[code] OTScanIt2 logfile created on: 4/17/2009 1:28:58 AM - Run 1 OTScanIt2 by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt2 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.48 Mb Total Physical Memory | 617.73 Mb Available Physical Memory | 60.36% Memory free 2.90 Gb Paging File | 2.63 Gb Available in Paging File | 90.55% Paging File free Paging file location(s): C:\pagefile.sys 2046 4096; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127.99 Gb Total Space | 35.47 Gb Free Space | 27.71% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 2.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BEN Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 90 Days [Processes - Safe List] adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [2009/04/10 17:24:33 | 00,079,360 | ---- | M] (Autodesk) applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> [2008/07/24 08:02:06 | 00,490,952 | ---- | M] (DT Soft Ltd) explorer.exe -> %SystemRoot%\Explorer.EXE -> [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/03/30 19:42:24 | 00,307,704 | ---- | M] (Mozilla Corporation) ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/10/24 00:12:03 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2009/02/09 14:18:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools) pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/04/20 04:05:02 | 00,066,872 | ---- | M] () raysat_3dsmax2009_32server.exe -> %ProgramFiles%\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -> [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2004/08/04 00:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/07/07 09:15:18 | 00,611,664 | ---- | M] (Lavasoft) (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Ati2evxx.exe -> [2005/01/19 19:20:05 | 00,344,064 | ---- | M] (ATI Technologies Inc.) (ATI Smart) ATI Smart [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2004/09/15 21:10:00 | 00,516,096 | ---- | M] () (Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [2009/04/10 17:24:33 | 00,079,360 | ---- | M] (Autodesk) (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> [2008/11/24 06:16:44 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> [2008/11/24 06:16:46 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 00:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/10/24 00:12:03 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (mi-raysat_3dsMax2009_32) mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -> [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () (MSSQL$SONY_MEDIAMGR) MSSQL$SONY_MEDIAMGR [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -> [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) (MSSQLServerADHelper) MSSQLServerADHelper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -> [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2009/02/09 14:18:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/04/20 04:05:02 | 00,066,872 | ---- | M] () (RadClock) RadClock [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\RadClock.exe -> [2005/04/28 00:29:26 | 00,098,304 | --S- | M] () (SQLAgent$SONY_MEDIAMGR) SQLAgent$SONY_MEDIAMGR [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -> [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Stopped] -> -> File not found (WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ati2mtag.sys -> [2004/08/03 23:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) (Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7core.sys -> [2007/12/14 17:12:40 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) (AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgclean.sys -> [2008/11/24 06:16:47 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) (CBTNDIS5) CBTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\CBTNDIS5.SYS -> [2003/07/16 22:28:02 | 00,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\fetnd5bv.sys -> [2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) (FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\fetnd5.sys -> [2001/08/17 05:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) (IPN2120) Wireless-B PCI Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\LSIPNDS.sys -> [2003/08/26 01:28:30 | 00,096,256 | R--- | M] (Cisco-Linksys, LLC.) (mapledxp) mapledxp [Kernel | System | Running] -> %SystemRoot%\System32\drivers\mapledxp.SYS -> [2004/04/05 11:44:42 | 00,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) (mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\mcdbus.sys -> [2008/07/28 18:19:28 | 00,116,736 | ---- | M] (MagicISO, Inc.) (nenum13E) nenum13E [Kernel | On_Demand | Stopped] -> %UserProfile%\Local Settings\Temp\nenum13E.sys -> [2001/02/22 19:29:23 | 00,029,696 | ---- | M] () (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2009/02/09 14:18:00 | 06,307,328 | ---- | M] (NVIDIA Corporation) (PStrip) PStrip [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\pstrip.sys -> [2007/07/14 18:37:04 | 00,027,992 | ---- | M] (EnTech Taiwan) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2001/08/18 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2008/05/30 10:22:16 | 00,043,528 | ---- | M] (Sonic Solutions) (PzWDM) PzWDM [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PzWDM.sys -> [2008/06/08 15:12:10 | 00,015,172 | ---- | M] (Prassi Technology) (RadProbe) Radeon Probe Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\RadProbe.sys -> [2005/04/27 03:46:56 | 00,020,428 | --S- | M] (ChrisW) (RivaTuner32) RivaTuner32 [Kernel | On_Demand | Stopped] -> %ProgramFiles%\RivaTuner v2.06\RivaTuner32.sys -> [2007/10/30 11:05:00 | 00,009,088 | ---- | M] () (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> [2008/07/29 13:10:26 | 00,717,296 | ---- | M] () (tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> [2007/12/14 17:22:38 | 00,102,664 | ---- | M] (Trend Micro Inc.) (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) (VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vinyl97.sys -> [2005/11/25 14:39:06 | 00,203,776 | ---- | M] (VIA Technologies, Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.msn.com/?wl=true -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\hy5yc60n.default\prefs.js -> browser.startup.homepage -> "www.google.com" -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 -> extensions.enabledItems -> chachaguidebar@chacha.com:1.2 -> extensions.enabledItems -> iaplayer@instantaction.com:0.4.1.1 -> extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.071101000055 -> extensions.enabledItems -> jqs@sun.com:1.0 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/10/24 00:12:04 | 00,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/04/01 02:48:02 | 00,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/30 19:42:31 | 00,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions -> [2008/06/17 12:13:00 | 00,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/06/17 12:13:00 | 00,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\hy5yc60n.default\extensions -> [2009/04/17 01:21:08 | 00,097,037 | ---- | M] () -> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\hy5yc60n.default\extensions\chachaguidebar@chacha.com -> [2009/04/17 01:21:08 | 00,097,037 | ---- | M] () -> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\hy5yc60n.default\extensions\iaplayer@instantaction.com -> [2009/04/17 01:21:08 | 00,097,037 | ---- | M] () -> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\hy5yc60n.default\extensions\moveplayer@movenetworks.com -> [2009/04/17 01:21:08 | 00,097,037 | ---- | M] () < FireFox SearchPlugins [User Folders] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\hy5yc60n.default\searchplugins\ -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\hy5yc60n.default\searchplugins -> [2008/07/29 13:13:10 | 00,000,000 | ---D | M] daemon-search.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\hy5yc60n.default\searchplugins\daemon-search.xml -> [2008/07/29 13:13:10 | 00,000,523 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/03/30 19:42:30 | 09,732,600 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/03/30 19:42:30 | 09,732,600 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> [2009/03/30 19:42:30 | 09,732,600 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -> [2009/03/30 19:42:30 | 09,732,600 | ---- | M] (Mozilla Foundation) < FireFox Components [Program Folders] > -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/04/01 02:48:02 | 00,000,000 | ---D | M] browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/03/30 19:42:24 | 00,023,032 | ---- | M] (Mozilla Foundation) brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/03/30 19:42:24 | 00,134,648 | ---- | M] (Mozilla Foundation) < FireFox Plugins [Program Folders] > -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/03/30 19:42:31 | 00,000,000 | ---D | M] np32dsw.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np32dsw.dll -> [2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2008/10/24 00:12:03 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2008/05/30 10:18:44 | 01,335,600 | ---- | M] (DivX,Inc.) npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2008/05/30 10:18:44 | 00,001,607 | ---- | M] () npDivxPlayerPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2008/06/03 19:27:14 | 00,098,304 | ---- | M] (DivX, Inc) npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/03/30 19:42:27 | 00,065,528 | ---- | M] (mozilla.org) nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/03/14 19:20:47 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/03/14 19:20:47 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/03/14 19:20:48 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/03/14 19:20:48 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/03/14 19:20:48 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/03/14 19:20:48 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/03/14 19:20:49 | 00,143,360 | ---- | M] (Apple Inc.) nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2008/05/30 10:19:04 | 00,000,297 | ---- | M] () QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/03/14 19:20:46 | 00,004,208 | ---- | M] () ShockwavePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ShockwavePlugin.cla -> [2008/08/06 15:33:20 | 00,001,144 | ---- | M] () < FireFox SearchPlugins [Program Folders] > -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2008/11/14 01:11:13 | 00,000,000 | ---D | M] amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/09/29 17:00:16 | 00,001,394 | ---- | M] () answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/09/29 17:00:16 | 00,002,193 | ---- | M] () creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/09/29 17:00:16 | 00,001,534 | ---- | M] () eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/11/14 01:11:10 | 00,002,343 | ---- | M] () google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/09/29 17:00:16 | 00,001,706 | ---- | M] () wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/09/29 17:00:16 | 00,001,178 | ---- | M] () yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2008/09/29 17:00:16 | 00,000,792 | ---- | M] () < HOSTS File > (0 bytes and 0 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> Reset Hosts < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {D7BF4552-94F1-42BD-F434-3604812C856D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> %ProgramFiles%\DAEMON Tools Toolbar\DTToolbar.dll [DAEMON Tools Toolbar] -> [2008/07/17 