... Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                          0xBF 0xEA 0x12 0x9A ... Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\gdq0 (not active ControlSet)   Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\[email protected]                     0x3A 0x1B 0x08 0xD5 ... Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                      0 Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                   0xED 0xFD 0xA7 0x91 ... Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001 (not active ControlSet)         Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                          0x33 0x9C 0x57 0x39 ... Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40 (not active ControlSet)   Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                    0xF6 0xD3 0x6C 0xE7 ... ---- EOF - GMER 1.0.15 ---- OTS: CODEOTS logfile created on: 3/8/2010 12:10:07 AM - Run 3 OTS by OldTimer - Version 3.1.22.0     Folder = C:\Documents and Settings\Administrator\Desktop 64bit-Windows Server 2003  Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195.31 Gb Total Space | 71.58 Gb Free Space | 36.65% Space Free | Partition Type: NTFS Drive D: | 292.97 Gb Total Space | 66.02 Gb Free Space | 22.54% Space Free | Partition Type: NTFS Drive E: | 55.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 443.22 Gb Total Space | 122.92 Gb Free Space | 27.73% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THE-BL7D5N9D5A8 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools) jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) jqs.exe -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) avguard.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) sched.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) avgnt.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) rthdcpl.exe -> C:\WINDOWS\RTHDCPL.exe -> [2007/12/12 01:55:02 | 016,859,136 | R--- | M] (Realtek Semiconductor Corp.) pdvdserv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe -> [2006/12/06 18:37:40 | 000,069,216 | ---- | M] (Cyberlink Corp.) richvideo.exe -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2005/08/08 13:54:00 | 000,167,936 | ---- | M] () [Modules - Safe List] ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools) guard32.dll -> C:\WINDOWS\SysWOW64\guard32.dll -> [2009/03/08 18:55:49 | 000,155,384 | ---- | M] () wininet.dll -> C:\WINDOWS\SysWOW64\wininet.dll -> [2009/03/03 13:43:34 | 000,826,368 | ---- | M] (Microsoft Corporation) normaliz.dll -> C:\WINDOWS\SysWOW64\normaliz.dll -> [2006/06/29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation) comres.dll -> C:\WINDOWS\SysWOW64\comres.dll -> [2005/03/25 07:00:00 | 000,796,672 | ---- | M] (Microsoft Corporation) comdlg32.dll -> C:\WINDOWS\SysWOW64\comdlg32.dll -> [2005/03/25 07:00:00 | 000,281,088 | ---- | M] (Microsoft Corporation) framedyn.dll -> C:\WINDOWS\SysWOW64\wbem\framedyn.dll -> [2005/03/25 07:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) msctfime.ime -> C:\WINDOWS\SysWOW64\MSCTFIME.IME -> [2005/03/25 07:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) ws2help.dll -> C:\WINDOWS\SysWOW64\ws2help.dll -> [2005/03/25 07:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) fltlib.dll -> C:\WINDOWS\SysWOW64\fltlib.dll -> [2005/03/25 07:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_0213CDC8\comctl32.dll -> [2005/03/24 13:29:42 | 001,051,648 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(cmdAgent)  [Auto | Running] -> C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -> [2009/03/08 18:55:05 | 001,043,192 | ---- | M] () (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Stopped] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/18 23:16:34 | 001,229,232 | ---- | M] (Lavasoft) (JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) (DAUpdaterSvc) Dragon Age: Origins - Content Updater [On_Demand | Stopped] -> D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -> [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) (clr_optimization_v2.0.50727_64) .NET Runtime Optimization Service v2.0.50727_x64 [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) (aspnet_state) ASP.NET State Service [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> [2008/07/25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -> [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) (RichVideo) Cyberlink RichVideo Service(CRVS) [Auto | Running] -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2005/08/08 13:54:00 | 000,167,936 | ---- | M] () (IASJet) IAS Jet Database Access [On_Demand | Stopped] -> C:\WINDOWS\SysWOW64\iasrecst.dll -> [2005/03/25 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) (helpsvc) Help and Support [Auto | Running] -> C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -> [2005/03/25 07:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (avgio) avgio [Kernel | System | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgio64.sys -> [2009/02/13 11:37:29 | 000,013,656 | ---- | M] (Avira GmbH) ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) {95808DC4-FA4A-4c74-92FE-5B863F82066B} [Kernel | Auto | Running] -> C:\Program Files (x86)\CyberLink\PowerDVD0.fcl -> [2006/11/02 17:49:24 | 000,013,560 | ---- | M] (Cyberlink Corp.) (mnmdd) mnmdd [Kernel | System | Running] -> C:\WINDOWS\SysWOW64\mnmdd.dll -> [2005/03/25 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\prefs.js -> extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 -> extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 -> extensions.enabledItems -> [email protected]:1.0 -> extensions.enabledItems -> [email protected]:1.5.1 -> extensions.enabledItems -> {11B4695B-1FC3-4A19-B63B-2789EDDA7A35}:1.9.1 -> < FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions ->  -> HKLM\software\mozilla\Firefox\Extensions\\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} [C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35}] -> [2010/02/25 19:40:28 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions ->  -> HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/19 09:31:43 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/03/02 09:17:54 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > ->   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> [2009/01/28 20:22:28 | 000,000,000 | ---D | M]   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions -> [2010/03/07 14:29:50 | 000,000,000 | ---D | M] Adblock Plus   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/01/09 22:10:23 | 000,000,000 | ---D | M] Greasemonkey   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009/12/13 19:24:14 | 000,000,000 | ---D | M]   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\[email protected] -> [2010/01/21 00:55:20 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > ->   -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/03/07 14:29:50 | 000,000,000 | ---D | M] Hosts file not found -> -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/12/21 18:27:44 | 000,075,200 | ---- | M] (Adobe Systems Incorporated) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 04:17:29 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/11 04:17:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 05:43:28 | 000,069,632 | R--- | M] (Realtek Semiconductor Corp.) "AlcWzrd" -> C:\WINDOWS\alcwzrd.exe [ALCWZRD.EXE] -> [2006/05/04 03:26:36 | 002,808,832 | R--- | M] (RealTek Semicoductor Corp.) "COMODO Internet Security" -> C:\Program Files\Comodo\COMODO Internet Security\cfp.exe ["C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h] -> [2009/03/08 18:55:15 | 009,247,480 | ---- | M] () "NvCplDaemon" -> C:\WINDOWS\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> File not found "NvMediaCenter" -> C:\WINDOWS\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> File not found "nwiz" ->  [nwiz.exe /install] -> File not found "RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/12/12 01:55:02 | 016,859,136 | R--- | M] (Realtek Semiconductor Corp.) "SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2007/11/20 05:15:58 | 001,826,816 | R--- | M] (Realtek Semiconductor Corp.) "SoundMan" -> C:\WINDOWS\SoundMan.exe [SOUNDMAN.EXE] -> [2006/07/21 03:14:36 | 000,086,016 | R--- | M] (Realtek Semiconductor Corp.) "Start WingMan Profiler" -> C:\Program Files\Logitech\Gaming Software\LWEMon.exe [C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui] -> [2008/04/04 13:30:28 | 000,120,328 | ---- | M] (Logitech Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe ARM" -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/12/11 15:57:56 | 000,948,672 | R--- | M] (Adobe Systems Incorporated) "Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) "avgnt" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) "LanguageShortcut" -> C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"] -> [2006/12/05 22:55:32 | 000,054,832 | ---- | M] () "QuickTime Task" -> C:\Program Files (x86)\QuickTime\qttask.exe ["C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime] -> [2009/05/26 16:18:30 | 000,413,696 | ---- | M] (Apple Inc.) "RemoteControl" -> C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"] -> [2006/12/06 18:37:40 | 000,069,216 | ---- | M] (Cyberlink Corp.) "SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) "Upabifexeme" -> C:\WINDOWS\ibatibuxerugug.DLL [rundll32.exe "C:\WINDOWS\ibatibuxerugug.dll",Startup] -> File not found "WinampAgent" -> C:\Program Files (x86)\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] -> [2008/08/03 18:02:20 | 000,036,352 | ---- | M] () < RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found < RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DAEMON Tools Lite" -> C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe ["C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun] -> [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) "Paladin Antivirus" -> C:\Program Files (x86)\Paladin Antivirus\pav.exe ["C:\Program Files (x86)\Paladin Antivirus\pav.exe" -noscan] -> File not found < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe -> [2007/12/07 13:53:28 | 000,044,658 | ---- | M] (The Pidgin developer community) C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Teamspeak 2 RC2.lnk -> C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe -> [2003/08/29 16:13:04 | 001,436,160 | ---- | M] (Dominating Bytes Design) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main \Main\\"DisableFirstRunCustomize" ->  [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" ->  [1] -> File not found \\"HonorAutoRunSetting" ->  [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"EnableLUA" ->  [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\Software\Microsoft\Internet Explorer\Extensions\ -> 64bit-CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.10.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {944C44C7-2DF1-496F-9075-FB92F9A12CAF}\\DhcpNameServer -> 192.168.10.1   (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> %SystemRoot%\system32\logonui.exe -> C:\WINDOWS\SysNative\logonui.exe -> File not found *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> Control_RunDLL "sysdm.cpl" ->  -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\SysWow64\explorer.exe -> [2005/03/25 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System -> lsass.exe ->  -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> crypt32chain ->  -> File not found cryptnet ->  -> File not found cscdll ->  -> File not found dimsntfy ->  -> File not found ScCertProp ->  -> File not found Schedule ->  -> File not found sclgntfy ->  -> File not found SensLogn ->  -> File not found termsrv ->  -> File not found wlballoon ->  -> File not found < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> ScCertProp ->  -> File not found Schedule ->  -> File not found SensLogn ->  -> File not found wlballoon ->  -> File not found < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\SysNative\stobject.dll [SysTray] -> File not found "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\SysNative\WPDShServiceObj.dll [WPDShServiceObj] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{267567d2-fbba-4019-94da-8470f88fb05d}" [HKLM] -> Reg Error: Key error. [dedosasab] -> File not found "{705c8702-2953-4700-85e2-372ac8232866}" [HKLM] -> Reg Error: Key error. [gikuvihid] -> File not found "{f4db9296-7c54-4444-bfea-4dc2d0073a57}" [HKLM] -> Reg Error: Key error. [yiniketub] -> File not found < 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] ->  [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll ->  -> File not found schannel.dll ->  -> File not found digest.dll ->  -> File not found msnsspc.dll ->  -> File not found *MultiFile Done* -> -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SysWow64\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found "C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox] -> [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () "C:\Documents and Settings\Administrator\Desktop\OTM.exe" -> C:\Documents and Settings\Administrator\Desktop\OTM.exe [C:\Documents and Settings\Administrator\Desktop\OTM.exe:*:Enabled:OTM] -> [2010/02/26 10:33:49 | 000,504,832 | ---- | M] (OldTimer Tools) "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe:*:Enabled:avguard] -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) "C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe" -> C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe [C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> [2009/12/11 18:37:23 | 000,516,936 | ---- | M] (CCP hf.) "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:AAWTray] -> [2010/02/18 23:16:36 | 000,815,184 | ---- | M] (Lavasoft) "C:\Program Files (x86)\Pidgin\pidgin.exe" -> C:\Program Files (x86)\Pidgin\pidgin.exe [C:\Program Files (x86)\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2007/12/07 13:53:28 | 000,044,658 | ---- | M] (The Pidgin developer community) "C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe" -> C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe [C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe:*:Enabled:bv2] -> [2008/04/20 23:13:44 | 000,778,240 | ---- | M] () "C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe" -> C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe [C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War] -> [2009/01/29 15:20:30 | 019,779,584 | ---- | M] (The Creative Assembly Ltd) "C:\Program Files (x86)\uTorrent\uTorrent.exe" -> C:\Program Files (x86)\uTorrent\uTorrent.exe [C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2010/02/12 22:28:03 | 000,319,280 | ---- | M] (BitTorrent, Inc.) "C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\SysWow64\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2005/03/25 07:00:00 | 000,083,968 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\SysWOW64\javaw.exe" -> C:\WINDOWS\SysWOW64\javaw.exe [C:\WINDOWS\SysWOW64\javaw.exe:*:Enabled:javaw] -> [2009/10/11 04:17:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) "D:\EVE\bin\ExeFile.exe" -> D:\EVE\bin\ExeFile.exe [D:\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> [2008/12/05 11:39:22 | 000,513,280 | ---- | M] (CCP hf.) "D:\Games\Anno 1404\tools\Anno4Web.exe" -> D:\Games\Anno 1404\tools\Anno4Web.exe [D:\Games\Anno 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web] -> [2009/05/23 15:48:00 | 001,320,232 | ---- | M] () "D:\Games\Dark Oberon\dark-oberon.exe" -> D:\Games\Dark Oberon\dark-oberon.exe [D:\Games\Dark Oberon\dark-oberon.exe:*:Enabled:dark-oberon] -> [2006/11/01 14:10:40 | 000,532,480 | ---- | M] () "D:\Games\Dead Space\Dead Space.exe" -> D:\Games\Dead Space\Dead Space.exe [D:\Games\Dead Space\Dead Space.exe:*:Disabled:Dead Space â„¢] -> [2008/11/01 09:17:11 | 013,733,888 | ---- | M] () "D:\Games\Dragon Age\bin_ship\daorigins.exe" -> D:\Games\Dragon Age\bin_ship\daorigins.exe [D:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game] -> [2009/11/02 02:57:00 | 009,909,480 | ---- | M] (BioWare) "D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe" -> D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater] -> [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) "D:\Games\Dragon Age\DAOriginsLauncher.exe" -> D:\Games\Dragon Age\DAOriginsLauncher.exe [D:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher] -> [2009/08/10 10:59:08 | 001,246,440 | ---- | M] (BioWare) "D:\Games\Glest_3.2.2\glest.exe" -> D:\Games\Glest_3.2.2\glest.exe [D:\Games\Glest_3.2.2\glest.exe:*:Enabled:glest] -> [2009/04/02 19:03:30 | 001,230,336 | ---- | M] () "D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe" -> D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe [D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men] -> [2007/11/10 20:11:24 | 007,542,024 | ---- | M] (Io Interactive A/S) "D:\Games\Mass Effect\Binaries\MassEffect.exe" -> D:\Games\Mass Effect\Binaries\MassEffect.exe [D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game] -> [2008/05/29 17:34:19 | 048,956,922 | ---- | M] (BioWare) "D:\Games\Mass Effect\MassEffectLauncher.exe" -> D:\Games\Mass Effect\MassEffectLauncher.exe [D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher] -> [2008/05/07 11:19:36 | 000,730,344 | ---- | M] (BioWare) "D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe" -> D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe [D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising] -> [2009/10/06 16:22:36 | 020,094,976 | ---- | M] (Codemasters Software Company Limited) "D:\Games\Prototype\prototypef.exe" -> D:\Games\Prototype\prototypef.exe [D:\Games\Prototype\prototypef.exe:*:Enabled:Prototype(TM)] -> [2009/06/09 13:43:00 | 002,269,232 | ---- | M] (Activision) "D:\Games\Warcraft III\Warcraft III.exe" -> D:\Games\Warcraft III\Warcraft III.exe [D:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> [2009/04/14 16:00:10 | 000,274,432 | ---- | M] (Blizzard Entertainment) "D:\Games\Wolfenstein\MP\Wolf2MP.exe" -> D:\Games\Wolfenstein\MP\Wolf2MP.exe [D:\Games\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)] -> [2009/07/22 18:46:40 | 006,399,248 | ---- | M] (Activision) "D:\Games\Wolfenstein\MP\Wolf2MPLite.exe" -> D:\Games\Wolfenstein\MP\Wolf2MPLite.exe [D:\Games\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)] -> [2009/07/22 18:46:40 | 006,042,896 | ---- | M] (Activision) "D:\Games\Worms Armageddon - New Edition\WA.exe" -> D:\Games\Worms Armageddon - New Edition\WA.exe [D:\Games\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon] -> [2007/07/05 11:05:59 | 004,378,624 | ---- | M] (Team17 Software Ltd) "D:\Steam\Steam.exe" -> D:\Steam\Steam.exe [D:\Steam\Steam.exe:*:Enabled:Steam] -> [2010/02/26 13:30:48 | 001,217,872 | ---- | M] (Valve Corporation) "D:\Steam\steamapps\andre2account\the ship\ship.exe" -> D:\Steam\steamapps\andre2account\the ship\ship.exe [D:\Steam\steamapps\andre2account\the ship\ship.exe:*:Enabled:ship] -> [2009/04/03 17:46:35 | 000,090,112 | ---- | M] () "D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe" -> D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe [D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe:*:Enabled:AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity Demo] -> [2009/10/19 19:06:33 | 000,049,152 | ---- | M] () "D:\Steam\steamapps\common\battleforge\Bootstrapper.exe" -> D:\Steam\steamapps\common\battleforge\Bootstrapper.exe [D:\Steam\steamapps\common\battleforge\Bootstrapper.exe:*:Enabled:Battleforge Demo] -> [2009/08/13 12:12:36 | 005,797,240 | ---- | M] (EA Phenomic) "D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" -> D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe [D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock] -> [2009/10/23 21:57:26 | 009,932,800 | ---- | M] () "D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe" -> D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe [D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:*:Enabled:Blueberry Garden Demo] -> [2009/12/14 00:02:01 | 000,160,256 | ---- | M] (Erik Svedäng) "D:\Steam\steamapps\common\champions online\Champions Online.exe" -> D:\Steam\steamapps\common\champions online\Champions Online.exe [D:\Steam\steamapps\common\champions online\Champions Online.exe:*:Enabled:Cryptic Game Launcher] -> File not found "D:\Steam\steamapps\common\company of heroes\help.htm" -> D:\Steam\steamapps\common\company of heroes\help.htm [D:\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes] -> [2009/04/16 13:00:27 | 000,000,213 | ---- | M] () "D:\Steam\steamapps\common\company of heroes\RelicCOH.exe" -> D:\Steam\steamapps\common\company of heroes\RelicCOH.exe [D:\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes] -> [2009/12/24 02:10:25 | 009,266,056 | ---- | M] (THQ Canada Inc.) "D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe" -> D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe [D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe:*:Enabled:Dangerous High School Girls in Trouble] -> [2009/12/24 00:15:36 | 000,038,400 | ---- | M] () "D:\Steam\steamapps\common\fallout 3\Fallout3.exe" -> D:\Steam\steamapps\common\fallout 3\Fallout3.exe [D:\Steam\steamapps\common\fallout 3\Fallout3.exe:*:Enabled:Fallout3] -> [2009/08/14 22:02:52 | 015,044,024 | ---- | M] (Bethesda Softworks) "D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe" -> D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe [D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:*:Enabled:Fallout 3] -> [2009/01/28 20:47:38 | 001,900,544 | ---- | M] (Bethesda Softworks) "D:\Steam\steamapps\common\just cause 2 demo\JustCause2.exe" -> D:\Steam\steamapps\common\just cause 2 demo\JustCause2.exe [D:\Steam\steamapps\common\just cause 2 demo\JustCause2.exe:*:Enabled:Just Cause 2 Demo] -> [2010/03/04 14:04:10 | 014,548,256 | ---- | M] (Avalanche Studios) "D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" -> D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe [D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor] -> [2009/11/04 21:05:47 | 000,192,512 | ---- | M] () "D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" -> D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe [D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2] -> [2009/11/03 19:51:14 | 000,385,024 | ---- | M] () "D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" -> D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe [D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2] -> [2009/11/17 08:47:27 | 000,385,024 | ---- | M] () "D:\Steam\steamapps\common\left 4 dead\left4dead.exe" -> D:\Steam\steamapps\common\left 4 dead\left4dead.exe [D:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead] -> [2009/04/22 10:10:00 | 000,098,304 | ---- | M] () "D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe" -> D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe [D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus] -> [2009/12/24 00:34:50 | 002,289,664 | ---- | M] (Oddworld Inhabitants, Inc.) "D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe" -> D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe [D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:Oddworld: Abe's Oddysee] -> [2009/12/24 02:21:37 | 001,132,032 | ---- | M] (Oddworld Inhabitants, Inc.) "D:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" -> D:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe [D:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta] -> [2010/03/07 21:02:26 | 024,492,032 | ---- | M] () "D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe" -> D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe [D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe:*:Enabled:Raycatcher Demo] -> [2009/04/18 15:14:05 | 002,287,104 | ---- | M] (GarageGames) "D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe" -> D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe [D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe:*:Enabled:Time Gentlemen, Please!] -> [2010/01/10 18:46:02 | 074,077,811 | ---- | M] (Chris Jones) "D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe" -> D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe [D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe:*:Enabled:Time Gentlemen, Please!] -> [2010/01/10 18:45:15 | 000,110,612 | ---- | M] (Chris Jones) "D:\Steam\steamapps\common\tomb raider anniversary\tra.exe" -> D:\Steam\steamapps\common\tomb raider anniversary\tra.exe [D:\Steam\steamapps\common\tomb raider anniversary\tra.exe:*:Enabled:Tomb Raider: Anniversary] -> [2009/04/03 17:46:33 | 001,170,944 | ---- | M] (Eidos Inc.) "D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe" -> D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe [D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2] -> File not found "D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe" -> D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe [D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo] -> [2009/03/08 18:31:13 | 002,203,648 | ---- | M] () "D:\Steam\steamapps\dr[email protected]\age of chivalry\hl2.exe" -> D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe [D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe:*:Disabled:hl2] -> [2009/12/26 12:08:01 | 000,098,304 | ---- | M] () "D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe" -> D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe [D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe:*:Enabled:hl2] -> [2009/12/14 10:37:06 | 000,106,496 | ---- | M] () "D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe" -> D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe [D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe:*:Enabled:hl2] -> [2010/03/07 16:19:36 | 000,103,736 | ---- | M] () "D:\Steam\steamapps\[email protected]\dystopia\hl2.exe" -> D:\Steam\steamapps\[email protected]\dystopia\hl2.exe [D:\Steam\steamapps\[email protected]\dystopia\hl2.exe:*:Enabled:hl2] -> [2009/03/04 00:08:33 | 000,106,496 | ---- | M] () "D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe" -> D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe [D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe:*:Enabled:hl2] -> [2009/02/20 12:24:33 | 000,106,496 | ---- | M] () "D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe" -> D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe [D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe:*:Enabled:hl2] -> [2010/02/14 21:25:43 | 000,098,304 | ---- | M] () "D:\Steam\steamapps\[email protected]\smashball\hl2.exe" -> D:\Steam\steamapps\[email protected]\smashball\hl2.exe [D:\Steam\steamapps\[email protected]\smashball\hl2.exe:*:Enabled:hl2] -> [2009/08/12 14:33:52 | 000,098,304 | ---- | M] () "D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe" -> D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe [D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe:*:Enabled:hl2] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\WINDOWS\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > ->  -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/28 20:14:31 | 000,000,000 | ---- | M] () E:\Autorun.inf [[autorun] | Open=demo32.exe | Icon=Lws.Ico | ] -> E:\Autorun.inf [ CDFS ] -> [2007/10/15 14:03:27 | 000,000,040 | R--- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\\"" ->  [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found \{885b927e-a78c-11de-83d9-00e04c77ba7a} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell \{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\\"" ->  [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun \{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found \{b06a94d5-ed72-11dd-aaa5-806e6f6e6963} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell \{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\\"" ->  [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun \{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\command \{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\command\\"" -> E:\Demo32.exe [E:\demo32.exe] -> [2007/07/13 16:08:54 | 000,509,464 | R--- | M] (InstallShield Software Corporation) < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-htmlfile [edit] -> Reg Error: Key error. 