04:27:22 | 00,691,656 | ---- | M] () < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> %ProgramFiles%\DAEMON Tools Toolbar\DTToolbar.dll [DAEMON Tools Toolbar] -> [2008/07/17 04:27:22 | 00,691,656 | ---- | M] () < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) "NvCplDaemon" -> %SystemRoot%\system32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2009/02/09 14:18:00 | 13,680,640 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" -> %SystemRoot%\system32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2009/02/09 14:18:00 | 00,086,016 | ---- | M] (NVIDIA Corporation) "nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2009/02/09 14:18:00 | 01,657,376 | ---- | M] () "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DAEMON Tools Lite" -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> [2008/07/24 08:02:06 | 00,490,952 | ---- | M] (DT Soft Ltd) "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [255] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"DisableRegistryTools" -> [0] -> File not found \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [177] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoFolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found \\"DisableRegistryTools" -> [0] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3EA373DF-0D1B-41A5-AA75-8A7A7ADE5D99} -> (Wireless-B PCI Adapter) -> {9C3AC731-4DD2-4D31-9442-E99F53284A98} -> (VIA Rhine II Fast Ethernet Adapter) -> {D4E57646-A93B-4C90-B042-7ADDCFB8F87E} -> () -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> btbpor.dll -> -> File not found C:\WINDOWS\system32\navifaya.dll -> %SystemRoot%\system32\navifaya.dll -> File not found hgdhpv.dll -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\Explorer.exe -> [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{35B2861B-2B26-4691-9FF0-09083722C736}" [HKLM] -> %SystemRoot%\system32\RadExe.dll [RadExe Extension] -> [2005/04/28 00:30:04 | 00,188,416 | --S- | M] () < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 00:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 00:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Diablo\diablo.exe" -> C:\Diablo\diablo.exe [C:\Diablo\diablo.exe:*:Enabled:Diablo] -> [2001/05/11 17:53:17 | 00,757,760 | ---- | M] (Blizzard Entertainment) "C:\Documents and Settings\Owner\Desktop\yea\Spellborn_Downloader_1_0_0_4-en.exe" -> C:\Documents and Settings\Owner\Desktop\yea\Spellborn_Downloader_1_0_0_4-en.exe [C:\Documents and Settings\Owner\Desktop\yea\Spellborn_Downloader_1_0_0_4-en.exe:*:Enabled:Spellborn Downloader] -> File not found "C:\Documents and Settings\Owner\Desktop\yea\tutu\MudMast\MudMast.exe" -> C:\Documents and Settings\Owner\Desktop\yea\tutu\MudMast\MudMast.exe [C:\Documents and Settings\Owner\Desktop\yea\tutu\MudMast\MudMast.exe:*:Enabled:MudMast] -> [2000/06/22 18:57:54 | 00,471,116 | ---- | M] () "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" -> C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe [C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) ] -> [2008/01/23 15:57:46 | 03,325,952 | ---- | M] () "C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2008/03/06 13:50:59 | 00,050,528 | ---- | M] (AOL LLC) "C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" -> C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe [C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit] -> [2008/03/10 01:22:52 | 07,299,072 | ---- | M] (Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\manager.exe" -> C:\Program Files\Autodesk\Backburner\manager.exe [C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager] -> [2008/02/20 15:26:00 | 00,532,480 | ---- | M] (Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\monitor.exe" -> C:\Program Files\Autodesk\Backburner\monitor.exe [C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor] -> [2008/02/20 15:26:00 | 00,425,984 | ---- | M] (Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\server.exe" -> C:\Program Files\Autodesk\Backburner\server.exe [C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server] -> [2008/02/20 15:26:00 | 00,110,592 | ---- | M] (Autodesk, Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 00:17:27 | 00,010,800 | ---- | M] (AOL LLC) "C:\Program Files\FriendBlasterPro\FriendBlasterPro.exe" -> C:\Program Files\FriendBlasterPro\FriendBlasterPro.exe [C:\Program Files\FriendBlasterPro\FriendBlasterPro.exe:*:Enabled:FriendBlasterPro] -> [2008/12/31 09:31:38 | 01,986,560 | ---- | M] (AddNewFriends.com) "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> [2008/11/24 06:16:44 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) "C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> [2008/11/24 06:16:44 | 00,579,072 | ---- | M] (GRISOFT, s.r.o.) "C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> [2008/11/24 06:16:45 | 00,510,976 | ---- | M] (GRISOFT, s.r.o.) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) "C:\Program Files\NCSoft\Dungeon Runners\DungeonRunners.exe" -> C:\Program Files\NCSoft\Dungeon Runners\DungeonRunners.exe [C:\Program Files\NCSoft\Dungeon Runners\DungeonRunners.exe:*:Enabled:DungeonRunners] -> File not found "C:\Program Files\NCSoft\Launcher\NCLauncher.exe" -> C:\Program Files\NCSoft\Launcher\NCLauncher.exe [C:\Program Files\NCSoft\Launcher\NCLauncher.exe:*:Enabled:PlayNC Launcher] -> [2008/08/30 22:22:24 | 00,038,128 | ---- | M] (NCsoft) "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" -> C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe [C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad] -> [2008/02/20 12:42:20 | 02,330,624 | ---- | M] () "C:\Program Files\Steam\steamapps\phone_tools\counter-strike\hl.exe" -> C:\Program Files\Steam\steamapps\phone_tools\counter-strike\hl.exe [C:\Program Files\Steam\steamapps\phone_tools\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> File not found "C:\Program Files\Steam\steamapps\phone_tools\half-life\hl.exe" -> C:\Program Files\Steam\steamapps\phone_tools\half-life\hl.exe [C:\Program Files\Steam\steamapps\phone_tools\half-life\hl.exe:*:Enabled:Half-Life Launcher] -> File not found "C:\Program Files\THQ\DarkCrusade\DarkCrusade.exe" -> C:\Program Files\THQ\DarkCrusade\DarkCrusade.exe [C:\Program Files\THQ\DarkCrusade\DarkCrusade.exe:*:Enabled:DarkCrusade] -> File not found "C:\Program Files\THQ\Dawn Of War\W40kWA.exe" -> C:\Program Files\THQ\Dawn Of War\W40kWA.exe [C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA] -> File not found "C:\Program Files\THQ\Titan Quest\Titan Quest.exe" -> C:\Program Files\THQ\Titan Quest\Titan Quest.exe [C:\Program Files\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest] -> File not found "C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" -> C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe [C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient] -> File not found "C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" -> C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe [C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient] -> File not found "C:\Program Files\Turbine\The Lord of the Rings Online\TurbineLauncher.exe" -> C:\Program Files\Turbine\The Lord of the Rings Online\TurbineLauncher.exe [C:\Program Files\Turbine\The Lord of the Rings Online\TurbineLauncher.exe:*:Enabled:TurbineLauncher] -> File not found "C:\Program Files\uTorrent\utorrent.exe" -> C:\Program Files\uTorrent\utorrent.exe [C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> [2009/03/24 13:54:28 | 00,270,128 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> [2009/02/16 03:10:33 | 02,172,400 | ---- | M] (Blizzard Entertainment) "C:\Program Files\World of Warcraft\Launcher.exe" -> C:\Program Files\World of Warcraft\Launcher.exe [C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher] -> [2009/02/16 03:10:34 | 03,794,528 | ---- | M] (Blizzard Entertainment) "C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\system32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui] -> [2004/08/04 00:56:50 | 00,514,560 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\PnkBstrA.exe" -> C:\WINDOWS\system32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] -> [2008/04/20 04:05:02 | 00,066,872 | ---- | M] () "C:\WINDOWS\system32\PnkBstrB.exe" -> C:\WINDOWS\system32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] -> [2008/11/19 13:48:49 | 00,111,928 | ---- | M] () "C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\system32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2004/08/04 00:56:57 | 00,502,272 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2004/08/03 22:59:52 | 00,049,536 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/05/16 20:44:02 | 00,000,000 | ---- | M] () F:\Autorun.exe [MZ | ] -> F:\Autorun.exe [ UDF ] -> [2007/08/10 08:52:56 | 00,106,496 | RH-- | M] () F:\Autorun.inf [[autorun] | icon=Reason4DVD.ico | open=Autorun.exe | ] -> F:\Autorun.inf [ UDF ] -> [2007/08/08 01:11:43 | 00,000,050 | RH-- | M] () F:\autorun.ini [[oldinstallations] | WISE=2.0,{CE1B4A56-9F34-4E88-AD25-DA219320C68D} | WISE=2.0.1,{E52BFE61-E0FF-11D6-9D69-00065BABCB42} | WISE=2.5,{E52BFE61-E0FF-11D6-9D69-00065BABCB42} | WISE=2.5,{AB9FC2F9-7FC7-11D7-9D82-00065BABCB42} | INNOSETUP=3.0,Reason_is1 | INNOSETUP=4.0,Reason_is1 | | [newinstallations] | INNOSETUP=4.0,Reason4_is1 | | [install] | Application = Reason | Title = Install Reason 4.0 | Installer = Install Reason.exe | ] -> F:\autorun.ini [ UDF ] -> [2007/08/10 09:24:29 | 00,000,414 | RH-- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Registry - Additional Scans - Safe List] < ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ -> {F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\PDFShell.dll [PDF Shell Extension] -> [2007/05/10 23:54:08 | 00,372,736 | ---- | M] (Adobe Systems, Inc.) < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> "aawservice" -> -> "Apple Mobile Device" -> -> "Ati HotKey Poller" -> -> "ATI Smart" -> -> "Avg7Alrt" -> -> "Avg7UpdSvc" -> -> "AVGEMS" -> -> "iPod Service" -> -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> [2008/01/11 23:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [2007/05/11 01:29:22 | 00,738,968 | ---- | M] (Adobe Systems Incorporated) C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk -> %ProgramFiles%\MagicDisc\MagicDisc.exe -> [2008/07/28 18:28:12 | 00,575,488 | ---- | M] (MagicISO, Inc.) C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk -> %ProgramFiles%\Xfire\Xfire.exe -> [2006/08/29 17:21:11 | 02,240,080 | ---- | M] (Xfire Inc.) < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 549250b8 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\tbnvlmgb.DLL -> File not found Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2008/01/11 23:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) Aim6 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\AIM6\aim6.exe -> [2008/03/06 13:50:59 | 00,050,528 | ---- | M] (AOL LLC) AtiPTA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\atiptaxx.exe -> [2005/03/22 18:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) AVG7_CC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> [2008/11/24 06:16:44 | 00,579,072 | ---- | M] (GRISOFT, s.r.o.) ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\ctfmon.exe -> [2004/08/04 00:56:48 | 00,015,360 | ---- | M] (Microsoft Corporation) DAEMON Tools Lite hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> [2008/07/24 08:02:06 | 00,490,952 | ---- | M] (DT Soft Ltd) iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Messenger\msmsgs.exe -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) MsnMsgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe -> [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) NvCplDaemon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\NvCpl.DLL -> [2009/02/09 14:18:00 | 13,680,640 | ---- | M] (NVIDIA Corporation) NvMediaCenter hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\NvMcTray.DLL -> [2009/02/09 14:18:00 | 00,086,016 | ---- | M] (NVIDIA Corporation) nwiz hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\nwiz.exe -> [2009/02/09 14:18:00 | 01,657,376 | ---- | M] () PowerStrip hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\powerstrip\pstrip.exe -> [2007/07/14 02:35:26 | 00,730,360 | ---- | M] (EnTech Taiwan) QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\qttask.exe -> [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.) Steam hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Steam\Steam.exe -> [2008/11/10 19:23:09 | 01,410,296 | ---- | M] (Valve Corporation) SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/10/24 00:12:03 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> "bootini" -> 0 -> "services" -> 2 -> "startup" -> 2 -> "system.ini" -> 0 -> "win.ini" -> 0 -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/03/30 19:42:24 | 00,307,704 | ---- | M] (Mozilla Corporation) .pif [@ = piffile] -> "%1" %* -> .scr [@ = scrfile] -> "%1" /S -> < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> 6to4 -> [] -> AppMgmt -> C:\WINDOWS\System32\appmgmts.dll [C:\WINDOWS\System32\appmgmts.dll] -> File not found HidServ -> C:\WINDOWS\System32\hidserv.dll [C:\WINDOWS\System32\hidserv.dll] -> File not found Ias -> [] -> Iprip -> [] -> Irmon -> [] -> NWCWorkstation -> [] -> Nwsapagent -> [] -> Wmi -> [] -> WmdmPmSp -> [] -> helpsvc -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll] -> [2004/08/04 00:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKLM] -> No CLSID value ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2004/08/04 00:56:43 | 00,532,480 | ---- | M] (Microsoft Corporation) livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll[Reg Error: Value error.] -> [2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) msdaipp: [HKLM] -> No CLSID value msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2004/08/04 00:56:43 | 00,532,480 | ---- | M] (Microsoft Corporation) msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll[MSDAIPP.BINDER] -> [2004/08/04 00:56:43 | 00,532,480 | ---- | M] (Microsoft Corporation) msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll[Reg Error: Value error.] -> [2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices aawservice -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/07/07 09:15:18 | 00,611,664 | ---- | M] (Lavasoft) Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 00:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) PCI Configuration -> Driver Group PNP Filter -> Driver Group Primary disk -> Driver Group SCSI Class -> Driver Group sermouse.sys -> Driver System Bus Extender -> Driver Group vds -> Service vga.sys -> Driver < SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E972-E325-11CE-BFC1-08002BE10318} -> Net {4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient {4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService {4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices aawservice -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/07/07 09:15:18 | 00,611,664 | ---- | M] (Lavasoft) Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 00:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) NDIS Wrapper -> Driver Group NetBIOSGroup -> Driver Group NetDDEGroup -> Driver Group Network -> Driver Group NetworkProvider -> Driver Group PCI Configuration -> Driver Group PNP Filter -> Driver Group PNP_TDI -> Driver Group Primary disk -> Driver Group rdpdd.sys -> %SystemRoot%\System32\rdpdd.dll -> [2004/08/04 01:01:07 | 00,092,168 | ---- | M] (Microsoft Corporation) SCSI Class -> Driver Group sermouse.sys -> Driver Streams Drivers -> Driver Group System Bus Extender -> Driver Group TDI -> Driver Group UploadMgr -> Service vga.sys -> Driver < Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center \\"AntiVirusDisableNotify" -> [0] -> File not found \\"FirewallDisableNotify" -> [0] -> File not found \\"AntiVirusOverride" -> [0] -> File not found \\"FirewallOverride" -> [0] -> File not found \\"UpdatesDisableNotify" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile \\"EnableFirewall" -> [0] -> File not found \\"DoNotAllowExceptions" -> [0] -> File not found \\"DisableNotifications" -> [0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> [2008/12/12 12:11:44 | 00,147,456 | ---- | M] (Apple Inc.) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 4/20/2008 4:15:07 PM Computer Name = BEN | Source = Application Error | ID = 1000 -> Description = Faulting application iw3mp.exe, version 0.0.0.0, faulting module iw3mp.exe, version 0.0.0.0, fault address 0x00163d27. Application [ Error ] 4/29/2008 4:12:50 AM Computer Name = BEN | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module flash9d.ocx, version 9.0.47.0, fault address 0x00099a25. Application [ Error ] 5/4/2008 4:58:29 AM Computer Name = BEN | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3199, fault address 0x0003a176. Application [ Error ] 5/4/2008 5:07:17 AM Computer Name = BEN | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3199, fault address 0x0003a176. System [ Error ] 4/17/2009 3:42:16 AM Computer Name = BEN | Source = Service Control Manager | ID = 7001 -> Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: %%31 System [ Error ] 4/17/2009 3:42:16 AM Computer Name = BEN | Source = Service Control Manager | ID = 7001 -> Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 System [ Error ] 4/17/2009 3:42:16 AM Computer Name = BEN | Source = Service Control Manager | ID = 7001 -> Description = The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 System [ Error ] 4/17/2009 3:42:16 AM Computer Name = BEN | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 System [ Error ] 4/17/2009 3:42:16 AM Computer Name = BEN | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AFD Avg7Core Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip System [ Error ] 4/17/2009 3:42:32 AM Computer Name = BEN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} System [ Error ] 4/17/2009 3:42:48 AM Computer Name = BEN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 4/17/2009 3:45:04 AM Computer Name = BEN | Source = Service Control Manager | ID = 7000 -> Description = The Viewpoint Manager Service service failed to start due to the following error: %%3 System [ Error ] 4/17/2009 3:59:33 AM Computer Name = BEN | Source = Service Control Manager | ID = 7000 -> Description = The Viewpoint Manager Service service failed to start due to the following error: %%3 System [ Error ] 4/17/2009 4:04:37 AM Computer Name = BEN | Source = Service Control Manager | ID = 7000 -> Description = The Viewpoint Manager Service service failed to start due to the following error: %%3 [Files/Folders - Created Within 90 Days] 16 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> kuyutawo -> %SystemRoot%\System32\kuyutawo -> [2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/04/17 01:26:06 | 00,000,000 | ---D | C] GooredFixBackups -> %UserProfile%\Desktop\GooredFixBackups -> [2009/04/17 01:20:39 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/17 01:19:26 | 00,665,196 | ---- | C] () GooredFix.exe -> %UserProfile%\Desktop\GooredFix.exe -> [2009/04/17 01:17:00 | 00,094,208 | ---- | C] () SelfDel.bat -> %SystemRoot%\System32\SelfDel.bat -> [2009/04/17 00:28:56 | 00,000,155 | ---- | C] () setup.exe -> %UserProfile%\Desktop\setup.exe -> [2009/04/16 23:38:40 | 33,260,072 | ---- | C] (Microsoft Corporation) iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2009/04/15 23:24:01 | 00,001,804 | ---- | C] () iTunes -> %ProgramFiles%\iTunes -> [2009/04/15 23:23:25 | 00,000,000 | ---D | C] 327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [2009/04/15 22:22:57 | 00,000,000 | ---D | C] iTunes(2) -> %ProgramFiles%\iTunes(2) -> [2009/04/14 22:00:25 | 00,000,000 | ---D | C] {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> %AllUsersProfile%\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/04/14 22:00:25 | 00,000,000 | ---D | C] Eidos Interactive -> %ProgramFiles%\Eidos Interactive -> [2009/04/13 01:03:45 | 00,000,000 | ---D | C] lol -> %UserProfile%\Desktop\lol -> [2009/04/10 17:39:17 | 00,000,000 | ---D | C] 3dsmax -> %UserProfile%\My Documents\3dsmax -> [2009/04/10 17:33:55 | 00,000,000 | ---D | C] Autodesk -> %AppData%\Autodesk -> [2009/04/10 17:33:54 | 00,000,000 | ---D | C] Adlm -> %UserProfile%\My Documents\Adlm -> [2009/04/10 17:29:59 | 00,000,000 | R--D | C] Autodesk -> %UserProfile%\Local Settings\Application Data\Autodesk -> [2009/04/10 17:29:08 | 00,000,000 | ---D | C] Autodesk 3ds Max 2009 32-bit.lnk -> %AllUsersProfile%\Desktop\Autodesk 3ds Max 2009 32-bit.lnk -> [2009/04/10 17:22:53 | 00,001,741 | ---- | C] () Autodesk Shared -> %CommonProgramFiles%\Autodesk Shared -> [2009/04/10 17:19:42 | 00,000,000 | ---D | C] Autodesk -> %AllUsersProfile%\Application Data\Autodesk -> [2009/04/10 17:19:41 | 00,000,000 | ---D | C] Autodesk -> %ProgramFiles%\Autodesk -> [2009/04/10 17:17:59 | 00,000,000 | ---D | C] Novashell -> %ProgramFiles%\Novashell -> [2009/04/10 00:33:51 | 00,000,000 | ---D | C] dinksmallwood.ini -> %SystemRoot%\dinksmallwood.ini -> [2009/04/08 17:25:54 | 00,000,100 | ---- | C] () Dink Smallwood -> %ProgramFiles%\Dink Smallwood -> [2009/04/08 17:18:43 | 00,000,000 | ---D | C] {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> %AllUsersProfile%\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> [2009/03/14 19:24:23 | 00,000,000 | ---D | C] opus.wav -> %UserProfile%\My Documents\opus.wav -> [2009/03/11 01:33:47 | 05,851,408 | ---- | C] () opus.rps -> %UserProfile%\My Documents\opus.rps -> [2009/03/11 01:31:47 | 00,069,974 | ---- | C] () opus.rns -> %UserProfile%\My Documents\opus.rns -> [2009/03/11 01:30:42 | 00,110,904 | ---- | C] () hmm.rns -> %UserProfile%\My Documents\hmm.rns -> [2009/02/26 21:18:13 | 00,107,196 | ---- | C] () nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb -> [2009/02/20 14:28:27 | 00,211,189 | ---- | C] () Spellborn Downloader -> %AppData%\Spellborn Downloader -> [2009/02/19 03:26:07 | 00,000,000 | ---D | C] Runes of Magic -> %UserProfile%\My Documents\Runes of Magic -> [2009/02/18 23:52:29 | 00,000,000 | ---D | C] CrashReport -> %SystemDrive%\CrashReport -> [2009/02/18 03:42:07 | 00,000,000 | ---D | C] Dungeon Siege -> %UserProfile%\My Documents\Dungeon Siege -> [2009/02/17 00:11:32 | 00,000,000 | ---D | C] .recently-used.xbel -> %UserProfile%\.recently-used.xbel -> [2009/02/12 00:24:46 | 00,007,888 | ---- | C] () Firaxis Games -> %ProgramFiles%\Firaxis Games -> [2009/02/11 14:06:00 | 00,000,000 | ---D | C] GarageGames -> %AppData%\GarageGames -> [2009/02/10 02:23:32 | 00,000,000 | ---D | C] vandammedrums.rns -> %UserProfile%\My Documents\vandammedrums.rns -> [2009/01/31 02:07:36 | 00,105,222 | ---- | C] () Bonjour -> %ProgramFiles%\Bonjour -> [2009/01/22 20:40:02 | 00,000,000 | ---D | C] Setup-FinchNPCv3.exe -> %SystemDrive%\Setup-FinchNPCv3.exe -> [2009/01/20 04:08:56 | 00,495,616 | ---- | C] () Setup-FinchNPCv3.TP2 -> %SystemDrive%\Setup-FinchNPCv3.TP2 -> [2009/01/20 04:08:56 | 00,010,153 | ---- | C] () finch -> %SystemDrive%\finch -> [2009/01/20 04:08:55 | 00,000,000 | ---D | C] USBSTOR.SYS -> %SystemRoot%\System32\drivers\USBSTOR.SYS -> [2009/01/18 00:29:20 | 00,026,496 | ---- | C] (Microsoft Corporation) usbstor.sys -> %SystemRoot%\System32\dllcache\usbstor.sys -> [2009/01/18 00:29:20 | 00,026,496 | ---- | C] (Microsoft Corporation) mapleapi.dll -> %SystemRoot%\System32\mapleapi.dll -> [2008/12/21 16:54:52 | 00,049,152 | ---- | C] ( ) dlinfo_0.drv -> %SystemRoot%\dlinfo_0.drv -> [2008/10/17 21:59:22 | 00,066,936 | -HS- | C] () sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [2008/07/29 13:10:26 | 00,717,296 | ---- | C] () qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [2008/05/30 10:22:22 | 03,596,288 | ---- | C] () dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [2008/05/30 10:18:56 | 00,000,416 | ---- | C] () dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [2008/05/30 10:18:56 | 00,000,416 | ---- | C] () DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [2008/05/30 10:18:00 | 00,012,288 | ---- | C] () PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [2008/04/20 03:35:02 | 00,136,888 | ---- | C] () game.ini -> %SystemRoot%\game.ini -> [2008/04/10 12:38:46 | 00,000,319 | ---- | C] () xlive.dll.cat -> %SystemRoot%\System32\xlive.dll.cat -> [2007/11/26 22:56:28 | 00,151,415 | ---- | C] () wininit.ini -> %SystemRoot%\wininit.ini -> [2007/11/04 04:55:03 | 00,000,060 | ---- | C] () nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll -> [2007/10/04 18:14:00 | 01,724,416 | ---- | C] () nview.dll -> %SystemRoot%\System32\nview.dll -> [2007/10/04 18:14:00 | 01,507,328 | ---- | C] () nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll -> [2007/10/04 18:14:00 | 01,101,824 | ---- | C] () nvshell.dll -> %SystemRoot%\System32\nvshell.dll -> [2007/10/04 18:14:00 | 00,466,944 | ---- | C] () nvnt4cpl.dll -> %SystemRoot%\System32\nvnt4cpl.dll -> [2007/10/04 18:14:00 | 00,286,720 | ---- | C] () GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [2007/09/26 14:05:51 | 00,000,032 | ---- | C] () koaakoa.dll.bak -> %SystemRoot%\System32\koaakoa.dll.bak -> [2007/05/26 00:52:38 | 00,075,776 | ---- | C] () girjxmlx.sys -> %SystemRoot%\System32\drivers\girjxmlx.sys -> [2007/05/26 00:52:37 | 00,012,416 | ---- | C] () psisdecd.dll -> %SystemRoot%\System32\psisdecd.dll -> [2007/05/17 21:52:30 | 00,363,520 | ---- | C] () atiicdxx.ini -> %SystemRoot%\System32\atiicdxx.ini -> [2005/05/01 18:08:02 | 00,000,011 | ---- | C] () RadType.dll -> %SystemRoot%\System32\RadType.dll -> [2005/04/28 00:31:40 | 00,159,813 | --S- | C] () RadRegs.dll -> %SystemRoot%\System32\RadRegs.dll -> [2005/04/28 00:30:34 | 00,065,536 | --S- | C] () RadExe.dll -> %SystemRoot%\System32\RadExe.dll -> [2005/04/28 00:30:04 | 00,188,416 | --S- | C] () RadClkR.dll -> %SystemRoot%\System32\RadClkR.dll -> [2005/04/28 00:29:02 | 00,249,856 | --S- | C] () RadMnu.dll -> %SystemRoot%\System32\RadMnu.dll -> [2005/04/28 00:28:38 | 00,536,576 | --S- | C] () Rad.dll -> %SystemRoot%\System32\Rad.dll -> [2005/04/28 00:28:06 | 00,430,080 | --S- | C] () RadEnu.dll -> %SystemRoot%\System32\RadEnu.dll -> [2005/03/05 09:48:00 | 00,061,440 | --S- | C] () RadPlk.dll -> %SystemRoot%\System32\RadPlk.dll -> [2004/12/19 18:52:48 | 00,061,440 | --S- | C] () RadNlb.dll -> %SystemRoot%\System32\RadNlb.dll -> [2004/12/07 02:35:10 | 00,061,440 | --S- | C] () RadIta.dll -> %SystemRoot%\System32\RadIta.dll -> [2004/12/07 02:33:24 | 00,065,536 | --S- | C] () RadHun.dll -> %SystemRoot%\System32\RadHun.dll -> [2004/12/07 02:33:02 | 00,061,440 | --S- | C] () RadFra.dll -> %SystemRoot%\System32\RadFra.dll -> [2004/12/07 02:30:48 | 00,065,536 | --S- | C] () RadEsp.dll -> %SystemRoot%\System32\RadEsp.dll -> [2004/12/07 02:29:02 | 00,061,440 | --S- | C] () OEM.dll -> %SystemRoot%\System32\OEM.dll -> [2004/12/07 02:02:02 | 00,053,248 | --S- | C] () RadDeu.dll -> %SystemRoot%\System32\RadDeu.dll -> [2004/11/27 23:05:44 | 00,061,440 | --S- | C] () vuins32.dll -> %SystemRoot%\System32\vuins32.dll -> [2004/09/17 17:37:42 | 00,061,440 | ---- | C] () win.ini -> %SystemRoot%\win.ini -> [2001/08/18 05:00:00 | 00,000,533 | ---- | C] () system.ini -> %SystemRoot%\system.ini -> [2001/08/18 05:00:00 | 00,000,227 | ---- | C] () [Files/Folders - Modified Within 90 Days] 6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 16 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> 106 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 106 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 104 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 104 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/04/17 01:26:19 | 05,242,880 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/17 01:19:33 | 00,665,196 | ---- | M] () GooredFix.exe -> %UserProfile%\Desktop\GooredFix.exe -> [2009/04/17 01:17:01 | 00,094,208 | ---- | M] () nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009/04/17 01:05:35 | 00,203,211 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/04/17 01:05:00 | 00,013,002 | ---- | M] () Perflib_Perfdata_7a0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_7a0.dat -> [2009/04/17 01:04:37 | 00,016,384 | ---- | M] () pjxvtwsy.job -> %SystemRoot%\tasks\pjxvtwsy.job -> [2009/04/17 01:04:27 | 00,000,310 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/04/17 01:04:27 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/04/17 01:04:14 | 00,002,048 | --S- | M] () 441772692.exe -> %UserProfile%\Local Settings\Temp\441772692.exe -> [2009/04/17 00:57:13 | 00,022,017 | ---- | M] () 336303942.exe -> %UserProfile%\Local Settings\Temp\336303942.exe -> [2009/04/17 00:56:57 | 00,022,017 | ---- | M] () 3028738534.exe -> %SystemRoot%\Temp\3028738534.exe -> [2009/04/17 00:47:09 | 00,022,017 | ---- | M] () 2839363534.exe -> %SystemRoot%\Temp\2839363534.exe -> [2009/04/17 00:47:00 | 00,022,017 | ---- | M] () 2797332284.exe -> %SystemRoot%\Temp\2797332284.exe -> [2009/04/17 00:47:00 | 00,022,017 | ---- | M] () 2299832284.exe -> %SystemRoot%\Temp\2299832284.exe -> [2009/04/17 00:46:02 | 00,022,017 | ---- | M] () 2214832284.exe -> %SystemRoot%\Temp\2214832284.exe -> [2009/04/17 00:46:02 | 00,022,017 | ---- | M] () reqlqn30w4.exe -> %SystemRoot%\Temp\reqlqn30w4.exe -> [2009/04/17 00:45:43 | 00,015,001 | -H-- | M] () sjgh4kdg4rg4.exe -> %SystemRoot%\Temp\sjgh4kdg4rg4.exe -> [2009/04/17 00:45:34 | 00,015,000 | ---- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/04/17 00:42:49 | 00,000,178 | -HS- | M] () SelfDel.bat -> %SystemRoot%\System32\SelfDel.bat -> [2009/04/17 00:28:56 | 00,000,155 | ---- | M] () tehofogi -> %SystemRoot%\System32\tehofogi -> [2009/04/17 00:12:21 | 00,001,744 | -H-- | M] () setup.exe -> %UserProfile%\Desktop\setup.exe -> [2009/04/16 23:47:12 | 33,260,072 | ---- | M] (Microsoft Corporation) Perflib_Perfdata_71c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_71c.dat -> [2009/04/16 21:28:01 | 00,016,384 | ---- | M] () iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2009/04/15 23:24:01 | 00,001,804 | ---- | M] () win.ini -> %SystemRoot%\win.ini -> [2009/04/15 22:00:00 | 00,000,533 | ---- | M] () system.ini -> %SystemRoot%\system.ini -> [2009/04/15 22:00:00 | 00,000,227 | ---- | M] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/04/13 02:55:00 | 05,829,810 | -H-- | M] () msxml6-KB927977-enu-x86.exe -> %UserProfile%\Local Settings\Temp\msxml6-KB927977-enu-x86.exe -> [2009/04/13 02:53:34 | 00,910,080 | ---- | M] (Microsoft Corporation) perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/04/13 02:45:59 | 00,460,998 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/04/13 02:45:59 | 00,079,766 | ---- | M] () Perflib_Perfdata_6ec.dat -> %SystemRoot%\Temp\Perflib_Perfdata_6ec.dat -> [2009/04/12 15:46:59 | 00,016,384 | ---- | M] () Perflib_Perfdata_6d4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_6d4.dat -> [2009/04/12 15:44:05 | 00,016,384 | ---- | M] () Autodesk 3ds Max 2009 32-bit.lnk -> %AllUsersProfile%\Desktop\Autodesk 3ds Max 2009 32-bit.lnk -> [2009/04/10 17:22:53 | 00,001,741 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/04/10 17:13:48 | 00,527,824 | ---- | M] () AcDeltree.exe -> %UserProfile%\Local Settings\Temp\AcDeltree.exe -> [2009/04/10 03:29:14 | 00,149,656 | ---- | M] (Autodesk, Inc.) dinksmallwood.ini -> %SystemRoot%\dinksmallwood.ini -> [2009/04/08 17:32:08 | 00,000,100 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/04/07 00:23:34 | 00,079,872 | ---- | M] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/04/02 19:27:07 | 00,049,152 | -HS- | M] () index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat -> [2009/04/02 19:27:07 | 00,016,384 | -HS- | M] () index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2009/04/02 19:27:07 | 00,016,384 | -HS- | M] () AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/04/02 19:27:07 | 00,000,284 | ---- | M] () Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [2009/03/28 14:04:00 | 00,000,270 | ---- | M] () opus.wav -> %UserProfile%\My Documents\opus.wav -> [2009/03/11 01:34:52 | 05,851,408 | ---- | M] () opus.rps -> %UserProfile%\My Documents\opus.rps -> [2009/03/11 01:31:49 | 00,069,974 | ---- | M] () opus.rns -> %UserProfile%\My Documents\opus.rns -> [2009/03/11 01:30:44 | 00,110,904 | ---- | M] () lolsong.rns -> %UserProfile%\My Documents\lolsong.rns -> [2009/02/27 19:33:09 | 00,517,156 | ---- | M] () hmm.rns -> %UserProfile%\My Documents\hmm.rns -> [2009/02/26 21:18:13 | 00,107,196 | ---- | M] () SystemRequirementsLabx.exe -> %UserProfile%\Local Settings\Temp\SystemRequirementsLabx.exe -> [2009/02/20 13:07:13 | 00,382,536 | ---- | M] () Perflib_Perfdata_60c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_60c.dat -> [2009/02/19 21:54:20 | 00,016,384 | ---- | M] () Launcher.exe -> %UserProfile%\Local Settings\Temp\Blizzard Launcher Temporary - 3e44f728\Launcher.exe -> [2009/02/16 03:09:35 | 03,798,624 | ---- | M] (Blizzard Entertainment) _Setup.dll -> %UserProfile%\Local Settings\Temp\isp489.tmp\_Setup.dll -> [2009/02/12 18:32:01 | 00,270,336 | ---- | M] (Macrovision Corporation) .recently-used.xbel -> %UserProfile%\.recently-used.xbel -> [2009/02/12 00:24:46 | 00,007,888 | ---- | M] () nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll -> [2009/02/09 14:18:00 | 01,724,416 | ---- | M] () nwiz.exe -> %SystemRoot%\System32\nwiz.exe -> [2009/02/09 14:18:00 | 01,657,376 | ---- | M] () nview.dll -> %SystemRoot%\System32\nview.dll -> [2009/02/09 14:18:00 | 01,507,328 | ---- | M] () nvdspsch.exe -> %SystemRoot%\System32\nvdspsch.exe -> [2009/02/09 14:18:00 | 01,346,080 | ---- | M] () nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll -> [2009/02/09 14:18:00 | 01,101,824 | ---- | M] () nvshell.dll -> %SystemRoot%\System32\nvshell.dll -> [2009/02/09 14:18:00 | 00,466,944 | ---- | M] () nvappbar.exe -> %SystemRoot%\System32\nvappbar.exe -> [2009/02/09 14:18:00 | 00,449,056 | ---- | M] () keystone.exe -> %SystemRoot%\System32\keystone.exe -> [2009/02/09 14:18:00 | 00,436,768 | ---- | M] () nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb -> [2009/02/09 14:18:00 | 00,211,189 | ---- | M] () nvtuicpl.cpl -> %SystemRoot%\System32\nvtuicpl.cpl -> [2009/02/09 14:18:00 | 00,073,728 | ---- | M] () nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu -> [2009/02/09 