64bit-inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> File not found 64bit-InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> File not found 64bit-piffile [open] -> "%1" %* -> File not found 64bit-regfile [merge] -> Reg Error: Key error. 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> File not found 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-txtfile [edit] -> Reg Error: Key error. 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) 64bit-Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) 64bit-Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) 64bit-Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) 64bit-Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) 64bit-Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> htmlfile [edit] -> Reg Error: Key error. piffile [open] -> "%1" %* -> regfile [merge] -> Reg Error: Key error. scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2005/03/25 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> txtfile [edit] -> Reg Error: Key error. Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 1/21/2010 1:27:36 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module unknown, version 0.0.0.0, fault address 0x1390e114. Application [ Error ] 1/30/2010 12:25:22 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module gen_ml.dll, version 0.0.0.0, fault address 0x0001c32b. Application [ Error ] 2/5/2010 3:47:36 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module gdi32.dll, version 5.2.3790.3233, fault address 0x00015901. Application [ Error ] 2/7/2010 9:29:29 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application towerclimb.exe, version 0.0.0.0, faulting module towerclimb.exe, version 0.0.0.0, fault address 0x000617b0. Application [ Error ] 2/7/2010 9:34:51 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application towerclimb.exe, version 0.0.0.0, faulting module towerclimb.exe, version 0.0.0.0, fault address 0x000617b0. Application [ Error ] 2/18/2010 11:31:45 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application rewmcxoans.tmp, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x02002222. Application [ Error ] 2/18/2010 11:56:13 PM Computer Name = THE-BL7D5N9D5A8 | Source = VSS | ID = 8211 -> Description = Application [ Error ] 2/19/2010 12:15:54 AM Computer Name = THE-BL7D5N9D5A8 | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description = Application [ Error ] 2/19/2010 10:18:37 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Hang | ID = 1002 -> Description = Hanging application eventcreatexp.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 2/28/2010 12:58:10 PM Computer Name = THE-BL7D5N9D5A8 | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description = System [ Error ] 3/3/2010 11:52:41 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Popup | ID = 1060 -> Description = \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software  vendor for a compatible version of the driver. System [ Error ] 3/3/2010 11:54:26 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Popup | ID = 1060 -> Description = \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software  vendor for a compatible version of the driver. System [ Error ] 3/3/2010 11:54:26 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Popup | ID = 1060 -> Description = \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software  vendor for a compatible version of the driver. System [ Error ] 3/3/2010 11:57:03 AM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842784 -> Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.   System [ Error ] 3/3/2010 11:57:03 AM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.  Reference error message: The referenced assembly is not installed on your system.  . System [ Error ] 3/3/2010 11:57:03 AM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6E02DFE5\MFC80U.DLL.  Reference error message: The referenced assembly is not installed on your system.  . System [ Error ] 3/3/2010 11:57:27 AM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool. System [ Error ] 3/3/2010 11:57:27 AM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool. System [ Error ] 3/3/2010 11:58:35 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Popup | ID = 1060 -> Description = \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software  vendor for a compatible version of the driver. System [ Error ] 3/5/2010 2:43:27 PM Computer Name = THE-BL7D5N9D5A8 | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.10.102 for the Network Card with network address 00E04C77BA7A has been  denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message). [Files/Folders - Created Within 30 Days] RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2010/03/04 10:29:55 | 000,472,064 | ---- | C] ( ) javaws.exe -> C:\WINDOWS\SysWow64\javaws.exe -> [2010/02/28 13:40:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) javaw.exe -> C:\WINDOWS\SysWow64\javaw.exe -> [2010/02/28 13:40:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) java.exe -> C:\WINDOWS\SysWow64\java.exe -> [2010/02/28 13:40:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) Malwarebytes -> C:\Documents and Settings\Administrator\Application Data\Malwarebytes -> [2010/02/26 10:48:45 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys -> [2010/02/26 10:48:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/02/26 10:48:39 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/02/26 10:48:39 | 000,000,000 | ---D | C] _OTM -> C:\_OTM -> [2010/02/26 10:35:43 | 000,000,000 | ---D | C] OTM.exe -> C:\Documents and Settings\Administrator\Desktop\OTM.exe -> [2010/02/26 10:33:02 | 000,504,832 | ---- | C] (OldTimer Tools) {11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> [2010/02/25 19:40:28 | 000,000,000 | ---D | C] OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | C] (OldTimer Tools) ERDNT -> C:\WINDOWS\ERDNT -> [2010/02/19 10:02:45 | 000,000,000 | ---D | C] Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2010/02/19 09:58:42 | 000,000,000 | ---D | C] {74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/02/18 23:15:30 | 000,000,000 | -H-D | C] Lavasoft -> C:\Program Files (x86)\Lavasoft -> [2010/02/18 23:15:11 | 000,000,000 | ---D | C] Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2010/02/18 23:15:11 | 000,000,000 | ---D | C] Securityessentials2010 -> C:\Program Files\Securityessentials2010 -> [2010/02/18 22:31:36 | 000,000,000 | ---D | C] Pando Networks -> C:\Program Files (x86)\Pando Networks -> [2010/02/18 22:13:48 | 000,000,000 | ---D | C] muweb.dll -> C:\WINDOWS\SysWow64\muweb.dll -> [2010/02/17 14:38:03 | 000,215,920 | ---- | C] (Microsoft Corporation) Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2010/02/16 20:01:32 | 000,000,000 | ---D | C] Config.Msi -> C:\Config.Msi -> [2010/02/16 11:12:01 | 000,000,000 | -HSD | C] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/10/29 14:31:04 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M] [Files/Folders - Modified Within 30 Days] PUTTY.RND -> C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND -> [2010/03/07 23:45:29 | 000,000,600 | ---- | M] () Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/03/07 23:17:41 | 000,000,496 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/07 21:07:09 | 000,046,080 | ---- | M] () Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/03/05 13:42:10 | 000,001,771 | ---- | M] () SCP-080.rtf -> C:\Documents and Settings\Administrator\My Documents\SCP-080.rtf -> [2010/03/05 12:44:02 | 000,003,192 | ---- | M] () RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2010/03/04 10:29:55 | 000,472,064 | ---- | M] ( ) SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/03/03 10:56:59 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/03 10:56:57 | 000,002,048 | --S- | M] () NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2010/03/03 10:55:45 | 018,350,080 | -H-- | M] () ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2010/03/03 10:55:45 | 000,000,178 | -HS- | M] () mbr.exe -> C:\Documents and Settings\Administrator\Desktop\mbr.exe -> [2010/03/03 10:49:25 | 000,077,312 | ---- | M] () .recently-used.xbel -> C:\Documents and Settings\Administrator\.recently-used.xbel -> [2010/02/28 21:46:15 | 000,001,557 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/26 10:51:05 | 000,000,738 | ---- | M] () OTM.exe -> C:\Documents and Settings\Administrator\Desktop\OTM.exe -> [2010/02/26 10:33:49 | 000,504,832 | ---- | M] (OldTimer Tools) aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/02/26 09:24:42 | 000,000,954 | -H-- | M] () Dropbox.lnk -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> [2010/02/26 09:14:42 | 000,000,926 | ---- | M] () OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools) HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/19 09:58:42 | 000,001,800 | ---- | M] () Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/02/18 23:15:29 | 000,000,921 | ---- | M] () IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2010/02/18 23:00:58 | 002,096,656 | -H-- | M] () av.jpg -> C:\Documents and Settings\Administrator\Desktop\av.jpg -> [2010/02/14 10:37:10 | 000,022,293 | ---- | M] () getoutdalf.jpg -> C:\Documents and Settings\Administrator\Desktop\getoutdalf.jpg -> [2010/02/14 10:34:32 | 000,083,355 | ---- | M] () [Files - No Company Name] gmer.exe -> C:\Documents and Settings\Administrator\Desktop\gmer.exe -> [2010/03/07 23:46:20 | 000,293,376 | ---- | C] () SCP-080.rtf -> C:\Documents and Settings\Administrator\My Documents\SCP-080.rtf -> [2010/03/05 12:44:02 | 000,003,192 | ---- | C] () mbr.exe -> C:\Documents and Settings\Administrator\Desktop\mbr.exe -> [2010/03/03 10:49:23 | 000,077,312 | ---- | C] () .recently-used.xbel -> C:\Documents and Settings\Administrator\.recently-used.xbel -> [2010/02/28 21:46:15 | 000,001,557 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/26 10:48:43 | 000,000,738 | ---- | C] () HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/19 09:58:42 | 000,001,800 | ---- | C] () aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/02/18 23:35:23 | 000,000,954 | -H-- | C] () Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/02/18 23:18:40 | 000,000,496 | ---- | C] () Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/02/18 23:15:29 | 000,000,921 | ---- | C] () Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/02/16 11:12:37 | 000,001,771 | ---- | C] () av.jpg -> C:\Documents and Settings\Administrator\Desktop\av.jpg -> [2010/02/14 10:37:10 | 000,022,293 | ---- | C] () getoutdalf.jpg -> C:\Documents and Settings\Administrator\Desktop\getoutdalf.jpg -> [2010/02/14 10:34:31 | 000,083,355 | ---- | C] () WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2009/05/25 21:44:55 | 000,000,754 | ---- | C] () WA.INI -> C:\WINDOWS\WA.INI -> [2009/05/23 22:43:42 | 000,000,122 | ---- | C] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/03/10 10:25:50 | 000,000,238 | ---- | C] () BlendSettings.ini -> C:\WINDOWS\BlendSettings.ini -> [2009/02/20 14:32:42 | 000,000,023 | ---- | C] () FoxImager.dll -> C:\WINDOWS\SysWow64\FoxImager.dll -> [2009/02/17 18:29:59 | 000,323,584 | ---- | C] () PerfStringBackup.INI -> C:\WINDOWS\SysWow64\PerfStringBackup.INI -> [2009/01/29 00:16:32 | 000,553,690 | ---- | C] () Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2009/01/28 21:03:03 | 000,006,274 | ---- | C] () ASUSHWIO.SYS -> C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS -> [2009/01/28 21:02:55 | 000,010,288 | ---- | C] () guard32.dll -> C:\WINDOWS\SysWow64\guard32.dll -> [2009/01/28 20:30:25 | 000,155,384 | ---- | C] () nview.dll -> C:\WINDOWS\SysWow64\nview.dll -> [2009/01/15 08:19:00 | 001,507,328 | ---- | C] () nvwimg.dll -> C:\WINDOWS\SysWow64\nvwimg.dll -> [2009/01/15 08:19:00 | 001,101,824 | ---- | C] () qt-dx331.dll -> C:\WINDOWS\SysWow64\qt-dx331.dll -> [2008/11/06 11:37:32 | 003,596,288 | ---- | C] () xlive.dll.cat -> C:\WINDOWS\SysWow64\xlive.dll.cat -> [2008/10/28 17:40:48 | 000,173,552 | ---- | C] () physxcudart_20.dll -> C:\WINDOWS\SysWow64\physxcudart_20.dll -> [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () AgCPanelTraditionalChinese.dll -> C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll -> [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () AgCPanelSwedish.dll -> C:\WINDOWS\SysWow64\AgCPanelSwedish.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelSpanish.dll -> C:\WINDOWS\SysWow64\AgCPanelSpanish.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelSimplifiedChinese.dll -> C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelPortugese.dll -> C:\WINDOWS\SysWow64\AgCPanelPortugese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelKorean.dll -> C:\WINDOWS\SysWow64\AgCPanelKorean.