14:18:00 | 00,018,795 | ---- | M] () drm_dialogs.dll -> %UserProfile%\Local Settings\Temp\drm_dialogs.dll -> [2009/02/06 05:31:48 | 00,065,536 | ---- | M] (Sony DADC Austria AG) drm_dyndata_7380006.dll -> %UserProfile%\Local Settings\Temp\drm_dyndata_7380006.dll -> [2009/02/06 05:31:42 | 00,204,800 | ---- | M] (Sony DADC Austria AG) CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> [2009/02/06 05:31:41 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) vandammedrums.rns -> %UserProfile%\My Documents\vandammedrums.rns -> [2009/01/31 02:07:37 | 00,105,222 | ---- | M] () _Setup.dll -> %UserProfile%\Local Settings\Temp\isp268.tmp\_Setup.dll -> [2009/01/27 23:13:28 | 00,368,640 | ---- | M] (Macrovision Corporation) SIntfNT.dll -> %UserProfile%\Local Settings\Temp\SIntfNT.dll -> [2009/01/27 02:58:35 | 00,024,748 | ---- | M] () SIntf32.dll -> %UserProfile%\Local Settings\Temp\SIntf32.dll -> [2009/01/27 02:58:35 | 00,020,020 | ---- | M] () SIntf16.dll -> %UserProfile%\Local Settings\Temp\SIntf16.dll -> [2009/01/27 02:58:35 | 00,012,305 | ---- | M] () Perflib_Perfdata_430.dat -> %SystemRoot%\Temp\Perflib_Perfdata_430.dat -> [2008/12/31 17:13:51 | 00,016,384 | ---- | M] () tmp379.exe -> %SystemRoot%\Temp\tmp379.exe -> [2008/12/30 20:00:02 | 00,000,000 | ---- | M] () tmpF.exe -> %SystemRoot%\Temp\tmpF.exe -> [2008/12/29 19:00:06 | 00,000,000 | ---- | M] () Perflib_Perfdata_5f0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5f0.dat -> [2008/12/29 12:47:51 | 00,016,384 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/20 18:54:09 | 00,004,232 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/17 19:45:16 | 00,004,617 | ---- | M] () Perflib_Perfdata_2b8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_2b8.dat -> [2008/11/24 06:42:23 | 00,016,384 | ---- | M] () Perflib_Perfdata_5dc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5dc.dat -> [2008/11/10 12:49:08 | 00,016,384 | ---- | M] () _Setup.dll -> %UserProfile%\Local Settings\Temp\isp5.tmp\_Setup.dll -> [2008/11/05 13:44:46 | 00,147,456 | ---- | M] (Macrovision Corporation) plugin-eBayISAPI.dll -> %UserProfile%\Local Settings\Temp\plugtmp-74\plugin-eBayISAPI.dll -> [2008/10/27 16:36:07 | 00,022,462 | ---- | M] () Perflib_Perfdata_4f0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_4f0.dat -> [2008/10/06 00:42:05 | 00,016,384 | ---- | M] () vcredist_x86.exe -> %UserProfile%\Local Settings\Temp\G4WL\vcredist_x86.exe -> [2008/09/04 07:04:26 | 02,723,264 | R--- | M] (Microsoft Corporation) dotnetfx3_x64.exe -> %UserProfile%\Local Settings\Temp\G4WL\dotnetfx3_x64.exe -> [2008/08/21 09:13:06 | 94,482,712 | R--- | M] (Microsoft Corporation) dotnetfx3.exe -> %UserProfile%\Local Settings\Temp\G4WL\dotnetfx3.exe -> [2008/08/21 09:12:56 | 52,770,576 | R--- | M] (Microsoft Corporation) msiexec.exe -> %UserProfile%\Local Settings\Temp\G4WL\msiexec.exe -> [2008/08/15 11:30:58 | 00,078,848 | R--- | M] (Microsoft Corporation) DXSETUP.exe -> %UserProfile%\Local Settings\Temp\DXREDIST\DXSETUP.exe -> [2008/08/15 11:30:54 | 00,528,392 | R--- | M] (Microsoft Corporation) dsetup32.dll -> %UserProfile%\Local Settings\Temp\DXREDIST\dsetup32.dll -> [2008/08/15 11:30:53 | 01,694,728 | R--- | M] (Microsoft Corporation) DSETUP.dll -> %UserProfile%\Local Settings\Temp\DXREDIST\DSETUP.dll -> [2008/08/15 11:30:53 | 00,097,288 | R--- | M] (Microsoft Corporation) hhcolreg.dat -> %AllUsersProfile%\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2008/04/15 01:45:51 | 00,002,334 | ---- | M] () vmpremov.exe -> %UserProfile%\Local Settings\Temp\vmpremov.exe -> [2008/02/06 17:57:07 | 00,114,688 | ---- | M] (Viewpoint Corporation) pae_asio_x64.dll -> %UserProfile%\Local Settings\Temp\TK421\pae_asio_x64.dll -> [2007/10/09 18:16:00 | 00,178,736 | ---- | M] (BridgeCo AG) pae_asio.dll -> %UserProfile%\Local Settings\Temp\TK421\pae_asio.dll -> [2007/10/09 18:15:58 | 00,145,968 | ---- | M] (BridgeCo AG) PaeFwUpgrade.exe -> %UserProfile%\Local Settings\Temp\TK421\PaeFwUpgrade.exe -> [2007/10/09 13:39:18 | 00,606,208 | ---- | M] (BridgeCo AG) PaeFwUpgrade_x64.exe -> %UserProfile%\Local Settings\Temp\TK421\PaeFwUpgrade_x64.exe -> [2007/10/09 13:29:50 | 00,990,208 | ---- | M] (BridgeCo AG) dsetup32.dll -> %UserProfile%\Local Settings\Temp\dsetup32.dll -> [2007/09/18 15:58:56 | 01,673,576 | ---- | M] (Microsoft Corporation) DXSETUP.exe -> %UserProfile%\Local Settings\Temp\DXSETUP.exe -> [2007/09/18 15:58:56 | 00,503,144 | ---- | M] (Microsoft Corporation) DSETUP.dll -> %UserProfile%\Local Settings\Temp\DSETUP.dll -> [2007/09/18 15:58:56 | 00,077,160 | ---- | M] (Microsoft Corporation) bco_fwdl_x64.dll -> %UserProfile%\Local Settings\Temp\TK421\bco_fwdl_x64.dll -> [2007/06/05 10:09:04 | 00,238,592 | ---- | M] (BridgeCo AG) bco_fwdl.dll -> %UserProfile%\Local Settings\Temp\TK421\bco_fwdl.dll -> [2007/06/05 10:08:28 | 00,188,416 | ---- | M] (BridgeCo AG) pae_coinst_Inspire1394_x64.dll -> %UserProfile%\Local Settings\Temp\TK421\pae_coinst_Inspire1394_x64.dll -> [2007/01/29 16:58:56 | 00,156,160 | ---- | M] (Thesycon GmbH) pae_coinst_Inspire1394.dll -> %UserProfile%\Local Settings\Temp\TK421\pae_coinst_Inspire1394.dll -> [2007/01/29 16:58:36 | 00,103,936 | ---- | M] (Thesycon GmbH) WMPAU.exe -> %UserProfile%\Local Settings\Temp\WMC0000.tmp\WMPAU.exe -> [2006/11/01 18:31:38 | 01,669,120 | ---- | M] (Microsoft Corporation) iNSPiRE_1394.exe -> %UserProfile%\Local Settings\Temp\TK421\iNSPiRE_1394.exe -> [2005/10/07 15:58:32 | 01,134,592 | ---- | M] () setup_wm.exe -> %UserProfile%\Local Settings\Temp\setup_wm.exe -> [2004/08/04 00:56:56 | 00,774,144 | ---- | M] (Microsoft Corporation) [File - Lop Check] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009/04/14 22:00:25 | 00,000,000 | RH-D | M] {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> [2009/03/14 19:25:05 | 00,000,000 | ---D | M] {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/04/14 22:00:50 | 00,000,000 | ---D | M] Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk -> [2009/04/10 17:33:54 | 00,000,000 | ---D | M] avg7 -> C:\Documents and Settings\All Users\Application Data\avg7 -> [2008/11/24 06:19:51 | 00,000,000 | ---D | M] Blizzard -> C:\Documents and Settings\All Users\Application Data\Blizzard -> [2008/11/10 21:10:27 | 00,000,000 | ---D | M] esClient -> C:\Documents and Settings\All Users\Application Data\esClient -> [2008/06/08 15:37:34 | 00,000,000 | -H-D | M] Fallout3 -> C:\Documents and Settings\All Users\Application Data\Fallout3 -> [2008/11/05 13:59:51 | 00,000,000 | ---D | M] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2008/06/17 18:53:28 | 00,000,000 | ---D | M] NCH Swift Sound -> C:\Documents and Settings\All Users\Application Data\NCH Swift Sound -> [2007/10/28 19:12:46 | 00,000,000 | ---D | M] Propellerhead Software -> C:\Documents and Settings\All Users\Application Data\Propellerhead Software -> [2008/12/21 15:57:28 | 00,000,000 | ---D | M] Sony -> C:\Documents and Settings\All Users\Application Data\Sony -> [2007/09/30 19:45:33 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2008/11/24 14:02:08 | 00,000,000 | ---D | M] WildTangent -> C:\Documents and Settings\All Users\Application Data\WildTangent -> [2008/10/31 19:26:25 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Owner\Application Data -> [2009/04/10 17:33:54 | 00,000,000 | -H-D | M] acccore -> C:\Documents and Settings\Owner\Application Data\acccore -> [2009/01/11 03:13:18 | 00,000,000 | ---D | M] Autodesk -> C:\Documents and Settings\Owner\Application Data\Autodesk -> [2009/04/10 17:41:20 | 00,000,000 | ---D | M] AVG7 -> C:\Documents and Settings\Owner\Application Data\AVG7 -> [2009/04/14 02:18:43 | 00,000,000 | ---D | M] DAEMON Tools -> C:\Documents and Settings\Owner\Application Data\DAEMON Tools -> [2009/01/11 03:13:18 | 00,000,000 | ---D | M] GarageGames -> C:\Documents and Settings\Owner\Application Data\GarageGames -> [2009/02/10 02:23:32 | 00,000,000 | ---D | M] GetRightToGo -> C:\Documents and Settings\Owner\Application Data\GetRightToGo -> [2008/10/19 00:57:53 | 00,000,000 | ---D | M] gtk-2.0 -> C:\Documents and Settings\Owner\Application Data\gtk-2.0 -> [2008/10/09 16:32:07 | 00,000,000 | ---D | M] ijjigame -> C:\Documents and Settings\Owner\Application Data\ijjigame -> [2008/03/23 17:54:45 | 00,000,000 | -H-D | M] Leadertech -> C:\Documents and Settings\Owner\Application Data\Leadertech -> [2007/09/29 15:17:21 | 00,000,000 | ---D | M] LimeWire -> C:\Documents and Settings\Owner\Application Data\LimeWire -> [2008/04/25 16:08:12 | 00,000,000 | ---D | M] Move Networks -> C:\Documents and Settings\Owner\Application Data\Move Networks -> [2009/03/11 17:07:26 | 00,000,000 | ---D | M] NCH Swift Sound -> C:\Documents and Settings\Owner\Application Data\NCH Swift Sound -> [2007/10/28 19:11:58 | 00,000,000 | ---D | M] NetMedia Providers -> C:\Documents and Settings\Owner\Application Data\NetMedia Providers -> [2007/09/16 22:38:07 | 00,000,000 | ---D | M] Propellerhead Software -> C:\Documents and Settings\Owner\Application Data\Propellerhead Software -> [2008/12/21 16:00:35 | 00,000,000 | ---D | M] Publish Providers -> C:\Documents and Settings\Owner\Application Data\Publish Providers -> [2007/09/16 22:38:06 | 00,000,000 | ---D | M] Sony -> C:\Documents and Settings\Owner\Application Data\Sony -> [2007/09/30 20:12:59 | 00,000,000 | ---D | M] Spellborn Downloader -> C:\Documents and Settings\Owner\Application Data\Spellborn Downloader -> [2009/02/19 03:26:07 | 00,000,000 | ---D | M] SPORE Creature Creator -> C:\Documents and Settings\Owner\Application Data\SPORE Creature Creator -> [2008/10/07 17:08:27 | 00,000,000 | ---D | M] SystemRequirementsLab -> C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab -> [2009/02/20 13:07:07 | 00,000,000 | ---D | M] Turbine -> C:\Documents and Settings\Owner\Application Data\Turbine -> [2008/01/29 20:10:38 | 00,000,000 | ---D | M] Uniblue -> C:\Documents and Settings\Owner\Application Data\Uniblue -> [2007/11/04 15:06:01 | 00,000,000 | ---D | M] uTorrent -> C:\Documents and Settings\Owner\Application Data\uTorrent -> [2009/04/17 00:24:03 | 00,000,000 | ---D | M] Ventrilo -> C:\Documents and Settings\Owner\Application Data\Ventrilo -> [2007/07/03 14:54:15 | 00,000,000 | ---D | M] Xfire -> C:\Documents and Settings\Owner\Application Data\Xfire -> [2007/09/30 09:32:58 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/01/19 13:09:37 | 00,000,000 | --SD | M] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2009/04/02 19:27:07 | 00,000,284 | ---- | M] () desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2001/08/18 05:00:00 | 00,000,065 | RH-- | M] () pjxvtwsy.job -> C:\WINDOWS\Tasks\pjxvtwsy.job -> [2009/04/17 01:04:27 | 00,000,310 | ---- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/04/17 01:04:27 | 00,000,006 | -H-- | M] () Uniblue SpeedUpMyPC Nag.job -> C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job -> [2009/03/28 14:04:00 | 00,000,270 | ---- | M] () Uniblue SpeedUpMyPC.job -> C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job -> [2007/11/04 15:04:53 | 00,000,392 | ---- | M] () [File - Purity Scan] [File - Signature Check] < Cached Copy > -> < OS Copy > -> < MD5's > C:\WINDOWS\system32\dllcache\explorer.exe [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -> Cached Copy = 97BD6515465659FF8F3B7BE375B2EA87 \ OS Copy = 97BD6515465659FF8F3B7BE375B2EA87 C:\WINDOWS\servicepackfiles\i386\csrss.exe [2004/08/04 00:56:48 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2004/08/04 