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelJapanese.dll -> C:\WINDOWS\SysWow64\AgCPanelJapanese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelGerman.dll -> C:\WINDOWS\SysWow64\AgCPanelGerman.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelFrench.dll -> C:\WINDOWS\SysWow64\AgCPanelFrench.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] () GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] () GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] () quartz.dll -> C:\WINDOWS\SysWow64\quartz.dll -> [2005/03/25 07:00:00 | 001,291,264 | ---- | C] () qedwipes.dll -> C:\WINDOWS\SysWow64\qedwipes.dll -> [2005/03/25 07:00:00 | 000,733,696 | ---- | C] () qedit.dll -> C:\WINDOWS\SysWow64\qedit.dll -> [2005/03/25 07:00:00 | 000,512,512 | ---- | C] () dxmasf.dll -> C:\WINDOWS\SysWow64\dxmasf.dll -> [2005/03/25 07:00:00 | 000,498,742 | ---- | C] () encdec.dll -> C:\WINDOWS\SysWow64\encdec.dll -> [2005/03/25 07:00:00 | 000,396,288 | ---- | C] () qdvd.dll -> C:\WINDOWS\SysWow64\qdvd.dll -> [2005/03/25 07:00:00 | 000,385,536 | ---- | C] () msjetoledb40.dll -> C:\WINDOWS\SysWow64\msjetoledb40.dll -> [2005/03/25 07:00:00 | 000,355,112 | ---- | C] () qdv.dll -> C:\WINDOWS\SysWow64\qdv.dll -> [2005/03/25 07:00:00 | 000,279,040 | ---- | C] () sbe.dll -> C:\WINDOWS\SysWow64\sbe.dll -> [2005/03/25 07:00:00 | 000,276,992 | ---- | C] () ir32_32.dll -> C:\WINDOWS\SysWow64\ir32_32.dll -> [2005/03/25 07:00:00 | 000,199,168 | ---- | C] () qcap.dll -> C:\WINDOWS\SysWow64\qcap.dll -> [2005/03/25 07:00:00 | 000,192,512 | ---- | C] () msencode.dll -> C:\WINDOWS\SysWow64\msencode.dll -> [2005/03/25 07:00:00 | 000,114,688 | ---- | C] () amstream.dll -> C:\WINDOWS\SysWow64\amstream.dll -> [2005/03/25 07:00:00 | 000,072,704 | ---- | C] () mciqtz32.dll -> C:\WINDOWS\SysWow64\mciqtz32.dll -> [2005/03/25 07:00:00 | 000,062,464 | ---- | C] () devenum.dll -> C:\WINDOWS\SysWow64\devenum.dll -> [2005/03/25 07:00:00 | 000,061,440 | ---- | C] () tsd32.dll -> C:\WINDOWS\SysWow64\tsd32.dll -> [2005/03/25 07:00:00 | 000,016,896 | ---- | C] () msdmo.dll -> C:\WINDOWS\SysWow64\msdmo.dll -> [2005/03/25 07:00:00 | 000,014,336 | ---- | C] () msdxmlc.dll -> C:\WINDOWS\SysWow64\msdxmlc.dll -> [2005/03/25 07:00:00 | 000,004,126 | ---- | C] () [File - Lop Check] .purple -> C:\Documents and Settings\Administrator\Application Data\.purple -> [2010/03/07 23:49:02 | 000,000,000 | ---D | M] Bioshock -> C:\Documents and Settings\Administrator\Application Data\Bioshock -> [2010/02/07 20:14:34 | 000,000,000 | ---D | M] DAEMON Tools -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools -> [2009/01/29 09:38:28 | 000,000,000 | ---D | M] DAEMON Tools Lite -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite -> [2009/10/30 14:08:50 | 000,000,000 | ---D | M] DAEMON Tools Pro -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro -> [2009/01/29 13:48:19 | 000,000,000 | ---D | M] Dropbox -> C:\Documents and Settings\Administrator\Application Data\Dropbox -> [2010/03/03 10:57:27 | 000,000,000 | ---D | M] EVEMon -> C:\Documents and Settings\Administrator\Application Data\EVEMon -> [2010/03/07 23:46:36 | 000,000,000 | ---D | M] gtk-2.0 -> C:\Documents and Settings\Administrator\Application Data\gtk-2.0 -> [2009/09/22 17:24:32 | 000,000,000 | ---D | M] leafChat -> C:\Documents and Settings\Administrator\Application Data\leafChat -> [2010/03/07 23:47:31 | 000,000,000 | ---D | M] LucasArts -> C:\Documents and Settings\Administrator\Application Data\LucasArts -> [2009/07/17 18:25:25 | 000,000,000 | ---D | M] Mount&Blade -> C:\Documents and Settings\Administrator\Application Data\Mount&Blade -> [2009/02/02 05:32:29 | 000,000,000 | ---D | M] Mumble -> C:\Documents and Settings\Administrator\Application Data\Mumble -> [2009/06/29 09:06:36 | 000,000,000 | ---D | M] My Battle for Middle-earth(tm) II Files -> C:\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth(tm) II Files -> [2009/10/09 14:17:12 | 000,000,000 | ---D | M] PlayFirst -> C:\Documents and Settings\Administrator\Application Data\PlayFirst -> [2010/01/11 23:27:04 | 000,000,000 | ---D | M] runic games -> C:\Documents and Settings\Administrator\Application Data\runic games -> [2009/11/05 19:20:31 | 000,000,000 | ---D | M] RunningPillow -> C:\Documents and Settings\Administrator\Application Data\RunningPillow -> [2010/01/28 19:53:24 | 000,000,000 | ---D | M] Slam Dunk Studios, LLC -> C:\Documents and Settings\Administrator\Application Data\Slam Dunk Studios, LLC -> [2009/04/18 15:15:40 | 000,000,000 | ---D | M] Stardock -> C:\Documents and Settings\Administrator\Application Data\Stardock -> [2009/05/26 09:12:17 | 000,000,000 | ---D | M] The Longest Journey Demo -> C:\Documents and Settings\Administrator\Application Data\The Longest Journey Demo -> [2009/05/31 09:51:27 | 000,000,000 | ---D | M] Thinstall -> C:\Documents and Settings\Administrator\Application Data\Thinstall -> [2009/08/26 23:58:17 | 000,000,000 | ---D | M] Ubisoft -> C:\Documents and Settings\Administrator\Application Data\Ubisoft -> [2009/10/12 11:34:45 | 000,000,000 | ---D | M] uTorrent -> C:\Documents and Settings\Administrator\Application Data\uTorrent -> [2010/03/04 17:56:00 | 000,000,000 | ---D | M] 2DBoy -> C:\Documents and Settings\All Users\Application Data\2DBoy -> [2009/03/08 18:33:50 | 000,000,000 | ---D | M] BioWare -> C:\Documents and Settings\All Users\Application Data\BioWare -> [2010/01/09 20:03:56 | 000,000,000 | ---D | M] CCP -> C:\Documents and Settings\All Users\Application Data\CCP -> [2009/01/29 13:26:40 | 000,000,000 | ---D | M] DAEMON Tools Lite -> C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> [2009/01/29 09:37:39 | 000,000,000 | ---D | M] MumboJumbo -> C:\Documents and Settings\All Users\Application Data\MumboJumbo -> [2009/10/29 20:03:50 | 000,000,000 | ---D | M] PlayFirst -> C:\Documents and Settings\All Users\Application Data\PlayFirst -> [2010/01/11 23:27:04 | 000,000,000 | ---D | M] PopCap Games -> C:\Documents and Settings\All Users\Application Data\PopCap Games -> [2009/05/24 16:21:50 | 000,000,000 | ---D | M] Redirected -> C:\Documents and Settings\All Users\Application Data\Redirected -> [2009/08/15 22:05:33 | 000,000,000 | ---D | M] Stardock -> C:\Documents and Settings\All Users\Application Data\Stardock -> [2009/05/26 09:11:28 | 000,000,000 | ---D | M] {1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> [2009/05/26 09:11:45 | 000,000,000 | -H-D | M] {74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/02/18 23:15:31 | 000,000,000 | -H-D | M] Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/03/07 23:17:41 | 000,000,496 | ---- | M] () SchedLgU.Txt -> C:\WINDOWS\Tasks\SchedLgU.Txt -> [2010/03/03 10:55:50 | 000,032,526 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < %ProgramFiles%\Movie Maker\*.dll > WMM2AE.dll -> C:\Program Files (x86)\Movie Maker\WMM2AE.dll -> [2005/03/25 07:00:00 | 000,167,936 | ---- | M] (Microsoft Corporation) WMM2ERES.dll -> C:\Program Files (x86)\Movie Maker\WMM2ERES.dll -> [2005/03/25 07:00:00 | 000,003,072 | ---- | M] (Microsoft Corporation) WMM2EXT.dll -> C:\Program Files (x86)\Movie Maker\WMM2EXT.dll -> [2005/03/25 07:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) WMM2FILT.dll -> C:\Program Files (x86)\Movie Maker\WMM2FILT.dll -> [2005/03/25 07:00:00 | 000,316,928 | ---- | M] (Microsoft Corporation) WMM2FXA.dll -> C:\Program Files (x86)\Movie Maker\WMM2FXA.dll -> [2005/03/25 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) WMM2FXB.dll -> C:\Program Files (x86)\Movie Maker\WMM2FXB.dll -> [2005/03/25 07:00:00 | 000,328,192 | ---- | M] (Microsoft Corporation) WMM2RES.dll -> C:\Program Files (x86)\Movie Maker\WMM2RES.dll -> [2005/03/25 07:00:00 | 004,255,744 | ---- | M] (Microsoft Corporation) WMM2RES2.dll -> C:\Program Files (x86)\Movie Maker\WMM2RES2.dll -> [2005/03/25 07:00:00 | 000,004,608 | ---- | M] (Microsoft Corporation) Invalid Environment Variable: ALLUSERSAPPDATA < %SYSTEMROOT%\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dll > custsat.dll -> C:\Program Files (x86)\Internet Explorer\custsat.dll -> [2006/09/06 17:42:40 | 000,033,792 | ---- | M] (Microsoft Corporation) hmmapi.dll -> C:\Program Files (x86)\Internet Explorer\hmmapi.dll -> [2007/08/13 18:18:02 | 000,060,416 | ---- | M] (Microsoft Corporation) ieproxy.dll -> C:\Program Files (x86)\Internet Explorer\ieproxy.dll -> [2007/08/13 18:43:14 | 000,287,744 | ---- | M] (Microsoft Corporation) Invalid Environment Variable: DriveLetter < %systemroot%\system32\*.dll /lockedfiles > < MD5 Scans Start> < %systemdrive%\AGP440.SYS  /md5 /s > AGP440.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\932544ac229fb6a2b092fd2bb1509ac0\amd64\sp2.cab:AGP440.sys -> [2007/02/18 11:01:10 | 011,678,589 | ---- | M] () < %systemdrive%\ATAPI.SYS  /md5 /s > atapi.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\932544ac229fb6a2b092fd2bb1509ac0\amd64\sp2.cab:atapi.sys -> [2007/02/18 11:01:10 | 011,678,589 | ---- | M] () < %systemdrive%\NETLOGON.DLL  /md5 /s > netlogon.dll : MD5=9DA343027F3B72029AB499D3F7FFACAA -> C:\WINDOWS\SysWOW64\netlogon.dll -> [2005/03/25 07:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=9DA343027F3B72029AB499D3F7FFACAA -> C:\WINDOWS\SysWOW64\netlogon.dll -> [2005/03/25 07:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) < %systemdrive%\SCECLI.DLL  /md5 /s > scecli.dll : MD5=71FB876580530E7B0429312A8BCE5E04 -> C:\WINDOWS\SysWOW64\scecli.dll -> [2005/03/25 07:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=71FB876580530E7B0429312A8BCE5E04 -> C:\WINDOWS\SysWOW64\scecli.dll -> [2005/03/25 07:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < c:\$recycle.bin\*.* /s > OTS cannot create restorepoints on Vista OSs! < End of report >
  9. Error - RootRepeal does not support 64-bit OSs! Can't even change the settings it's crashes during initialization.
  10. Uh oh, I have a feeling this isn't what you were looking for. [code]Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http&#58;//www.gmer.net device&#58; opened successfully user&#58; MBR read successfully kernel&#58; error reading MBR[/code] I tried it a few times, and nothing further occured. Further, after rebooting to try it again, in case that may fix the problem (it didn't) I encountered a RUNDLL error window informing me that it tried to find c:\WINDOWS\ibatibuxerugug.dll but failed. Which is a good thing, I guess, but if it's still trying to run some of this hostile code, then there's probably something still wrong. Avira's full scan last night was clean, though.
  11. [code]All processes killed ========== FILES ========== DllUnregisterServer procedure not found in C&#58;\WINDOWS\ibatibuxerugug.dll C&#58;\WINDOWS\ibatibuxerugug.dll moved successfully. C&#58;\Documents and Settings\Administrator\Desktop\Explorer.exe.exe moved successfully. C&#58;\WINDOWS\Bkopewahatewisu.dat moved successfully. C&#58;\WINDOWS\Fsicogica.bin moved successfully. C&#58;\WINDOWS\SysWow64\piruraju moved successfully. C&#58;\WINDOWS\SysWow64\msjetoledb40.dll moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls deleted successfully. Registry value HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Efonoqipofevi deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{267567d2-fbba-4019-94da-8470f88fb05d} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{267567d2-fbba-4019-94da-8470f88fb05d}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{f4db9296-7c54-4444-bfea-4dc2d0073a57} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4db9296-7c54-4444-bfea-4dc2d0073a57}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{267567d2-fbba-4019-94da-8470f88fb05d} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{267567d2-fbba-4019-94da-8470f88fb05d}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{705c8702-2953-4700-85e2-372ac8232866} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{705c8702-2953-4700-85e2-372ac8232866}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{f4db9296-7c54-4444-bfea-4dc2d0073a57} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4db9296-7c54-4444-bfea-4dc2d0073a57}\ not found. ========== COMMANDS ========== &#91;EMPTYTEMP&#93; User&#58; Administrator ->Temp folder emptied&#58; 9291887 bytes ->Temporary Internet Files folder emptied&#58; 31819703 bytes ->Java cache emptied&#58; 12122844 bytes ->FireFox cache emptied&#58; 88435073 bytes User&#58; All Users User&#58; Default User ->Temp folder emptied&#58; 0 bytes ->Temporary Internet Files folder emptied&#58; 33170 bytes User&#58; LocalService ->Temp folder emptied&#58; 0 bytes ->Temporary Internet Files folder emptied&#58; 33170 bytes User&#58; NetworkService ->Temp folder emptied&#58; 0 bytes ->Temporary Internet Files folder emptied&#58; 0 bytes %systemdrive% .tmp files removed&#58; 0 bytes %systemroot% .tmp files removed&#58; 0 bytes %systemroot%\System32 .tmp files removed&#58; 0 bytes %systemroot%\System32\drivers .tmp files removed&#58; 0 bytes Windows Temp folder emptied&#58; 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied&#58; 33170 bytes RecycleBin emptied&#58; 0 bytes Total Files Cleaned = 135.00 mb OTM by OldTimer - Version 3.1.9.0 log created on 03022010_091503 Files moved on Reboot... Registry entries deleted on Reboot...[/code] Computer seems to be running fine, though it has seemed to take an inordinate amount of time with its bootup since these problems started, in particular the time between the splash screen for my motherboard and the splash screen for windows has increased. Not that I had timed it before, and most of my recent reboots have been while doing these repairs, which might also have some effect. Or it could all be in my head. Other than that, all the fake security warnings are gone, and I haven't had any detections from Avira yet. I'll be sure to update if things take a turn for the worse.
  12. I wasn't sure, so I ran it with the same settings as you provided in the second post. Avira has still been finding a few bad files, but performance-wise things have been much better. Thanks a lot for this help. CODEOTS logfile created on: 2/28/2010 12:01:24 PM - Run 2 OTS by OldTimer - Version 3.1.22.0     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads 64bit-Windows Server 2003  Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195.31 Gb Total Space | 72.53 Gb Free Space | 37.14% Space Free | Partition Type: NTFS Drive D: | 292.97 Gb Total Space | 69.68 Gb Free Space | 23.78% Space Free | Partition Type: NTFS Drive E: | 55.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 443.22 Gb Total Space | 122.92 Gb Free Space | 27.73% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THE-BL7D5N9D5A8 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\Administrator\My Documents\Downloads\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools) jucheck.exe -> C:\Program Files (x86)\Java\jre6\bin\jucheck.exe -> [2009/07/25 04:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/07/25 04:23:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) jqs.exe -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) avguard.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) sched.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) avgnt.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) rthdcpl.exe -> C:\WINDOWS\RTHDCPL.exe -> [2007/12/12 01:55:02 | 016,859,136 | R--- | M] (Realtek Semiconductor Corp.) pdvdserv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe -> [2006/12/06 18:37:40 | 000,069,216 | ---- | M] (Cyberlink Corp.) richvideo.exe -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2005/08/08 13:54:00 | 000,167,936 | ---- | M] () [Modules - Safe List] ots.exe -> C:\Documents and Settings\Administrator\My Documents\Downloads\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools) guard32.dll -> C:\WINDOWS\SysWOW64\guard32.dll -> [2009/03/08 18:55:49 | 000,155,384 | ---- | M] () wininet.dll -> C:\WINDOWS\SysWOW64\wininet.dll -> [2009/03/03 13:43:34 | 000,826,368 | ---- | M] (Microsoft Corporation) dnsapi.dll -> C:\WINDOWS\SysWOW64\dnsapi.dll -> [2008/06/21 02:29:30 | 000,158,208 | ---- | M] (Microsoft Corporation) ibatibuxerugug.dll -> C:\WINDOWS\ibatibuxerugug.dll -> [2007/03/02 00:56:30 | 000,162,816 | ---- | M] () normaliz.dll -> C:\WINDOWS\SysWOW64\normaliz.dll -> [2006/06/29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation) comres.dll -> C:\WINDOWS\SysWOW64\comres.dll -> [2005/03/25 07:00:00 | 000,796,672 | ---- | M] (Microsoft Corporation) comdlg32.dll -> C:\WINDOWS\SysWOW64\comdlg32.dll -> [2005/03/25 07:00:00 | 000,281,088 | ---- | M] (Microsoft Corporation) framedyn.dll -> C:\WINDOWS\SysWOW64\wbem\framedyn.dll -> [2005/03/25 07:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) msctfime.ime -> C:\WINDOWS\SysWOW64\MSCTFIME.IME -> [2005/03/25 07:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) ws2help.dll -> C:\WINDOWS\SysWOW64\ws2help.dll -> [2005/03/25 07:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) fltlib.dll -> C:\WINDOWS\SysWOW64\fltlib.dll -> [2005/03/25 07:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_0213CDC8\comctl32.dll -> [2005/03/24 13:29:42 | 001,051,648 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(cmdAgent)  [Auto | Running] -> C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -> [2009/03/08 18:55:05 | 001,043,192 | ---- | M] () (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Stopped] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/18 23:16:34 | 001,229,232 | ---- | M] (Lavasoft) (DAUpdaterSvc) Dragon Age: Origins - Content Updater [On_Demand | Stopped] -> D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -> [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) (JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) (clr_optimization_v2.0.50727_64) .NET Runtime Optimization Service v2.0.50727_x64 [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) (aspnet_state) ASP.NET State Service [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> [2008/07/25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -> [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) (RichVideo) Cyberlink RichVideo Service(CRVS) [Auto | Running] -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2005/08/08 13:54:00 | 000,167,936 | ---- | M] () (IASJet) IAS Jet Database Access [On_Demand | Stopped] -> C:\WINDOWS\SysWOW64\iasrecst.dll -> [2005/03/25 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) (helpsvc) Help and Support [Auto | Running] -> C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -> [2005/03/25 07:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (avgio) avgio [Kernel | System | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgio64.sys -> [2009/02/13 11:37:29 | 000,013,656 | ---- | M] (Avira GmbH) ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) {95808DC4-FA4A-4c74-92FE-5B863F82066B} [Kernel | Auto | Running] -> C:\Program Files (x86)\CyberLink\PowerDVD0.fcl -> [2006/11/02 17:49:24 | 000,013,560 | ---- | M] (Cyberlink Corp.) (mnmdd) mnmdd [Kernel | System | Running] -> C:\WINDOWS\SysWOW64\mnmdd.dll -> [2005/03/25 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\prefs.js -> extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 -> extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 -> extensions.enabledItems -> [email protected]:1.0 -> extensions.enabledItems -> [email protected]:1.5.1 -> extensions.enabledItems -> {11B4695B-1FC3-4A19-B63B-2789EDDA7A35}:1.9.1 -> < FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions ->  -> HKLM\software\mozilla\Firefox\Extensions\\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} [C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35}] -> [2010/02/25 19:40:28 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions ->  -> HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/19 09:31:43 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/02/19 09:31:43 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > ->   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> [2009/01/28 20:22:28 | 000,000,000 | ---D | M]   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions -> [2010/02/27 13:15:02 | 000,000,000 | ---D | M] Adblock Plus   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/01/09 22:10:23 | 000,000,000 | ---D | M] Greasemonkey   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009/12/13 19:24:14 | 000,000,000 | ---D | M]   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\[email protected] -> [2010/01/21 00:55:20 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > ->   -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/02/27 13:15:02 | 000,000,000 | ---D | M] Hosts file not found -> -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/12/21 18:27:44 | 000,075,200 | ---- | M] (Adobe Systems Incorporated) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/07/25 04:23:03 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/07/25 04:22:43 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 05:43:28 | 000,069,632 | R--- | M] (Realtek Semiconductor Corp.) "AlcWzrd" -> C:\WINDOWS\alcwzrd.exe [ALCWZRD.EXE] -> [2006/05/04 03:26:36 | 002,808,832 | R--- | M] (RealTek Semicoductor Corp.) "COMODO Internet Security" -> C:\Program Files\Comodo\COMODO Internet Security\cfp.exe ["C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h] -> [2009/03/08 18:55:15 | 009,247,480 | ---- | M] () "NvCplDaemon" -> C:\WINDOWS\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> File not found "NvMediaCenter" -> C:\WINDOWS\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> File not found "nwiz" ->  [nwiz.exe /install] -> File not found "RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/12/12 01:55:02 | 016,859,136 | R--- | M] (Realtek Semiconductor Corp.) "SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2007/11/20 05:15:58 | 001,826,816 | R--- | M] (Realtek Semiconductor Corp.) "SoundMan" -> C:\WINDOWS\SoundMan.exe [SOUNDMAN.EXE] -> [2006/07/21 03:14:36 | 000,086,016 | R--- | M] (Realtek Semiconductor Corp.) "Start WingMan Profiler" -> C:\Program Files\Logitech\Gaming Software\LWEMon.exe [C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui] -> [2008/04/04 13:30:28 | 000,120,328 | ---- | M] (Logitech Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe ARM" -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/12/11 15:57:56 | 000,948,672 | R--- | M] (Adobe Systems Incorporated) "Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) "avgnt" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) "LanguageShortcut" -> C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"] -> [2006/12/05 22:55:32 | 000,054,832 | ---- | M] () "QuickTime Task" -> C:\Program Files (x86)\QuickTime\qttask.exe ["C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime] -> [2009/05/26 16:18:30 | 000,413,696 | ---- | M] (Apple Inc.) "RemoteControl" -> C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"] -> [2006/12/06 18:37:40 | 000,069,216 | ---- | M] (Cyberlink Corp.) "SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/07/25 04:23:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) "Upabifexeme" -> C:\WINDOWS\ibatibuxerugug.DLL [rundll32.exe "C:\WINDOWS\ibatibuxerugug.dll",Startup] -> [2007/03/02 00:56:30 | 000,162,816 | ---- | M] () "WinampAgent" -> C:\Program Files (x86)\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] -> [2008/08/03 18:02:20 | 000,036,352 | ---- | M] () < RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found < RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DAEMON Tools Lite" -> C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe ["C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun] -> [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) "Efonoqipofevi" -> C:\WINDOWS\MODENMVD.DLL [rundll32.exe "C:\WINDOWS\MODENMVD.dll",Startup] -> File not found "Paladin Antivirus" -> C:\Program Files (x86)\Paladin Antivirus\pav.exe ["C:\Program Files (x86)\Paladin Antivirus\pav.exe" -noscan] -> File not found < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe -> [2007/12/07 13:53:28 | 000,044,658 | ---- | M] (The Pidgin developer community) C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Teamspeak 2 RC2.lnk -> C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe -> [2003/08/29 16:13:04 | 001,436,160 | ---- | M] (Dominating Bytes Design) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main \Main\\"DisableFirstRunCustomize" ->  [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" ->  [1] -> File not found \\"HonorAutoRunSetting" ->  [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"EnableLUA" ->  [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" ->  [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\Software\Microsoft\Internet Explorer\Extensions\ -> 64bit-CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.10.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {944C44C7-2DF1-496F-9075-FB92F9A12CAF}\\DhcpNameServer -> 192.168.10.1   (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> c:\windows\syswow64\pipiwuhi.dll -> c:\windows\syswow64\pipiwuhi.dll -> File not found c:\windows\syswow64\vupewoka.dll -> c:\windows\syswow64\vupewoka.dll -> File not found hodajupi.dll ->  -> File not found c:\windows\syswow64\titugivo.dll -> c:\windows\syswow64\titugivo.dll -> File not found c:\windows\syswow64\rabageha.dll -> c:\windows\syswow64\rabageha.dll -> File not found c:\windows\syswow64\gizokoro.dll -> c:\windows\syswow64\gizokoro.dll -> File not found *MultiFile Done* -> -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> %SystemRoot%\system32\logonui.exe -> C:\WINDOWS\SysNative\logonui.exe -> File not found *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> Control_RunDLL "sysdm.cpl" ->  -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\SysWow64\explorer.exe -> [2005/03/25 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System -> lsass.exe ->  -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> crypt32chain ->  -> File not found cryptnet ->  -> File not found cscdll ->  -> File not found dimsntfy ->  -> File not found ScCertProp ->  -> File not found Schedule ->  -> File not found sclgntfy ->  -> File not found SensLogn ->  -> File not found termsrv ->  -> File not found wlballoon ->  -> File not found < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> ScCertProp ->  -> File not found Schedule ->  -> File not found SensLogn ->  -> File not found wlballoon ->  -> File not found < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\SysNative\stobject.dll [SysTray] -> File not found "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\SysNative\WPDShServiceObj.dll [WPDShServiceObj] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{267567d2-fbba-4019-94da-8470f88fb05d}" [HKLM] -> c:\windows\SysWow64\mopidupo.dll [dedosasab] -> File not found "{705c8702-2953-4700-85e2-372ac8232866}" [HKLM] -> Reg Error: Key error. [gikuvihid] -> File not found "{f4db9296-7c54-4444-bfea-4dc2d0073a57}" [HKLM] -> c:\windows\SysWow64\makezimu.dll [yiniketub] -> File not found < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> "{267567d2-fbba-4019-94da-8470f88fb05d}" [HKLM] -> c:\windows\SysWow64\mopidupo.dll [mujuzedij] -> File not found "{705c8702-2953-4700-85e2-372ac8232866}" [HKLM] -> Reg Error: Key error. [gahurihor] -> File not found "{f4db9296-7c54-4444-bfea-4dc2d0073a57}" [HKLM] -> c:\windows\SysWow64\makezimu.dll [gahurihor] -> File not found < 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] ->  [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll ->  -> File not found schannel.dll ->  -> File not found digest.dll ->  -> File not found msnsspc.dll ->  -> File not found *MultiFile Done* -> -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SysWow64\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found "C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox] -> [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () "C:\Documents and Settings\Administrator\Desktop\OTM.exe" -> C:\Documents and Settings\Administrator\Desktop\OTM.exe [C:\Documents and Settings\Administrator\Desktop\OTM.exe:*:Enabled:OTM] -> [2010/02/26 10:33:49 | 000,504,832 | ---- | M] (OldTimer Tools) "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe:*:Enabled:avguard] -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) "C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe" -> C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe [C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> [2009/12/11 18:37:23 | 000,516,936 | ---- | M] (CCP hf.) "C:\Program Files (x86)\DNA\btdna.exe" -> C:\Program Files (x86)\DNA\btdna.exe [C:\Program Files (x86)\DNA\btdna.exe:*:Enabled:DNA] -> [2009/03/10 10:25:20 | 000,318,272 | ---- | M] (BitTorrent, Inc.) "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:AAWTray] -> [2010/02/18 23:16:36 | 000,815,184 | ---- | M] (Lavasoft) "C:\Program Files (x86)\Pidgin\pidgin.exe" -> C:\Program Files (x86)\Pidgin\pidgin.exe [C:\Program Files (x86)\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2007/12/07 13:53:28 | 000,044,658 | ---- | M] (The Pidgin developer community) "C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe" -> C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe [C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe:*:Enabled:bv2] -> [2008/04/20 23:13:44 | 000,778,240 | ---- | M] () "C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe" -> C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe [C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War] -> [2009/01/29 15:20:30 | 019,779,584 | ---- | M] (The Creative Assembly Ltd) "C:\Program Files (x86)\uTorrent\uTorrent.exe" -> C:\Program Files (x86)\uTorrent\uTorrent.exe [C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2010/02/12 22:28:03 | 000,319,280 | ---- | M] (BitTorrent, Inc.) "C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\SysWow64\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2005/03/25 07:00:00 | 000,083,968 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\SysWOW64\javaw.exe" -> C:\WINDOWS\SysWOW64\javaw.exe [C:\WINDOWS\SysWOW64\javaw.exe:*:Enabled:javaw] -> [2009/07/25 04:23:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) "D:\EVE\bin\ExeFile.exe" -> D:\EVE\bin\ExeFile.exe [D:\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> [2008/12/05 11:39:22 | 000,513,280 | ---- | M] (CCP hf.) "D:\Games\Anno 1404\tools\Anno4Web.exe" -> D:\Games\Anno 1404\tools\Anno4Web.exe [D:\Games\Anno 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web] -> [2009/05/23 15:48:00 | 001,320,232 | ---- | M] () "D:\Games\Dark Oberon\dark-oberon.exe" -> D:\Games\Dark Oberon\dark-oberon.exe [D:\Games\Dark Oberon\dark-oberon.exe:*:Enabled:dark-oberon] -> [2006/11/01 14:10:40 | 000,532,480 | ---- | M] () "D:\Games\Dead Space\Dead Space.exe" -> D:\Games\Dead Space\Dead Space.exe [D:\Games\Dead Space\Dead Space.exe:*:Disabled:Dead Space â„¢] -> [2008/11/01 09:17:11 | 013,733,888 | ---- | M] () "D:\Games\Dragon Age\bin_ship\daorigins.exe" -> D:\Games\Dragon Age\bin_ship\daorigins.exe [D:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game] -> [2009/11/02 02:57:00 | 009,909,480 | ---- | M] (BioWare) "D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe" -> D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater] -> [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) "D:\Games\Dragon Age\DAOriginsLauncher.exe" -> D:\Games\Dragon Age\DAOriginsLauncher.exe [D:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher] -> [2009/08/10 10:59:08 | 001,246,440 | ---- | M] (BioWare) "D:\Games\Glest_3.2.2\glest.exe" -> D:\Games\Glest_3.2.2\glest.exe [D:\Games\Glest_3.2.2\glest.exe:*:Enabled:glest] -> [2009/04/02 19:03:30 | 001,230,336 | ---- | M] () "D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe" -> D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe [D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men] -> [2007/11/10 20:11:24 | 007,542,024 | ---- | M] (Io Interactive A/S) "D:\Games\Mass Effect\Binaries\MassEffect.exe" -> D:\Games\Mass Effect\Binaries\MassEffect.exe [D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game] -> [2008/05/29 17:34:19 | 048,956,922 | ---- | M] (BioWare) "D:\Games\Mass Effect\MassEffectLauncher.exe" -> D:\Games\Mass Effect\MassEffectLauncher.exe [D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher] -> [2008/05/07 11:19:36 | 000,730,344 | ---- | M] (BioWare) "D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe" -> D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe [D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising] -> [2009/10/06 16:22:36 | 020,094,976 | ---- | M] (Codemasters Software Company Limited) "D:\Games\Prototype\prototypef.exe" -> D:\Games\Prototype\prototypef.exe [D:\Games\Prototype\prototypef.exe:*:Enabled:Prototype(TM)] -> [2009/06/09 13:43:00 | 002,269,232 | ---- | M] (Activision) "D:\Games\Warcraft III\Warcraft III.exe" -> D:\Games\Warcraft III\Warcraft III.exe [D:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> [2009/04/14 16:00:10 | 000,274,432 | ---- | M] (Blizzard Entertainment) "D:\Games\Wolfenstein\MP\Wolf2MP.exe" -> D:\Games\Wolfenstein\MP\Wolf2MP.exe [D:\Games\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)] -> [2009/07/22 18:46:40 | 006,399,248 | ---- | M] (Activision) "D:\Games\Wolfenstein\MP\Wolf2MPLite.exe" -> D:\Games\Wolfenstein\MP\Wolf2MPLite.exe [D:\Games\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)] -> [2009/07/22 18:46:40 | 006,042,896 | ---- | M] (Activision) "D:\Games\Worms Armageddon - New Edition\WA.exe" -> D:\Games\Worms Armageddon - New Edition\WA.exe [D:\Games\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon] -> [2007/07/05 11:05:59 | 004,378,624 | ---- | M] (Team17 Software Ltd) "D:\Steam\Steam.exe" -> D:\Steam\Steam.exe [D:\Steam\Steam.exe:*:Enabled:Steam] -> [2010/02/26 13:30:48 | 001,217,872 | ---- | M] (Valve Corporation) "D:\Steam\steamapps\andre2account\the ship\ship.exe" -> D:\Steam\steamapps\andre2account\the ship\ship.exe [D:\Steam\steamapps\andre2account\the ship\ship.exe:*:Enabled:ship] -> [2009/04/03 17:46:35 | 000,090,112 | ---- | M] () "D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe" -> D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe [D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe:*:Enabled:AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity Demo] -> [2009/10/19 19:06:33 | 000,049,152 | ---- | M] () "D:\Steam\steamapps\common\battleforge\Bootstrapper.exe" -> D:\Steam\steamapps\common\battleforge\Bootstrapper.exe [D:\Steam\steamapps\common\battleforge\Bootstrapper.exe:*:Enabled:Battleforge Demo] -> [2009/08/13 12:12:36 | 005,797,240 | ---- | M] (EA Phenomic) "D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" -> D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe [D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock] -> [2009/10/23 21:57:26 | 009,932,800 | ---- | M] () "D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe" -> D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe [D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:*:Enabled:Blueberry Garden Demo] -> [2009/12/14 00:02:01 | 000,160,256 | ---- | M] (Erik Svedäng) "D:\Steam\steamapps\common\champions online\Champions Online.exe" -> D:\Steam\steamapps\common\champions online\Champions Online.exe [D:\Steam\steamapps\common\champions online\Champions Online.exe:*:Enabled:Cryptic Game Launcher] -> File not found "D:\Steam\steamapps\common\company of heroes\help.htm" -> D:\Steam\steamapps\common\company of heroes\help.htm [D:\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes] -> [2009/04/16 13:00:27 | 000,000,213 | ---- | M] () "D:\Steam\steamapps\common\company of heroes\RelicCOH.exe" -> D:\Steam\steamapps\common\company of heroes\RelicCOH.exe [D:\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes] -> [2009/12/24 02:10:25 | 009,266,056 | ---- | M] (THQ Canada Inc.) "D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe" -> D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe [D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe:*:Enabled:Dangerous High School Girls in Trouble] -> [2009/12/24 00:15:36 | 000,038,400 | ---- | M] () "D:\Steam\steamapps\common\fallout 3\Fallout3.exe" -> D:\Steam\steamapps\common\fallout 3\Fallout3.exe [D:\Steam\steamapps\common\fallout 3\Fallout3.exe:*:Enabled:Fallout3] -> [2009/08/14 22:02:52 | 015,044,024 | ---- | M] (Bethesda Softworks) "D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe" -> D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe [D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:*:Enabled:Fallout 3] -> [2009/01/28 20:47:38 | 001,900,544 | ---- | M] (Bethesda Softworks) "D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" -> D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe [D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor] -> [2009/11/04 21:05:47 | 000,192,512 | ---- | M] () "D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" -> D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe [D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2] -> [2009/11/03 19:51:14 | 000,385,024 | ---- | M] () "D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" -> D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe [D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2] -> [2009/11/17 08:47:27 | 000,385,024 | ---- | M] () "D:\Steam\steamapps\common\left 4 dead\left4dead.exe" -> D:\Steam\steamapps\common\left 4 dead\left4dead.exe [D:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead] -> [2009/04/22 10:10:00 | 000,098,304 | ---- | M] () "D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe" -> D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe [D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus] -> [2009/12/24 00:34:50 | 002,289,664 | ---- | M] (Oddworld Inhabitants, Inc.) "D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe" -> D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe [D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:Oddworld: Abe's Oddysee] -> [2009/12/24 02:21:37 | 001,132,032 | ---- | M] (Oddworld Inhabitants, Inc.) "D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe" -> D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe [D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe:*:Enabled:Raycatcher Demo] -> [2009/04/18 15:14:05 | 002,287,104 | ---- | M] (GarageGames) "D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe" -> D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe [D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe:*:Enabled:Time Gentlemen, Please!] -> [2010/01/10 18:46:02 | 074,077,811 | ---- | M] (Chris Jones) "D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe" -> D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe [D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe:*:Enabled:Time Gentlemen, Please!] -> [2010/01/10 18:45:15 | 000,110,612 | ---- | M] (Chris Jones) "D:\Steam\steamapps\common\tomb raider anniversary\tra.exe" -> D:\Steam\steamapps\common\tomb raider anniversary\tra.exe [D:\Steam\steamapps\common\tomb raider anniversary\tra.exe:*:Enabled:Tomb Raider: Anniversary] -> [2009/04/03 17:46:33 | 001,170,944 | ---- | M] (Eidos Inc.) "D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe" -> D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe [D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2] -> File not found "D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe" -> D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe [D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo] -> [2009/03/08 18:31:13 | 002,203,648 | ---- | M] () "D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe" -> D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe [D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe:*:Disabled:hl2] -> [2009/12/26 12:08:01 | 000,098,304 | ---- | M] () "D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe" -> D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe [D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe:*:Enabled:hl2] -> [2009/12/14 10:37:06 | 000,106,496 | ---- | M] () "D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe" -> D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe [D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe:*:Enabled:hl2] -> [2010/02/26 13:35:22 | 000,103,736 | ---- | M] () "D:\Steam\steamapps\[email protected]\dystopia\hl2.exe" -> D:\Steam\steamapps\[email protected]\dystopia\hl2.exe [D:\Steam\steamapps\[email protected]\dystopia\hl2.exe:*:Enabled:hl2] -> [2009/03/04 00:08:33 | 000,106,496 | ---- | M] () "D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe" -> D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe [D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe:*:Enabled:hl2] -> [2009/02/20 12:24:33 | 000,106,496 | ---- | M] () "D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe" -> D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe [D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe:*:Enabled:hl2] -> [2010/02/14 21:25:43 | 000,098,304 | ---- | M] () "D:\Steam\steamapps\[email protected]\smashball\hl2.exe" -> D:\Steam\steamapps\[email protected]\smashball\hl2.exe [D:\Steam\steamapps\[email protected]\smashball\hl2.exe:*:Enabled:hl2] -> [2009/08/12 14:33:52 | 000,098,304 | ---- | M] () "D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe" -> D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe [D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe:*:Enabled:hl2] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\WINDOWS\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > ->  -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/28 20:14:31 | 000,000,000 | ---- | M] () E:\Autorun.inf [[autorun] | Open=demo32.exe | Icon=Lws.Ico | ] -> E:\Autorun.inf [ CDFS ] -> [2007/10/15 14:03:27 | 000,000,040 | R--- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\\"" ->  [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command \{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found \{885b927e-a78c-11de-83d9-00e04c77ba7a} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell \{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\\"" ->  [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun \{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found \{b06a94d5-ed72-11dd-aaa5-806e6f6e6963} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell \{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\\"" ->  [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun \{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\command \{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\command\\"" -> E:\Demo32.exe [E:\demo32.exe] -> [2007/07/13 16:08:54 | 000,509,464 | R--- | M] (InstallShield Software Corporation) < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-htmlfile [edit] -> Reg Error: Key error. 