00:56:48 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = F12B178B1678D778CFD3FF1FC38C71FB \ OS Copy = F12B178B1678D778CFD3FF1FC38C71FB C:\WINDOWS\servicepackfiles\i386\lsass.exe [2004/08/04 00:56:50 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2004/08/04 00:56:50 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = 84885F9B82F4D55C6146EBF6065D75D2 \ OS Copy = 84885F9B82F4D55C6146EBF6065D75D2 C:\WINDOWS\servicepackfiles\i386\rundll32.exe [2004/08/04 00:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2004/08/04 00:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = DA285490BBD8A1D0CE6623577D5BA1FF \ OS Copy = DA285490BBD8A1D0CE6623577D5BA1FF C:\WINDOWS\servicepackfiles\i386\services.exe [2004/08/04 00:56:55 | 00,108,032 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2004/08/04 00:56:55 | 00,108,032 | ---- | M] (Microsoft Corporation) -> Cached Copy = C6CE6EEC82F187615D1002BB3BB50ED4 \ OS Copy = C6CE6EEC82F187615D1002BB3BB50ED4 C:\WINDOWS\servicepackfiles\i386\smss.exe [2004/08/04 00:56:56 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2004/08/04 00:56:56 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = BD7FB0957C716F1A60333AEE04DE2178 \ OS Copy = BD7FB0957C716F1A60333AEE04DE2178 C:\WINDOWS\servicepackfiles\i386\spoolsv.exe [2004/08/04 00:56:57 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2005/06/10 16:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = 7435B108B935E42EA92CA94F59C8E717 \ OS Copy = DA81EC57ACD4CDC3D4C51CF3D409AF9F C:\WINDOWS\servicepackfiles\i386\svchost.exe [2004/08/04 00:56:57 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2004/08/04 00:56:57 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 8F078AE4ED187AAABC0A305146DE6716 \ OS Copy = 8F078AE4ED187AAABC0A305146DE6716 C:\WINDOWS\servicepackfiles\i386\taskmgr.exe [2004/08/04 00:56:57 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2004/08/04 00:56:57 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = FC160ACE21C81837692B339D230DD4BE \ OS Copy = FC160ACE21C81837692B339D230DD4BE C:\WINDOWS\servicepackfiles\i386\userinit.exe [2004/08/04 00:56:57 | 00,024,576 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2004/08/04 00:56:57 | 00,024,576 | ---- | M] (Microsoft Corporation) -> Cached Copy = 39B1FFB03C2296323832ACBAE50D2AFF \ OS Copy = 39B1FFB03C2296323832ACBAE50D2AFF C:\WINDOWS\servicepackfiles\i386\winlogon.exe [2004/08/04 00:56:57 | 00,502,272 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2004/08/04 00:56:57 | 00,502,272 | ---- | M] (Microsoft Corporation) -> Cached Copy = 01C3346C241652F43AED8E2149881BFE \ OS Copy = 01C3346C241652F43AED8E2149881BFE [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > detected NTDLL code modification: ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation scanning hidden processes ... C:\WINDOWS\system32\.54925017\54925017.exe [1684] scanning hidden services & system hive ... disk error: C:\WINDOWS\system32\config\system, 0 scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software, 0 disk error: C:\Documents and Settings\Owner\ntuser.dat, 0 scanning hidden files ... disk error: C:\WINDOWS\ please note that you need administrator rights to perform deep scan < Document and Settings folder & sub folders > detected NTDLL code modification: ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation scanning hidden files ... disk error: C:\Documents and Settings\ please note that you need administrator rights to perform deep scan [Custom Scans] < %systemroot%\Prefetch\*.* /s > C:\WINDOWS\Prefetch\ -> C:\WINDOWS\Prefetch -> [2009/04/10 17:24:45 | 00,000,000 | ---D | M] ACRORD32.EXE-356875A2.pf -> C:\WINDOWS\Prefetch\ACRORD32.EXE-356875A2.pf -> [2009/04/17 01:07:27 | 00,066,676 | ---- | M] () ADOBEUPDATER.EXE-1AB51BCE.pf -> C:\WINDOWS\Prefetch\ADOBEUPDATER.EXE-1AB51BCE.pf -> [2009/04/11 16:20:24 | 00,037,980 | ---- | M] () ADSKSCSRV.EXE-23DBE517.pf -> C:\WINDOWS\Prefetch\ADSKSCSRV.EXE-23DBE517.pf -> [2009/04/10 17:24:45 | 00,005,956 | ---- | M] () APPLEMOBILEDEVICESERVICE.EXE-2BCF7F43.pf -> C:\WINDOWS\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-2BCF7F43.pf -> [2009/04/15 23:19:31 | 00,013,328 | ---- | M] () ASPNET_REGIIS.EXE-009D6E80.pf -> C:\WINDOWS\Prefetch\ASPNET_REGIIS.EXE-009D6E80.pf -> [2009/04/10 17:13:45 | 00,020,948 | ---- | M] () BACKGROUNDDOWNLOADER.EXE-3ADAB8A9.pf -> C:\WINDOWS\Prefetch\BACKGROUNDDOWNLOADER.EXE-3ADAB8A9.pf -> [2009/03/28 03:25:42 | 00,033,392 | ---- | M] () BGMAIN.EXE-2B772370.pf -> C:\WINDOWS\Prefetch\BGMAIN.EXE-2B772370.pf -> [2009/03/24 19:18:51 | 00,059,752 | ---- | M] () CALC.EXE-02CD573A.pf -> C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf -> [2009/04/14 00:43:10 | 00,015,556 | ---- | M] () CMD.EXE-087B4001.pf -> C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -> [2009/04/17 01:20:49 | 00,013,790 | ---- | M] () CONTROL.EXE-013DBFB5.pf -> C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf -> [2009/04/16 17:39:40 | 00,020,880 | ---- | M] () CRASHREPORTER.EXE-29951F6F.pf -> C:\WINDOWS\Prefetch\CRASHREPORTER.EXE-29951F6F.pf -> [2009/04/15 22:33:41 | 00,024,510 | ---- | M] () DEFRAG.EXE-273F131E.pf -> C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -> [2009/04/16 22:06:46 | 00,018,488 | ---- | M] () DFARC.EXE-0F073F72.pf -> C:\WINDOWS\Prefetch\DFARC.EXE-0F073F72.pf -> [2009/04/08 17:24:42 | 00,016,362 | ---- | M] () DFRGNTFS.EXE-269967DF.pf -> C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf -> [2009/04/16 22:06:47 | 00,071,384 | ---- | M] () DIFXINSTALL32.EXE-08998340.pf -> C:\WINDOWS\Prefetch\DIFXINSTALL32.EXE-08998340.pf -> [2009/04/15 23:22:55 | 00,064,070 | ---- | M] () DIFXINSTALL32.EXE-294CD244.pf -> C:\WINDOWS\Prefetch\DIFXINSTALL32.EXE-294CD244.pf -> [2009/03/14 19:23:23 | 00,012,776 | ---- | M] () DINK.EXE-2F6E3B91.pf -> C:\WINDOWS\Prefetch\DINK.EXE-2F6E3B91.pf -> [2009/04/08 17:25:59 | 00,037,220 | ---- | M] () DINKSMALLWOOD108.EXE-209B79D7.pf -> C:\WINDOWS\Prefetch\DINKSMALLWOOD108.EXE-209B79D7.pf -> [2009/04/08 17:18:37 | 00,052,802 | ---- | M] () DIVX PLAYER.EXE-2B5FB89F.pf -> C:\WINDOWS\Prefetch\DIVX PLAYER.EXE-2B5FB89F.pf -> [2009/04/07 01:31:39 | 00,066,290 | ---- | M] () DIVXCODECVERSIONCHECKER.EXE-06B73480.pf -> C:\WINDOWS\Prefetch\DIVXCODECVERSIONCHECKER.EXE-06B73480.pf -> [2009/03/28 03:50:27 | 00,012,408 | ---- | M] () DIVXSM.EXE-3407AB62.pf -> C:\WINDOWS\Prefetch\DIVXSM.EXE-3407AB62.pf -> [2009/03/28 03:50:27 | 00,022,856 | ---- | M] () DIVXVERSIONCHECKER.EXE-32FA8590.pf -> C:\WINDOWS\Prefetch\DIVXVERSIONCHECKER.EXE-32FA8590.pf -> [2009/04/07 01:30:56 | 00,008,946 | ---- | M] () DLLHOST.EXE-205D880D.pf -> C:\WINDOWS\Prefetch\DLLHOST.EXE-205D880D.pf -> [2009/04/15 22:53:32 | 00,022,658 | ---- | M] () DRWTSN32.EXE-2B4B52AC.pf -> C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf -> [2009/04/15 21:49:14 | 00,020,116 | ---- | M] () DUMPREP.EXE-1B46F901.pf -> C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf -> [2009/04/15 13:48:20 | 00,077,112 | ---- | M] () DWWIN.EXE-30875ADC.pf -> C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf -> [2009/04/15 21:33:54 | 00,159,114 | ---- | M] () DXDLLREG.EXE-2F833AED.pf -> C:\WINDOWS\Prefetch\DXDLLREG.EXE-2F833AED.pf -> [2009/04/10 17:17:25 | 00,006,656 | ---- | M] () DXSETUP.EXE-05389B88.pf -> C:\WINDOWS\Prefetch\DXSETUP.EXE-05389B88.pf -> [2009/04/10 17:17:20 | 00,015,556 | ---- | M] () FALLOUT3.EXE-2007B925.pf -> C:\WINDOWS\Prefetch\FALLOUT3.EXE-2007B925.pf -> [2009/03/16 16:20:20 | 00,057,310 | ---- | M] () FIREFOX.EXE-28641590.pf -> C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf -> [2009/04/17 01:21:10 | 00,094,482 | ---- | M] () GAME.EXE-04FE3F11.pf -> C:\WINDOWS\Prefetch\GAME.EXE-04FE3F11.pf -> [2009/04/10 00:39:02 | 00,054,296 | ---- | M] () HELPER.EXE-0415776D.pf -> C:\WINDOWS\Prefetch\HELPER.EXE-0415776D.pf -> [2009/03/30 19:42:35 | 00,020,180 | ---- | M] () HELPSVC.EXE-2878DDA2.pf -> C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -> [2009/04/17 01:02:19 | 00,077,608 | ---- | M] () IEXPLORE.EXE-27122324.pf -> C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf -> [2009/04/17 00:57:13 | 00,078,556 | ---- | M] () IMAPI.EXE-0BF740A4.pf -> C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf -> [2009/04/17 00:30:30 | 00,018,624 | ---- | M] () IPODSERVICE.EXE-3192DE38.pf -> C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf -> [2009/04/15 23:24:44 | 00,016,062 | ---- | M] () ITUNES.EXE-1A268432.pf -> C:\WINDOWS\Prefetch\ITUNES.EXE-1A268432.pf -> [2009/04/17 00:22:18 | 00,111,350 | ---- | M] () ITUNESHELPER.EXE-15823303.pf -> C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-15823303.pf -> [2009/04/15 23:25:07 | 00,014,444 | ---- | M] () ITUNESPHOTOPROCESSOR.EXE-24970A75.pf -> C:\WINDOWS\Prefetch\ITUNESPHOTOPROCESSOR.EXE-24970A75.pf -> [2009/04/15 23:24:33 | 00,015,482 | ---- | M] () JAVA.EXE-0C263507.pf -> C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf -> [2009/04/16 23:45:31 | 00,076,542 | ---- | M] () JQSNOTIFY.EXE-24AE4A36.pf -> C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-24AE4A36.pf -> [2009/04/17 01:21:10 | 00,008,344 | ---- | M] () LAUNCHER.EXE-32675156.pf -> C:\WINDOWS\Prefetch\LAUNCHER.EXE-32675156.pf -> [2009/04/07 15:43:36 | 00,079,952 | ---- | M] () Layout.ini -> C:\WINDOWS\Prefetch\Layout.ini -> [2009/04/16 22:06:36 | 00,636,758 | ---- | M] () LODCTR.EXE-1009C3B4.pf -> C:\WINDOWS\Prefetch\LODCTR.EXE-1009C3B4.pf -> [2009/04/10 17:16:43 | 00,020,550 | ---- | M] () LOGON.SCR-151EFAEA.pf -> C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf -> [2009/04/16 23:02:02 | 00,006,896 | ---- | M] () LOGONUI.EXE-0AF22957.pf -> C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf -> [2009/04/17 01:02:40 | 00,033,492 | ---- | M] () MBAM-DOR.EXE-203884D2.pf -> C:\WINDOWS\Prefetch\MBAM-DOR.EXE-203884D2.pf -> [2009/04/17 00:57:22 | 00,015,520 | ---- | M] () MBAM-SETUP.EXE-07BB094E.pf -> C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-07BB094E.pf -> [2009/04/12 15:51:33 | 00,016,544 | ---- | M] () MBAM.EXE-0BEE0439.pf -> C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf -> [2009/04/17 00:47:05 | 00,054,462 | ---- | M] () MBAMGUI.EXE-1286D63B.pf -> C:\WINDOWS\Prefetch\MBAMGUI.EXE-1286D63B.pf -> [2009/04/12 15:51:32 | 00,008,308 | ---- | M] () MOFCOMP.EXE-01718E95.pf -> C:\WINDOWS\Prefetch\MOFCOMP.EXE-01718E95.pf -> [2009/04/10 17:13:43 | 00,021,430 | ---- | M] () MORROWIND LAUNCHER.EXE-19E626FD.pf -> C:\WINDOWS\Prefetch\MORROWIND LAUNCHER.EXE-19E626FD.pf -> [2009/03/15 18:06:56 | 00,046,480 | ---- | M] () MORROWIND.EXE-0B7913E7.pf -> C:\WINDOWS\Prefetch\MORROWIND.EXE-0B7913E7.pf -> [2009/02/27 13:19:28 | 00,070,940 | ---- | M] () MOUSEKEYBOARD.EXE-2B54BCF5.pf -> C:\WINDOWS\Prefetch\MOUSEKEYBOARD.EXE-2B54BCF5.pf -> [2009/04/03 01:19:57 | 00,020,696 | ---- | M] () MSCONFIG.EXE-35E4DAE9.pf -> C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf -> [2009/04/17 00:18:32 | 00,045,222 | ---- | M] () MSCORSVW.EXE-1BF30400.pf -> C:\WINDOWS\Prefetch\MSCORSVW.EXE-1BF30400.pf -> [2009/04/10 21:12:58 | 00,091,774 | ---- | M] () MSIEXEC.EXE-2F8A8CAE.pf -> C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf -> [2009/04/15 23:24:10 | 00,144,346 | ---- | M] () MSIMN.EXE-38BA891D.pf -> C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf -> [2009/04/12 22:31:21 | 00,061,966 | ---- | M] () NETFX20SP1_X86.EXE-296E4E04.pf -> C:\WINDOWS\Prefetch\NETFX20SP1_X86.EXE-296E4E04.pf -> [2009/04/10 17:08:28 | 00,068,108 | ---- | M] () NGEN.EXE-38021CCC.pf -> C:\WINDOWS\Prefetch\NGEN.EXE-38021CCC.pf -> [2009/04/10 17:16:02 | 00,009,760 | ---- | M] () NOTEPAD.EXE-336351A9.pf -> C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf -> [2009/04/17 01:20:50 | 00,021,824 | ---- | M] () NOVASHELLINSTALLER.EXE-24B908C8.pf -> C:\WINDOWS\Prefetch\NOVASHELLINSTALLER.EXE-24B908C8.pf -> [2009/04/10 00:33:42 | 00,053,188 | ---- | M] () NTOSBOOT-B00DFAAD.pf -> C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -> [2009/04/17 01:06:30 | 00,979,076 | ---- | M] () POCKETTANKS.EXE-3AD95CE9.pf -> C:\WINDOWS\Prefetch\POCKETTANKS.EXE-3AD95CE9.pf -> [2009/03/26 22:33:11 | 00,057,662 | ---- | M] () PTLOADER.EXE-35D163BC.pf -> C:\WINDOWS\Prefetch\PTLOADER.EXE-35D163BC.pf -> [2009/03/26 22:33:06 | 00,023,764 | ---- | M] () QTTASK.EXE-342507FB.pf -> C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf -> [2009/04/15 23:21:10 | 00,008,916 | ---- | M] () RAYSAT_3DSMAX2009_32SERVER.EX-036DFC37.pf -> C:\WINDOWS\Prefetch\RAYSAT_3DSMAX2009_32SERVER.EX-036DFC37.pf -> [2009/04/10 17:24:33 | 00,010,722 | ---- | M] () REASON.EXE-0D50A396.pf -> C:\WINDOWS\Prefetch\REASON.EXE-0D50A396.pf -> [2009/04/03 01:19:29 | 00,098,956 | ---- | M] () REG32.EXE-3849ED3B.pf -> C:\WINDOWS\Prefetch\REG32.EXE-3849ED3B.pf -> [2009/02/27 01:01:37 | 00,016,920 | ---- | M] () REGEDIT.EXE-1B606482.pf -> C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf -> [2009/04/17 00:57:08 | 00,017,510 | ---- | M] () REGSVCS.EXE-11A17120.pf -> C:\WINDOWS\Prefetch\REGSVCS.EXE-11A17120.pf -> [2009/04/10 17:14:00 | 00,027,982 | ---- | M] () REGSVR32.EXE-25EEFE2F.pf -> C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf -> [2009/04/12 15:51:37 | 00,016,424 | ---- | M] () REGTLIBV12.EXE-0E2FA54B.pf -> C:\WINDOWS\Prefetch\REGTLIBV12.EXE-0E2FA54B.pf -> [2009/04/10 17:12:12 | 00,010,472 | ---- | M] () RUNDLL32.EXE-11D1E3B8.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-11D1E3B8.pf -> [2009/04/08 23:16:13 | 00,015,082 | ---- | M] () RUNDLL32.EXE-12E27DD0.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf -> [2009/04/15 02:09:32 | 00,035,378 | ---- | M] () RUNDLL32.EXE-16EAAF1D.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-16EAAF1D.pf -> [2009/04/10 12:35:13 | 00,059,484 | ---- | M] () RUNDLL32.EXE-173AE677.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-173AE677.pf -> [2009/04/16 02:09:34 | 00,027,414 | ---- | M] () RUNDLL32.EXE-1831A4F3.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf -> [2009/04/16 17:39:33 | 00,040,338 | ---- | M] () RUNDLL32.EXE-1E5D4FB9.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-1E5D4FB9.pf -> [2009/03/23 21:45:44 | 00,021,108 | ---- | M] () RUNDLL32.EXE-229CA231.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-229CA231.pf -> [2009/02/26 23:05:31 | 00,032,030 | ---- | M] () RUNDLL32.EXE-24DBE541.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-24DBE541.pf -> [2009/04/07 22:48:07 | 00,020,470 | ---- | M] () RUNDLL32.EXE-268BFF96.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf -> [2009/03/12 01:39:58 | 00,012,116 | ---- | M] () RUNDLL32.EXE-2A94BB85.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf -> [2009/04/13 02:02:37 | 00,021,556 | ---- | M] () RUNDLL32.EXE-2BD46B7D.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-2BD46B7D.pf -> [2009/04/16 02:09:24 | 00,123,980 | ---- | M] () RUNDLL32.EXE-2CD85FD3.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf -> [2009/04/15 22:34:48 | 00,047,954 | ---- | M] () RUNDLL32.EXE-2E5AF1D7.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf -> [2009/04/13 01:48:29 | 00,021,700 | ---- | M] () RUNDLL32.EXE-3581B72F.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-3581B72F.pf -> [2009/04/16 02:09:30 | 00,065,378 | ---- | M] () RUNDLL32.EXE-3A56C977.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-3A56C977.pf -> [2009/04/16 22:00:10 | 00,013,958 | ---- | M] () RUNDLL32.EXE-4035FB61.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-4035FB61.pf -> [2009/04/16 02:09:33 | 00,036,428 | ---- | M] () RUNDLL32.EXE-43780FE3.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-43780FE3.pf -> [2009/04/16 02:09:31 | 00,030,156 | ---- | M] () RUNDLL32.EXE-451FC2C0.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf -> [2009/04/15 23:24:00 | 00,013,816 | ---- | M] () SETUP.EXE-0B559EE5.pf -> C:\WINDOWS\Prefetch\SETUP.EXE-0B559EE5.pf -> [2009/04/10 17:08:42 | 00,024,864 | ---- | M] () SETUP.EXE-1E0DD490.pf -> C:\WINDOWS\Prefetch\SETUP.EXE-1E0DD490.pf -> [2009/04/10 17:02:16 | 00,063,378 | ---- | M] () SETUP.EXE-23DFDDE4.pf -> C:\WINDOWS\Prefetch\SETUP.EXE-23DFDDE4.pf -> [2009/04/10 17:02:08 | 00,079,144 | ---- | M] () SETUP.EXE-38493EA5.pf -> C:\WINDOWS\Prefetch\SETUP.EXE-38493EA5.pf -> [2009/04/09 23:44:43 | 00,015,622 | ---- | M] () SETUPADMIN.EXE-062D002B.pf -> C:\WINDOWS\Prefetch\SETUPADMIN.EXE-062D002B.pf -> [2009/04/15 23:21:10 | 00,008,046 | ---- | M] () SETUP_WM.EXE-3135CBD6.pf -> C:\WINDOWS\Prefetch\SETUP_WM.EXE-3135CBD6.pf -> [2009/04/14 01:38:22 | 00,026,546 | ---- | M] () SHADOWGROUNDS LAUNCHER.EXE-06DA05EC.pf -> C:\WINDOWS\Prefetch\SHADOWGROUNDS LAUNCHER.EXE-06DA05EC.pf -> [2009/03/25 19:52:26 | 00,017,114 | ---- | M] () SHADOWGROUNDS.EXE-19ABB47B.pf -> C:\WINDOWS\Prefetch\SHADOWGROUNDS.EXE-19ABB47B.pf -> [2009/03/25 19:52:36 | 00,037,564 | ---- | M] () SHADOWKEEPER.EXE-17604820.pf -> C:\WINDOWS\Prefetch\SHADOWKEEPER.EXE-17604820.pf -> [2009/03/12 19:10:21 | 00,026,604 | ---- | M] () SNDVOL32.EXE-383480B7.pf -> C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf -> [2009/04/02 20:48:49 | 00,017,060 | ---- | M] () SOFTWAREUPDATE.EXE-1415D1B8.pf -> C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf -> [2009/04/15 23:34:37 | 00,054,008 | ---- | M] () SVCHOST.EXE-3530F672.pf -> C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf -> [2009/04/17 00:46:47 | 00,022,052 | ---- | M] () TASKMGR.EXE-20256C55.pf -> C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf -> [2009/04/15 22:04:03 | 00,020,368 | ---- | M] () TORMENT.EXE-056EEC02.pf -> C:\WINDOWS\Prefetch\TORMENT.EXE-056EEC02.pf -> [2009/02/27 01:01:38 | 00,016,358 | ---- | M] () UNINS000.EXE-12B5AB12.pf -> C:\WINDOWS\Prefetch\UNINS000.EXE-12B5AB12.pf -> [2009/04/10 12:38:50 | 00,018,304 | ---- | M] () UPDATER.EXE-0304833A.pf -> C:\WINDOWS\Prefetch\UPDATER.EXE-0304833A.pf -> [2009/03/30 19:42:24 | 00,036,392 | ---- | M] () UTORRENT.EXE-3888D1B0.pf -> C:\WINDOWS\Prefetch\UTORRENT.EXE-3888D1B0.pf -> [2009/04/17 00:18:53 | 00,071,256 | ---- | M] () UTT4A.TMP.EXE-3A7EB4E7.pf -> C:\WINDOWS\Prefetch\UTT4A.TMP.EXE-3A7EB4E7.pf -> [2009/03/24 13:54:38 | 00,014,740 | ---- | M] () VERCLSID.EXE-3667BD89.pf -> C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -> [2009/04/17 00:47:35 | 00,017,696 | ---- | M] () WINRAR.EXE-39C6DAD9.pf -> C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf -> [2009/04/14 02:16:20 | 00,062,422 | ---- | M] () WLLOGINPROXY.EXE-1781D844.pf -> C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-1781D844.pf -> [2009/04/17 00:06:11 | 00,042,312 | ---- | M] () WMIADAP.EXE-2DF425B2.pf -> C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf -> [2009/04/13 02:45:51 | 00,022,174 | ---- | M] () WMIPRVSE.EXE-28F301A9.pf -> C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -> [2009/04/16 23:07:55 | 00,048,632 | ---- | M] () WMPLAYER.EXE-18DDEF9C.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9C.pf -> [2009/03/30 01:18:14 | 00,075,598 | ---- | M] () WMPLAYER.EXE-18DDEFA0.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA0.pf -> [2009/04/07 01:30:24 | 00,063,110 | ---- | M] () WMPLAYER.EXE-18DDEFA2.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA2.pf -> [2009/03/10 02:30:12 | 00,058,788 | ---- | M] () WMPLAYER.EXE-18DDEFA3.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA3.pf -> [2009/04/14 02:11:57 | 00,072,550 | ---- | M] () WMPLAYER.EXE-18DDEFA4.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA4.pf -> [2009/03/28 03:50:23 | 00,042,648 | ---- | M] () WMPLAYER.EXE-18DDEFA5.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA5.pf -> [2009/04/14 02:12:12 | 00,062,430 | ---- | M] () WMPLAYER.EXE-18DDEFA6.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA6.pf -> [2009/03/30 01:18:30 | 00,091,758 | ---- | M] () WORDPAD.EXE-24533991.pf -> C:\WINDOWS\Prefetch\WORDPAD.EXE-24533991.pf -> [2009/04/10 17:28:35 | 00,032,394 | ---- | M] () WOW.EXE-02137854.pf -> C:\WINDOWS\Prefetch\WOW.EXE-02137854.pf -> [2009/04/07 15:43:37 | 00,058,738 | ---- | M] () WSCNTFY.EXE-1B24F5EB.pf -> C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf -> [2009/04/17 01:02:31 | 00,013,532 | ---- | M] () ~.EXE-2AFE4F33.pf -> C:\WINDOWS\Prefetch\~.EXE-2AFE4F33.pf -> [2009/03/29 19:29:31 | 00,012,358 | ---- | M] () < %systemroot%\system32\drivers\*.dat > < %systemroot%\Temp\bca4e2da.$$$ > < %systemroot%\Temp\ed47fa.$ > < %systemroot%\Temp\fa56d7ec.$$$ > < %systemroot%\System32\antiwpa.dll > < %PROGRAMFILES%\*crack*. > < %PROGRAMFILES%\*keygen*. > < %SYSTEMDRIVE%\*crack*. > < %SYSTEMDRIVE%\*keygen*. > < %SYSTEMDRIVE%\*.zip > < %SYSTEMDRIVE%\*.rar > < %SYSTEMDRIVE%\*.exe > C:\ -> -> [2009/04/17 01:35:36 | 00,000,000 | ---D | M] Setup-FinchNPCv3.exe -> C:\Setup-FinchNPCv3.exe -> [2008/04/09 14:39:14 | 00,495,616 | ---- | M] () < %SYSTEMDRIVE%\*.dll > < %systemroot%\*.zip > < %systemroot%\*.rar > < %systemroot%\system32\*.zip > < %systemroot%\system32\*.rar > < %PROGRAMFILES%\*.zip > < %PROGRAMFILES%\*.rar > < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*.dll > Invalid Environment Variable: DESKTOP Invalid Environment Variable: DESKTOP Invalid Environment Variable: DESKTOP < %PROGRAMFILES%\Common Files\*.* > < %PROGRAMFILES%\Common Files\*bak*. > < %systemroot%\SYSTEM32\*bak*. > 6 C:\WINDOWS\SYSTEM32\*.tmp files -> C:\WINDOWS\SYSTEM32\*.tmp -> < %PROGRAMFILES%\*bak*. > < %USERNAME%\*.zip > < %USERNAME%\*.rar > < %USERNAME%\*.exe > < %USERPROFILE%\*.zip > < %USERPROFILE%\*.rar > < %USERPROFILE%\*.exe > < %ALLUSERSPROFILE%\*.zip > < %ALLUSERSPROFILE%\*.rar > < %ALLUSERSPROFILE%\*.exe > < %APPDATA%\*.zip > < %APPDATA%\*.rar > < %APPDATA%\*.exe > Invalid Environment Variable: ALLUSERSSTARTMENU Invalid Environment Variable: ALLUSERSSTARTMENU Invalid Environment Variable: ALLUSERSSTARTMENU Invalid Environment Variable: ALLUSERSSTARTUP Invalid Environment Variable: ALLUSERSSTARTUP Invalid Environment Variable: ALLUSERSSTARTUP Invalid Environment Variable: ALLUSERSPROGRAMS Invalid Environment Variable: ALLUSERSPROGRAMS Invalid Environment Variable: ALLUSERSPROGRAMS Invalid Environment Variable: ALLUSERSAPPDATA Invalid Environment Variable: ALLUSERSAPPDATA Invalid Environment Variable: ALLUSERSAPPDATA < %APPDATA%\*.zip > < %APPDATA%\*.rar > < %APPDATA%\*.exe > Invalid Environment Variable: QUICKLAUNCH Invalid Environment Variable: QUICKLAUNCH Invalid Environment Variable: QUICKLAUNCH Invalid Environment Variable: STARTUP Invalid Environment Variable: STARTUP Invalid Environment Variable: STARTUP Invalid Environment Variable: STARTMENU Invalid Environment Variable: STARTMENU Invalid Environment Variable: STARTMENU Invalid Environment Variable: MYDOCUMENTS Invalid Environment Variable: MYDOCUMENTS Invalid Environment Variable: MYDOCUMENTS < %PROGRAMFILES%\Mozilla Firefox\plugins\*.* > C:\Program Files\Mozilla Firefox\plugins\ -> C:\Program Files\Mozilla Firefox\plugins -> [2009/03/30 19:42:31 | 00,000,000 | ---D | M] np32dsw.dll -> C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll -> [2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) npdeploytk.dll -> C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll -> [2008/10/24 00:12:03 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) npdivx32.dll -> C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll -> [2008/05/30 10:18:44 | 01,335,600 | ---- | M] (DivX,Inc.) npdivx32.xpt -> C:\Program Files\Mozilla Firefox\plugins\npdivx32.xpt -> [2008/05/30 10:18:44 | 00,001,607 | ---- | M] () npDivxPlayerPlugin.dll -> C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll -> [2008/06/03 19:27:14 | 00,098,304 | ---- | M] (DivX, Inc) npnul32.dll -> C:\Program Files\Mozilla Firefox\plugins\npnul32.dll -> [2009/03/30 19:42:27 | 00,065,528 | ---- | M] (mozilla.org) nppdf32.dll -> C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll -> [2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) npqtplugin.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll -> [2009/03/14 19:20:47 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin2.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll -> [2009/03/14 19:20:47 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin3.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll -> [2009/03/14 19:20:48 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin4.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll -> [2009/03/14 19:20:48 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin5.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll -> [2009/03/14 19:20:48 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin6.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll -> [2009/03/14 19:20:48 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin7.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll -> [2009/03/14 19:20:49 | 00,143,360 | ---- | M] (Apple Inc.) nsIDivxPlayerPlugin.xpt -> C:\Program Files\Mozilla Firefox\plugins\nsIDivxPlayerPlugin.xpt -> [2008/05/30 10:19:04 | 00,000,297 | ---- | M] () QuickTimePlugin.class -> C:\Program Files\Mozilla Firefox\plugins\QuickTimePlugin.cla -> [2009/03/14 19:20:46 | 00,004,208 | ---- | M] () ShockwavePlugin.class -> C:\Program Files\Mozilla Firefox\plugins\ShockwavePlugin.cla -> [2008/08/06 15:33:20 | 00,001,144 | ---- | M] () < %PROGRAMFILES%\Internet Explorer\*.* > C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/12/18 01:34:39 | 00,000,000 | ---D | M] custsat.dll -> C:\Program Files\Internet Explorer\custsat.dll -> [2007/08/13 18:54:10 | 00,033,792 | ---- | M] (Microsoft Corporation) hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2007/08/13 18:18:02 | 00,060,416 | ---- | M] (Microsoft Corporation) iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2007/08/13 18:44:02 | 00,069,120 | ---- | M] (Microsoft Corporation) ieproxy.dll -> C:\Program Files\Internet Explorer\ieproxy.dll -> [2007/08/13 18:54:10 | 00,287,744 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/10/15 00:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) < %PROGRAMFILES%\Mozilla Firefox\*.zip /s > < %PROGRAMFILES%\Mozilla Firefox\*.rar /s > < %PROGRAMFILES%\Mozilla Firefox\*.exe /s > C:\Program Files\Mozilla Firefox\ -> C:\Program Files\Mozilla Firefox -> [2009/04/17 01:21:08 | 00,000,000 | ---D | M] crashreporter.exe -> C:\Program Files\Mozilla Firefox\crashreporter.exe -> [2009/03/30 19:42:24 | 00,185,848 | ---- | M] (Mozilla Foundation) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/03/30 19:42:24 | 00,307,704 | ---- | M] (Mozilla Corporation) updater.exe -> C:\Program Files\Mozilla Firefox\updater.exe -> [2009/03/30 19:42:28 | 00,242,168 | ---- | M] (Mozilla Foundation) C:\Program Files\Mozilla Firefox\uninstall\ -> C:\Program Files\Mozilla Firefox\uninstall -> [2009/03/30 19:42:35 | 00,000,000 | ---D | M] helper.exe -> C:\Program Files\Mozilla Firefox\uninstall\helper.exe -> [2009/03/30 19:42:27 | 00,509,536 | ---- | M] (Mozilla Corporation) < %PROGRAMFILES%\Internet Explorer\*.zip /s > < %PROGRAMFILES%\Internet Explorer\*.rar /s > < %PROGRAMFILES%\Internet Explorer\*.exe /s > C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/12/18 01:34:39 | 00,000,000 | ---D | M] iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2007/08/13 18:44:02 | 00,069,120 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/10/15 00:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) C:\Program Files\Internet Explorer\Connection Wizard\ -> C:\Program Files\Internet Explorer\Connection Wizard -> [2007/07/06 23:46:59 | 00,000,000 | ---D | M] icwconn1.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe -> [2004/08/04 00:56:50 | 00,214,528 | ---- | M] (Microsoft Corporation) icwconn2.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe -> [2004/08/04 00:56:50 | 00,086,016 | ---- | M] (Microsoft Corporation) icwrmind.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe -> [2004/08/04 00:56:50 | 00,024,576 | ---- | M] (Microsoft Corporation) icwtutor.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe -> [2001/08/18 05:00:00 | 00,073,728 | ---- | M] (Microsoft Corporation) inetwiz.exe -> C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe -> [2004/08/04 00:56:50 | 00,020,480 | ---- | M] (Microsoft Corporation) isignup.exe -> C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe -> [2001/08/18 05:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation) < %SYSTEMDRIVE%\*.dat > < %SYSTEMDRIVE%\*.sys > C:\ -> -> [2009/04/17 01:35:36 | 00,000,000 | ---D | M] CONFIG.SYS -> C:\CONFIG.SYS -> [2007/05/16 20:44:02 | 00,000,000 | ---- | M] () IO.SYS -> C:\IO.SYS -> [2007/05/16 20:44:02 | 00,000,000 | RHS- | M] () MSDOS.SYS -> C:\MSDOS.SYS -> [2007/05/16 20:44:02 | 00,000,000 | RHS- | M] () pagefile.sys -> C:\pagefile.sys -> [2009/04/17 01:04:09 | 21,453,86496 | -HS- | M] () < %SYSTEMROOT%\*.dat > C:\WINDOWS\ -> C:\WINDOWS -> [2009/04/16 23:59:04 | 00,000,000 | ---D | M] bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/04/17 01:04:14 | 00,002,048 | --S- | M] () mozver.dat -> C:\WINDOWS\mozver.dat -> [2008/06/08 15:11:55 | 00,005,806 | ---- | M] () nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2007/05/16 21:14:37 | 00,000,000 | ---- | M] () PowerReg.dat -> C:\WINDOWS\PowerReg.dat -> [2007/09/29 15:04:50 | 00,000,000 | ---- | M] () unins000.dat -> C:\WINDOWS\unins000.dat -> [2008/12/21 17:16:04 | 00,021,427 | ---- | M] () 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> < %SYSTEMROOT%\*.sys > < %systemroot%\system32\drivers\*.exe /s > C:\WINDOWS\system32\drivers\ -> C:\WINDOWS\system32\drivers -> [2009/04/17 00:58:40 | 00,000,000 | ---D | M] maplevmd000.exe -> C:\WINDOWS\system32\drivers\maplevmd000.exe -> [2003/09/22 18:10:24 | 00,053,248 | ---- | M] ( Marble Sound) < %systemroot%\system32\drivers\*.zip /s > < %systemroot%\system32\drivers\*.rar /s > < %systemroot%\system\*.exe /s > < %systemroot%\system\*.zip /s > < %systemroot%\system\*.rar /s > < %systemroot%\AppPatch\*.exe /s > < %systemroot%\AppPatch\*.zip /s > < %systemroot%\AppPatch\*.rar /s > < %systemroot%\Cache\*.* > < %systemroot%\Downloaded Program Files\*.* > C:\WINDOWS\Downloaded Program Files\ -> C:\WINDOWS\Downloaded Program Files -> [2008/07/02 12:09:59 | 00,000,000 | --SD | M] ampAx3.0.84.2.dll -> C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll -> [2007/01/23 18:41:42 | 00,841,304 | ---- | M] () desktop.ini -> C:\WINDOWS\Downloaded Program Files\desktop.ini -> [2007/05/16 20:42:46 | 00,000,065 | -H-- | M] () dwusplay.dll -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll -> [2002/07/25 17:13:18 | 00,024,576 | ---- | M] () dwusplay.exe -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe -> [2002/07/25 17:13:12 | 00,196,608 | ---- | M] () erma.inf -> C:\WINDOWS\Downloaded Program Files\erma.inf -> [2007/03/23 12:17:32 | 00,001,292 | ---- | M] () ijjiNotify2.exe -> C:\WINDOWS\Downloaded Program Files\ijjiNotify2.exe -> [2008/01/14 15:37:14 | 00,045,056 | ---- | M] () ijjiPreNotify2.exe -> C:\WINDOWS\Downloaded Program Files\ijjiPreNotify2.exe -> [2008/01/14 15:37:20 | 00,073,728 | ---- | M] () ijjiPreStarter2.exe -> C:\WINDOWS\Downloaded Program Files\ijjiPreStarter2.exe -> [2008/01/14 15:40:14 | 00,081,920 | ---- | M] () ijjiSetup1010.dll -> C:\WINDOWS\Downloaded Program Files\ijjiSetup1010.dll -> [2008/01/16 18:28:04 | 00,118,784 | ---- | M] () ijjistarter2.exe -> C:\WINDOWS\Downloaded Program Files\ijjistarter2.exe -> [2008/01/14 15:40:30 | 00,925,696 | ---- | M] () install.log -> C:\WINDOWS\Downloaded Program Files\install.log -> [2008/03/14 14:24:40 | 00,002,890 | ---- | M] () isusweb.dll -> C:\WINDOWS\Downloaded Program Files\isusweb.dll -> [2004/08/09 05:02:38 | 00,327,680 | ---- | M] () swflash.inf -> C:\WINDOWS\Downloaded Program Files\swflash.inf -> [2007/03/27 16:00:42 | 00,005,021 | ---- | M] () unagiuninst.exe -> C:\WINDOWS\Downloaded Program Files\unagiuninst.exe -> [2008/03/14 14:24:39 | 00,038,428 | ---- | M] () wmv9dmo.inf -> C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf -> [2004/08/11 02:22:26 | 00,003,036 | ---- | M] () < %systemroot%\Fonts\*.exe /s > < %systemroot%\Fonts\*.zip /s > < %systemroot%\Fonts\*.rar /s > < %systemroot%\Fonts\*.dll /s > < %systemroot%\Help\*.exe /s > C:\WINDOWS\Help\Tours\mmTour\ -> C:\WINDOWS\Help\Tours\mmTour -> [2007/05/16 13:24:12 | 00,000,000 | ---D | M] tour.exe -> C:\WINDOWS\Help\Tours\mmTour\tour.exe -> [2001/08/18 05:00:00 | 03,374,640 | ---- | M] (Macromedia, Inc.) < %systemroot%\Help\*.zip /s > < %systemroot%\Help\*.rar /s > < %systemroot%\Tasks\*.* > C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/01/19 13:09:37 | 00,000,000 | --SD | M] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2009/04/02 19:27:07 | 00,000,284 | ---- | M] () desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2001/08/18 05:00:00 | 00,000,065 | RH-- | M] () pjxvtwsy.job -> C:\WINDOWS\Tasks\pjxvtwsy.job -> [2009/04/17 01:04:27 | 00,000,310 | ---- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/04/17 01:04:27 | 00,000,006 | -H-- | M] () Uniblue SpeedUpMyPC Nag.job -> C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job -> [2009/03/28 14:04:00 | 00,000,270 | ---- | M] () Uniblue SpeedUpMyPC.job -> C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job -> [2007/11/04 15:04:53 | 00,000,392 | ---- | M] () < %APPDATA%\*.sys > C:\Documents and Settings\Owner\Application Data\ -> C:\Documents and Settings\Owner\Application Data -> [2009/04/10 17:33:54 | 00,000,000 | -H-D | M] PnkBstrK.sys -> C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys -> [2008/04/20 03:35:02 | 00,022,328 | ---- | M] () < %systemroot%\system32\serauth1.dll > < %systemroot%\system32\serauth2.dll > < %systemroot%\system32\sysaudio.sys > < %PROGRAMFILES%\*TinyProxy*. > < %PROGRAMFILES%\Bitlord\Downloads\*.zip /s > < %PROGRAMFILES%\Bitlord\Downloads\*.rar /s > < %PROGRAMFILES%\Bitlord\Downloads\*.exe /s > < %PROGRAMFILES%\Bitlord\Downloads\*crack*. > < %PROGRAMFILES%\Bitlord\Downloads\*keygen*. > < %PROGRAMFILES%\eMule\Incoming\*.zip /s > < %PROGRAMFILES%\eMule\Incoming\*.rar /s > < %PROGRAMFILES%\eMule\Incoming\*.exe /s > < %PROGRAMFILES%\eMule\Incoming\*crack*. > < %PROGRAMFILES%\eMule\Incoming\*keygen*. > < HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/10/24 00:12:04 | 00,000,000 | ---D | M] HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/04/01 02:48:02 | 00,000,000 | ---D | M] HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/30 19:42:31 | 00,000,000 | ---D | M] < End of report > [/code]