64bit-inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> File not found 64bit-InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> File not found 64bit-piffile [open] -> "%1" %* -> File not found 64bit-regfile [merge] -> Reg Error: Key error. 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> File not found 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-txtfile [edit] -> Reg Error: Key error. 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) 64bit-Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) 64bit-Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) 64bit-Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) 64bit-Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) 64bit-Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> htmlfile [edit] -> Reg Error: Key error. piffile [open] -> "%1" %* -> regfile [merge] -> Reg Error: Key error. scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2005/03/25 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> txtfile [edit] -> Reg Error: Key error. Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 1/12/2010 11:49:31 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Hang | ID = 1002 -> Description = Hanging application hammer.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 1/21/2010 1:27:36 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module unknown, version 0.0.0.0, fault address 0x1390e114. Application [ Error ] 1/30/2010 12:25:22 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module gen_ml.dll, version 0.0.0.0, fault address 0x0001c32b. Application [ Error ] 2/5/2010 3:47:36 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module gdi32.dll, version 5.2.3790.3233, fault address 0x00015901. Application [ Error ] 2/7/2010 9:29:29 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application towerclimb.exe, version 0.0.0.0, faulting module towerclimb.exe, version 0.0.0.0, fault address 0x000617b0. Application [ Error ] 2/7/2010 9:34:51 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application towerclimb.exe, version 0.0.0.0, faulting module towerclimb.exe, version 0.0.0.0, fault address 0x000617b0. Application [ Error ] 2/18/2010 11:31:45 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application rewmcxoans.tmp, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x02002222. Application [ Error ] 2/18/2010 11:56:13 PM Computer Name = THE-BL7D5N9D5A8 | Source = VSS | ID = 8211 -> Description = Application [ Error ] 2/19/2010 12:15:54 AM Computer Name = THE-BL7D5N9D5A8 | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description = Application [ Error ] 2/19/2010 10:18:37 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Hang | ID = 1002 -> Description = Hanging application eventcreatexp.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System [ Error ] 2/26/2010 1:44:49 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842784 -> Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.   System [ Error ] 2/26/2010 1:44:49 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.  Reference error message: The referenced assembly is not installed on your system.  . System [ Error ] 2/26/2010 1:44:49 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6E02DFE5\MFC80U.DLL.  Reference error message: The referenced assembly is not installed on your system.  . System [ Error ] 2/26/2010 1:45:21 PM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool. System [ Error ] 2/26/2010 1:45:21 PM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool. System [ Error ] 2/26/2010 1:56:08 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842784 -> Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.   System [ Error ] 2/26/2010 1:56:08 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.  Reference error message: The referenced assembly is not installed on your system.  . System [ Error ] 2/26/2010 1:56:08 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6E02DFE5\MFC80U.DLL.  Reference error message: The referenced assembly is not installed on your system.  . System [ Error ] 2/26/2010 1:56:34 PM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool. System [ Error ] 2/26/2010 1:56:35 PM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool. [Files/Folders - Created Within 30 Days] Malwarebytes -> C:\Documents and Settings\Administrator\Application Data\Malwarebytes -> [2010/02/26 10:48:45 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys -> [2010/02/26 10:48:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/02/26 10:48:39 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/02/26 10:48:39 | 000,000,000 | ---D | C] Explorer.exe.exe -> C:\Documents and Settings\Administrator\Desktop\Explorer.exe.exe -> [2010/02/26 10:47:07 | 005,061,512 | ---- | C] (Malwarebytes Corporation                                    ) _OTM -> C:\_OTM -> [2010/02/26 10:35:43 | 000,000,000 | ---D | C] OTM.exe -> C:\Documents and Settings\Administrator\Desktop\OTM.exe -> [2010/02/26 10:33:02 | 000,504,832 | ---- | C] (OldTimer Tools) {11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> [2010/02/25 19:40:28 | 000,000,000 | ---D | C] ERDNT -> C:\WINDOWS\ERDNT -> [2010/02/19 10:02:45 | 000,000,000 | ---D | C] Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2010/02/19 09:58:42 | 000,000,000 | ---D | C] {74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/02/18 23:15:30 | 000,000,000 | -H-D | C] Lavasoft -> C:\Program Files (x86)\Lavasoft -> [2010/02/18 23:15:11 | 000,000,000 | ---D | C] Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2010/02/18 23:15:11 | 000,000,000 | ---D | C] Securityessentials2010 -> C:\Program Files\Securityessentials2010 -> [2010/02/18 22:31:36 | 000,000,000 | ---D | C] Pando Networks -> C:\Program Files (x86)\Pando Networks -> [2010/02/18 22:13:48 | 000,000,000 | ---D | C] muweb.dll -> C:\WINDOWS\SysWow64\muweb.dll -> [2010/02/17 14:38:03 | 000,215,920 | ---- | C] (Microsoft Corporation) Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2010/02/16 20:01:32 | 000,000,000 | ---D | C] Config.Msi -> C:\Config.Msi -> [2010/02/16 11:12:01 | 000,000,000 | -HSD | C] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/10/29 14:31:04 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M] [Files/Folders - Modified Within 30 Days] Bkopewahatewisu.dat -> C:\WINDOWS\Bkopewahatewisu.dat -> [2010/02/28 11:59:25 | 000,000,120 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/28 00:11:07 | 000,043,008 | ---- | M] () Fsicogica.bin -> C:\WINDOWS\Fsicogica.bin -> [2010/02/28 00:10:34 | 000,000,000 | ---- | M] () PUTTY.RND -> C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND -> [2010/02/27 16:33:06 | 000,000,600 | ---- | M] () Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/02/26 13:29:59 | 000,000,496 | ---- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/26 12:56:04 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/26 12:56:03 | 000,002,048 | --S- | M] () ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2010/02/26 12:54:55 | 000,000,178 | -HS- | M] () NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2010/02/26 12:54:35 | 018,350,080 | -H-- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/26 10:51:05 | 000,000,738 | ---- | M] () Explorer.exe.exe -> C:\Documents and Settings\Administrator\Desktop\Explorer.exe.exe -> [2010/02/26 10:47:07 | 005,061,512 | ---- | M] (Malwarebytes Corporation                                    ) piruraju -> C:\WINDOWS\SysWow64\piruraju -> [2010/02/26 10:36:15 | 000,000,000 | -H-- | M] () OTM.exe -> C:\Documents and Settings\Administrator\Desktop\OTM.exe -> [2010/02/26 10:33:49 | 000,504,832 | ---- | M] (OldTimer Tools) aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/02/26 09:24:42 | 000,000,954 | -H-- | M] () Dropbox.lnk -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> [2010/02/26 09:14:42 | 000,000,926 | ---- | M] () HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/19 09:58:42 | 000,001,800 | ---- | M] () Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/02/18 23:15:29 | 000,000,921 | ---- | M] () IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2010/02/18 23:00:58 | 002,096,656 | -H-- | M] () Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/02/16 11:12:37 | 000,001,771 | ---- | M] () av.jpg -> C:\Documents and Settings\Administrator\Desktop\av.jpg -> [2010/02/14 10:37:10 | 000,022,293 | ---- | M] () .recently-used.xbel -> C:\Documents and Settings\Administrator\.recently-used.xbel -> [2010/02/14 10:34:47 | 000,000,875 | ---- | M] () getoutdalf.jpg -> C:\Documents and Settings\Administrator\Desktop\getoutdalf.jpg -> [2010/02/14 10:34:32 | 000,083,355 | ---- | M] () Shortcut to putty.lnk -> C:\Documents and Settings\Administrator\Desktop\Shortcut to putty.lnk -> [2010/01/31 16:20:49 | 000,000,482 | ---- | M] () 2 C:\Documents and Settings\Administrator\Local Settings\Temp\is-08JT5.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\is-08JT5.tmp\_isetup\*.tmp -> [Files - No Company Name] Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/26 10:48:43 | 000,000,738 | ---- | C] () piruraju -> C:\WINDOWS\SysWow64\piruraju -> [2010/02/26 10:36:15 | 000,000,000 | -H-- | C] () Bkopewahatewisu.dat -> C:\WINDOWS\Bkopewahatewisu.dat -> [2010/02/25 19:40:29 | 000,000,120 | ---- | C] () Fsicogica.bin -> C:\WINDOWS\Fsicogica.bin -> [2010/02/25 19:40:29 | 000,000,000 | ---- | C] () HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/19 09:58:42 | 000,001,800 | ---- | C] () aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/02/18 23:35:23 | 000,000,954 | -H-- | C] () Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/02/18 23:18:40 | 000,000,496 | ---- | C] () Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/02/18 23:15:29 | 000,000,921 | ---- | C] () Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/02/16 11:12:37 | 000,001,771 | ---- | C] () av.jpg -> C:\Documents and Settings\Administrator\Desktop\av.jpg -> [2010/02/14 10:37:10 | 000,022,293 | ---- | C] () .recently-used.xbel -> C:\Documents and Settings\Administrator\.recently-used.xbel -> [2010/02/14 10:34:47 | 000,000,875 | ---- | C] () getoutdalf.jpg -> C:\Documents and Settings\Administrator\Desktop\getoutdalf.jpg -> [2010/02/14 10:34:31 | 000,083,355 | ---- | C] () Shortcut to putty.lnk -> C:\Documents and Settings\Administrator\Desktop\Shortcut to putty.lnk -> [2010/01/31 16:20:49 | 000,000,482 | ---- | C] () WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2009/05/25 21:44:55 | 000,000,754 | ---- | C] () WA.INI -> C:\WINDOWS\WA.INI -> [2009/05/23 22:43:42 | 000,000,122 | ---- | C] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/03/10 10:25:50 | 000,000,238 | ---- | C] () BlendSettings.ini -> C:\WINDOWS\BlendSettings.ini -> [2009/02/20 14:32:42 | 000,000,023 | ---- | C] () FoxImager.dll -> C:\WINDOWS\SysWow64\FoxImager.dll -> [2009/02/17 18:29:59 | 000,323,584 | ---- | C] () PerfStringBackup.INI -> C:\WINDOWS\SysWow64\PerfStringBackup.INI -> [2009/01/29 00:16:32 | 000,553,690 | ---- | C] () Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2009/01/28 21:03:03 | 000,006,274 | ---- | C] () ASUSHWIO.SYS -> C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS -> [2009/01/28 21:02:55 | 000,010,288 | ---- | C] () guard32.dll -> C:\WINDOWS\SysWow64\guard32.dll -> [2009/01/28 20:30:25 | 000,155,384 | ---- | C] () nview.dll -> C:\WINDOWS\SysWow64\nview.dll -> [2009/01/15 08:19:00 | 001,507,328 | ---- | C] () nvwimg.dll -> C:\WINDOWS\SysWow64\nvwimg.dll -> [2009/01/15 08:19:00 | 001,101,824 | ---- | C] () qt-dx331.dll -> C:\WINDOWS\SysWow64\qt-dx331.dll -> [2008/11/06 11:37:32 | 003,596,288 | ---- | C] () xlive.dll.cat -> C:\WINDOWS\SysWow64\xlive.dll.cat -> [2008/10/28 17:40:48 | 000,173,552 | ---- | C] () physxcudart_20.dll -> C:\WINDOWS\SysWow64\physxcudart_20.dll -> [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () AgCPanelTraditionalChinese.dll -> C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll -> [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () AgCPanelSwedish.dll -> C:\WINDOWS\SysWow64\AgCPanelSwedish.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelSpanish.dll -> C:\WINDOWS\SysWow64\AgCPanelSpanish.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelSimplifiedChinese.dll -> C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelPortugese.dll -> C:\WINDOWS\SysWow64\AgCPanelPortugese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelKorean.dll -> C:\WINDOWS\SysWow64\AgCPanelKorean.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelJapanese.dll -> C:\WINDOWS\SysWow64\AgCPanelJapanese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelGerman.dll -> C:\WINDOWS\SysWow64\AgCPanelGerman.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () AgCPanelFrench.dll -> C:\WINDOWS\SysWow64\AgCPanelFrench.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () ibatibuxerugug.dll -> C:\WINDOWS\ibatibuxerugug.dll -> [2007/03/02 00:56:30 | 000,162,816 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] () GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] () GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] () quartz.dll -> C:\WINDOWS\SysWow64\quartz.dll -> [2005/03/25 07:00:00 | 001,291,264 | ---- | C] () qedwipes.dll -> C:\WINDOWS\SysWow64\qedwipes.dll -> [2005/03/25 07:00:00 | 000,733,696 | ---- | C] () qedit.dll -> C:\WINDOWS\SysWow64\qedit.dll -> [2005/03/25 07:00:00 | 000,512,512 | ---- | C] () dxmasf.dll -> C:\WINDOWS\SysWow64\dxmasf.dll -> [2005/03/25 07:00:00 | 000,498,742 | ---- | C] () encdec.dll -> C:\WINDOWS\SysWow64\encdec.dll -> [2005/03/25 07:00:00 | 000,396,288 | ---- | C] () qdvd.dll -> C:\WINDOWS\SysWow64\qdvd.dll -> [2005/03/25 07:00:00 | 000,385,536 | ---- | C] () msjetoledb40.dll -> C:\WINDOWS\SysWow64\msjetoledb40.dll -> [2005/03/25 07:00:00 | 000,355,112 | ---- | C] () qdv.dll -> C:\WINDOWS\SysWow64\qdv.dll -> [2005/03/25 07:00:00 | 000,279,040 | ---- | C] () sbe.dll -> C:\WINDOWS\SysWow64\sbe.dll -> [2005/03/25 07:00:00 | 000,276,992 | ---- | C] () ir32_32.dll -> C:\WINDOWS\SysWow64\ir32_32.dll -> [2005/03/25 07:00:00 | 000,199,168 | ---- | C] () qcap.dll -> C:\WINDOWS\SysWow64\qcap.dll -> [2005/03/25 07:00:00 | 000,192,512 | ---- | C] () msencode.dll -> C:\WINDOWS\SysWow64\msencode.dll -> [2005/03/25 07:00:00 | 000,114,688 | ---- | C] () amstream.dll -> C:\WINDOWS\SysWow64\amstream.dll -> [2005/03/25 07:00:00 | 000,072,704 | ---- | C] () mciqtz32.dll -> C:\WINDOWS\SysWow64\mciqtz32.dll -> [2005/03/25 07:00:00 | 000,062,464 | ---- | C] () devenum.dll -> C:\WINDOWS\SysWow64\devenum.dll -> [2005/03/25 07:00:00 | 000,061,440 | ---- | C] () tsd32.dll -> C:\WINDOWS\SysWow64\tsd32.dll -> [2005/03/25 07:00:00 | 000,016,896 | ---- | C] () msdmo.dll -> C:\WINDOWS\SysWow64\msdmo.dll -> [2005/03/25 07:00:00 | 000,014,336 | ---- | C] () msdxmlc.dll -> C:\WINDOWS\SysWow64\msdxmlc.dll -> [2005/03/25 07:00:00 | 000,004,126 | ---- | C] () [File - Lop Check] .purple -> C:\Documents and Settings\Administrator\Application Data\.purple -> [2010/02/28 11:59:12 | 000,000,000 | ---D | M] Bioshock -> C:\Documents and Settings\Administrator\Application Data\Bioshock -> [2010/02/07 20:14:34 | 000,000,000 | ---D | M] DAEMON Tools -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools -> [2009/01/29 09:38:28 | 000,000,000 | ---D | M] DAEMON Tools Lite -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite -> [2009/10/30 14:08:50 | 000,000,000 | ---D | M] DAEMON Tools Pro -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro -> [2009/01/29 13:48:19 | 000,000,000 | ---D | M] DNA -> C:\Documents and Settings\Administrator\Application Data\DNA -> [2009/03/10 10:38:12 | 000,000,000 | ---D | M] Dropbox -> C:\Documents and Settings\Administrator\Application Data\Dropbox -> [2010/02/28 07:55:59 | 000,000,000 | ---D | M] EVEMon -> C:\Documents and Settings\Administrator\Application Data\EVEMon -> [2010/02/28 11:57:52 | 000,000,000 | ---D | M] gtk-2.0 -> C:\Documents and Settings\Administrator\Application Data\gtk-2.0 -> [2009/09/22 17:24:32 | 000,000,000 | ---D | M] leafChat -> C:\Documents and Settings\Administrator\Application Data\leafChat -> [2010/02/28 11:57:30 | 000,000,000 | ---D | M] LucasArts -> C:\Documents and Settings\Administrator\Application Data\LucasArts -> [2009/07/17 18:25:25 | 000,000,000 | ---D | M] Mount&Blade -> C:\Documents and Settings\Administrator\Application Data\Mount&Blade -> [2009/02/02 05:32:29 | 000,000,000 | ---D | M] Mumble -> C:\Documents and Settings\Administrator\Application Data\Mumble -> [2009/06/29 09:06:36 | 000,000,000 | ---D | M] My Battle for Middle-earth(tm) II Files -> C:\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth(tm) II Files -> [2009/10/09 14:17:12 | 000,000,000 | ---D | M] PlayFirst -> C:\Documents and Settings\Administrator\Application Data\PlayFirst -> [2010/01/11 23:27:04 | 000,000,000 | ---D | M] runic games -> C:\Documents and Settings\Administrator\Application Data\runic games -> [2009/11/05 19:20:31 | 000,000,000 | ---D | M] RunningPillow -> C:\Documents and Settings\Administrator\Application Data\RunningPillow -> [2010/01/28 19:53:24 | 000,000,000 | ---D | M] Slam Dunk Studios, LLC -> C:\Documents and Settings\Administrator\Application Data\Slam Dunk Studios, LLC -> [2009/04/18 15:15:40 | 000,000,000 | ---D | M] Stardock -> C:\Documents and Settings\Administrator\Application Data\Stardock -> [2009/05/26 09:12:17 | 000,000,000 | ---D | M] The Longest Journey Demo -> C:\Documents and Settings\Administrator\Application Data\The Longest Journey Demo -> [2009/05/31 09:51:27 | 000,000,000 | ---D | M] Thinstall -> C:\Documents and Settings\Administrator\Application Data\Thinstall -> [2009/08/26 23:58:17 | 000,000,000 | ---D | M] Ubisoft -> C:\Documents and Settings\Administrator\Application Data\Ubisoft -> [2009/10/12 11:34:45 | 000,000,000 | ---D | M] uTorrent -> C:\Documents and Settings\Administrator\Application Data\uTorrent -> [2010/02/28 11:57:55 | 000,000,000 | ---D | M] 2DBoy -> C:\Documents and Settings\All Users\Application Data\2DBoy -> [2009/03/08 18:33:50 | 000,000,000 | ---D | M] BioWare -> C:\Documents and Settings\All Users\Application Data\BioWare -> [2010/01/09 20:03:56 | 000,000,000 | ---D | M] CCP -> C:\Documents and Settings\All Users\Application Data\CCP -> [2009/01/29 13:26:40 | 000,000,000 | ---D | M] DAEMON Tools Lite -> C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> [2009/01/29 09:37:39 | 000,000,000 | ---D | M] MumboJumbo -> C:\Documents and Settings\All Users\Application Data\MumboJumbo -> [2009/10/29 20:03:50 | 000,000,000 | ---D | M] PlayFirst -> C:\Documents and Settings\All Users\Application Data\PlayFirst -> [2010/01/11 23:27:04 | 000,000,000 | ---D | M] PopCap Games -> C:\Documents and Settings\All Users\Application Data\PopCap Games -> [2009/05/24 16:21:50 | 000,000,000 | ---D | M] Redirected -> C:\Documents and Settings\All Users\Application Data\Redirected -> [2009/08/15 22:05:33 | 000,000,000 | ---D | M] Stardock -> C:\Documents and Settings\All Users\Application Data\Stardock -> [2009/05/26 09:11:28 | 000,000,000 | ---D | M] {1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> [2009/05/26 09:11:45 | 000,000,000 | -H-D | M] {74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/02/18 23:15:31 | 000,000,000 | -H-D | M] Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/02/26 13:29:59 | 000,000,496 | ---- | M] () SchedLgU.Txt -> C:\WINDOWS\Tasks\SchedLgU.Txt -> [2010/02/26 12:54:59 | 000,032,526 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < %ProgramFiles%\Movie Maker\*.dll > WMM2AE.dll -> C:\Program Files (x86)\Movie Maker\WMM2AE.dll -> [2005/03/25 07:00:00 | 000,167,936 | ---- | M] (Microsoft Corporation) WMM2ERES.dll -> C:\Program Files (x86)\Movie Maker\WMM2ERES.dll -> [2005/03/25 07:00:00 | 000,003,072 | ---- | M] (Microsoft Corporation) WMM2EXT.dll -> C:\Program Files (x86)\Movie Maker\WMM2EXT.dll -> [2005/03/25 07:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) WMM2FILT.dll -> C:\Program Files (x86)\Movie Maker\WMM2FILT.dll -> [2005/03/25 07:00:00 | 000,316,928 | ---- | M] (Microsoft Corporation) WMM2FXA.dll -> C:\Program Files (x86)\Movie Maker\WMM2FXA.dll -> [2005/03/25 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) WMM2FXB.dll -> C:\Program Files (x86)\Movie Maker\WMM2FXB.dll -> [2005/03/25 07:00:00 | 000,328,192 | ---- | M] (Microsoft Corporation) WMM2RES.dll -> C:\Program Files (x86)\Movie Maker\WMM2RES.dll -> [2005/03/25 07:00:00 | 004,255,744 | ---- | M] (Microsoft Corporation) WMM2RES2.dll -> C:\Program Files (x86)\Movie Maker\WMM2RES2.dll -> [2005/03/25 07:00:00 | 000,004,608 | ---- | M] (Microsoft Corporation) Invalid Environment Variable: ALLUSERSAPPDATA < %SYSTEMROOT%\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dll > custsat.dll -> C:\Program Files (x86)\Internet Explorer\custsat.dll -> [2006/09/06 17:42:40 | 000,033,792 | ---- | M] (Microsoft Corporation) hmmapi.dll -> C:\Program Files (x86)\Internet Explorer\hmmapi.dll -> [2007/08/13 18:18:02 | 000,060,416 | ---- | M] (Microsoft Corporation) ieproxy.dll -> C:\Program Files (x86)\Internet Explorer\ieproxy.dll -> [2007/08/13 18:43:14 | 000,287,744 | ---- | M] (Microsoft Corporation) Invalid Environment Variable: DriveLetter < %systemroot%\system32\*.dll /lockedfiles > < MD5 Scans Start> < %systemdrive%\AGP440.SYS  /md5 /s > AGP440.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\932544ac229fb6a2b092fd2bb1509ac0\amd64\sp2.cab:AGP440.sys -> [2007/02/18 11:01:10 | 011,678,589 | ---- | M] () < %systemdrive%\ATAPI.SYS  /md5 /s > atapi.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\932544ac229fb6a2b092fd2bb1509ac0\amd64\sp2.cab:atapi.sys -> [2007/02/18 11:01:10 | 011,678,589 | ---- | M] () < %systemdrive%\NETLOGON.DLL  /md5 /s > netlogon.dll : MD5=9DA343027F3B72029AB499D3F7FFACAA -> C:\WINDOWS\SysWOW64\netlogon.dll -> [2005/03/25 07:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=9DA343027F3B72029AB499D3F7FFACAA -> C:\WINDOWS\SysWOW64\netlogon.dll -> [2005/03/25 07:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) < %systemdrive%\SCECLI.DLL  /md5 /s > scecli.dll : MD5=71FB876580530E7B0429312A8BCE5E04 -> C:\WINDOWS\SysWOW64\scecli.dll -> [2005/03/25 07:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=71FB876580530E7B0429312A8BCE5E04 -> C:\WINDOWS\SysWOW64\scecli.dll -> [2005/03/25 07:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < c:\$recycle.bin\*.* /s > OTS cannot create restorepoints on Vista OSs! < End of report >
  13. This is my malware bytes scan. Note that it is the 4th scan, as I had to do a full scan for removal of Paladin, a quick scan with avira guard enabled (after the reboots), and a quick scan after. Then I couldn't find the log, since it asked me to reboot again. So I ran another quick scan, which appears to be clean. [code]Malwarebytes&#39; Anti-Malware 1.44 Database version&#58; 3796 Windows 5.2.3790 Service Pack 1 Internet Explorer 7.0.5730.13 2/26/2010 1&#58;01&#58;40 PM mbam-log-2010-02-26 &#40;13-01-40&#41;.txt Scan type&#58; Quick Scan Objects scanned&#58; 107604 Time elapsed&#58; 3 minute&#40;s&#41;, 1 second&#40;s&#41; Memory Processes Infected&#58; 0 Memory Modules Infected&#58; 0 Registry Keys Infected&#58; 0 Registry Values Infected&#58; 0 Registry Data Items Infected&#58; 0 Folders Infected&#58; 0 Files Infected&#58; 0 Memory Processes Infected&#58; &#40;No malicious items detected&#41; Memory Modules Infected&#58; &#40;No malicious items detected&#41; Registry Keys Infected&#58; &#40;No malicious items detected&#41; Registry Values Infected&#58; &#40;No malicious items detected&#41; Registry Data Items Infected&#58; &#40;No malicious items detected&#41; Folders Infected&#58; &#40;No malicious items detected&#41; Files Infected&#58; &#40;No malicious items detected&#41;[/code] What's next? I'm sure it's too soon for a clean bill of health.
  14. Comodo Internet Security crashed midupdate once, and hasn't worked for me since, it crashes if I try and do anything with it, and doesn't seem to stop anything as a firewall, which is what I originally installed it for, at the time I first got it I don't believe it offered virus protection. Regardless, it does nothing now, and I can't uninstall it, as it crashes during that, too... Anyway, I'll get these scans done now and see if I can't get it right this time. Things have gotten worse for my computer since I last posted, though, new warning are showing up and its difficult to get my computer to do what I tell it. [code]All processes killed ========== FILES ========== DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWOW64\hodajupi.dll C&#58;\WINDOWS\SysWOW64\hodajupi.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\rabageha.dll C&#58;\WINDOWS\SysWow64\rabageha.dll moved successfully. C&#58;\WINDOWS\SysWOW64\smss32.exe moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\MODENMVD.dll C&#58;\WINDOWS\MODENMVD.dll moved successfully. C&#58;\WINDOWS\SysWOW64\winlogon32.exe moved successfully. DllUnregisterServer procedure not found in c&#58;\WINDOWS\SysWOW64\vupewoka.dll c&#58;\WINDOWS\SysWOW64\vupewoka.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\pipiwuhi.dll C&#58;\WINDOWS\SysWow64\pipiwuhi.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\titugivo.dll C&#58;\WINDOWS\SysWow64\titugivo.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\gizokoro.dll C&#58;\WINDOWS\SysWow64\gizokoro.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\vonamaji.dll C&#58;\WINDOWS\SysWow64\vonamaji.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\serevudo.dll C&#58;\WINDOWS\SysWow64\serevudo.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\nowuvaku.dll C&#58;\WINDOWS\SysWow64\nowuvaku.dll moved successfully. File/Folder C&#58;\WINDOWS\SysWow64\hodajupi.dll not found. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\fonemike.dll C&#58;\WINDOWS\SysWow64\fonemike.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\remowoka.dll C&#58;\WINDOWS\SysWow64\remowoka.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\worayewu.dll C&#58;\WINDOWS\SysWow64\worayewu.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\sosagatu.dll C&#58;\WINDOWS\SysWow64\sosagatu.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\rogibida.dll C&#58;\WINDOWS\SysWow64\rogibida.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\loyegeho.dll C&#58;\WINDOWS\SysWow64\loyegeho.dll moved successfully. DllUnregisterServer procedure not found in C&#58;\WINDOWS\SysWow64\lehelojo.dll C&#58;\WINDOWS\SysWow64\lehelojo.dll moved successfully. C&#58;\WINDOWS\SysWow64\piruraju moved successfully. C&#58;\WINDOWS\tasks\ocsgxisi.job moved successfully. File/Folder C&#58;\WINDOWS\SysWow64\helpers32.dll not found. File/Folder C&#58;\WINDOWS\SysWow64\winlogon32.exe not found. ========== REGISTRY ========== Unable to set value &#58; HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies \System\\&#34;DisableTaskMgr&#34;|dword&#58;00000000 /E! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{b602ff52-1748-49 7f-b4cd-11047a9f35a1} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b602ff52-1748-497f-b4cd-11047a9f35a1}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{705c8702-2953-47 00-85e2-372ac8232866} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{705c8702-2953-4700-85e2-372ac8232866}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler&#93; &#34;{705c8702-2953-4700-85e2-372ac8232866}&#34;= not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d 0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ deleted successfully. ========== COMMANDS ========== &#91;EMPTYTEMP&#93; User&#58; Administrator ->Temp folder emptied&#58; 30446312148 bytes ->Temporary Internet Files folder emptied&#58; 101822593 bytes ->Java cache emptied&#58; 78943823 bytes ->FireFox cache emptied&#58; 74773897 bytes User&#58; All Users User&#58; Default User ->Temp folder emptied&#58; 0 bytes ->Temporary Internet Files folder emptied&#58; 57095 bytes User&#58; LocalService ->Temp folder emptied&#58; 0 bytes ->Temporary Internet Files folder emptied&#58; 33170 bytes User&#58; NetworkService ->Temp folder emptied&#58; 0 bytes ->Temporary Internet Files folder emptied&#58; 402 bytes %systemdrive% .tmp files removed&#58; 0 bytes %systemroot% .tmp files removed&#58; 1114333 bytes %systemroot%\System32 .tmp files removed&#58; 4198569 bytes %systemroot%\System32\drivers .tmp files removed&#58; 0 bytes Windows Temp folder emptied&#58; 31278634 bytes RecycleBin emptied&#58; 448105107 bytes Total Files Cleaned = 29,742.00 mb OTM by OldTimer - Version 3.1.9.0 log created on 02262010_103543 Files moved on Reboot... Registry entries deleted on Reboot...[/code] On to the next steps!
  15. Here's my scan. I though I had shut down Avira before running the scan, but the virus guard gave me a couple warnings during the scan. I hope this doesn't compromise the information, as I fear that Avira is the only thing preventing the infection from getting worse. If you need me to redo this I can, but it's late here now and I don't have the stamina to take care of this before bed. Thanks for your help.