DR/Sohanad.BM.14? what is this? I need Help pls!
Started by
zNadz
, Mar 12 2009 05:36 AM
#1
Posted 12 March 2009 - 05:36 AM
zNadz
-
- Member
-
- 4 posts
New Member
#2
Posted 12 March 2009 - 06:13 AM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Hello zNadz
Welcome to G2Go.
=====================
Welcome to G2Go.
=====================
- Download OTListIt2 to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Under the Standard Registry box change it to All.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
#3
Posted 12 March 2009 - 09:55 AM
zNadz
- Topic Starter
-
- Member
-
- 4 posts
New Member
this is what i got ... help me pls.. tnx..
OTListIt.txt
OTListIt logfile created on: 3/12/2009 11:52:03 PM - Run 7
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.48% Memory free
3.78 Gb Paging File | 3.30 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 73.30 Gb Free Space | 49.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RICK_SERVER
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe (Faronics Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP)
PRC - C:\WINDOWS\Domino.EXE (Vimicro)
PRC - C:\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
PRC - C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Caffe\Server.exe (Antamedia)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe (Faronics Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AntiVirMailService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
SRV - (AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
SRV - (antivirwebservice [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (AVEService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DF5Serv [Auto | Running]) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe (Faronics Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (DeepFrz [Boot | Running]) -- C:\WINDOWS\System32\drivers\DeepFrz.sys (Faronics Corporation)
DRV - (giveio [On_Demand | Stopped]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (irsir [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (snapman [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (tifsfilter [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (vmfilter303 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\vmfilter303.sys (Vimicro Corporation)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)
DRV - (ZSMC303 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbVM303.sys (Vimicro Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Prev SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2008/06/13 01:10:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/06/13 01:10:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\dqwjp4oe.default\extensions [2008/06/13 01:10:36 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2008/06/13 12:48:34 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2008/06/13 07:58:07 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Camfrog Toolbar) - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll (Camshare LC)
O3 - HKLM\..\Toolbar: (Camfrog Toolbar) - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll (Camshare LC)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ă¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) File not found
O4 - HKLM..\Run: [CafeClient] C:\PROGRA~1\CAFEMA~1\CafeClient.exe /normal File not found
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.EXE (Vimicro)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP)
O4 - HKCU..\Run: [Caffe-ICUpdater] C:\Program Files\Caffe\ICUpdater.exe File not found
O4 - HKCU..\Run: [Caffe-Server] C:\Program Files\Caffe\Server.exe (Antamedia)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S104.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [InternetCaffeUpdater] ICUpdater.exe File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup ()
O4 - HKCU..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\CabinetState: FullPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1212892417250 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Imikimi_activex_plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{34D74BE8-0ABF-4AA5-809D-9DFF6D85E8DC}\\NameServer = 58.69.254.4,58.69.254.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{34DC6105-39F8-4225-998B-C64886AB860D}\\NameServer = 58.69.254.4,58.69.254.7
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (RVHOST.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (password_viewer.exe) - C:\WINDOWS\password_viewer.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - C:\WINDOWS\system32\LogonDll.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\##herick_server#H\Shell - "" = AutoRun
O33 - MountPoints2\##herick_server#H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##herick_server#H\Shell\AutoRun\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\##herick_server#H\Shell\configure\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\##herick_server#H\Shell\install\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{09926e38-00c4-11de-821e-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{09926e38-00c4-11de-821e-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09926e38-00c4-11de-821e-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\kk3.bat -- File not found
O33 - MountPoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}\Shell\explore\Command - "" = E:\kk3.bat -- File not found
O33 - MountPoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}\Shell\open\Command - "" = E:\kk3.bat -- File not found
O33 - MountPoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\password_viewer.exe -- [2008/11/17 17:33:16 | 00,298,157 | RHS- | M] ()
O33 - MountPoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}\Shell\Explore\command - "" = C:\WINDOWS\password_viewer.exe -- [2008/11/17 17:33:16 | 00,298,157 | RHS- | M] ()
O33 - MountPoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}\Shell\Open\command - "" = C:\WINDOWS\password_viewer.exe -- [2008/11/17 17:33:16 | 00,298,157 | RHS- | M] ()
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\Auto\command - "" = Recycled/dllcache32.exe
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\explore\Command - "" = Recycled/dllcache32.exe
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\open\Command - "" = Recycled/dllcache32.exe
O33 - MountPoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}\Shell\Explore\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}\Shell\Open\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}\Shell\AutoPlay\Command - "" = wscript.exe ntidr.vbs
O33 - MountPoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}\Shell\AutoRun\command - "" = wscript.exe ntidr.vbs
O33 - MountPoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}\Shell\Explore\Command - "" = wscript.exe ntidr.vbs
O33 - MountPoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}\Shell\Open\Command - "" = wscript.exe ntidr.vbs
O33 - MountPoints2\{1f1fd749-ed31-11dd-81fb-00e0b0f957ac}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
O33 - MountPoints2\{1f1fd749-ed31-11dd-81fb-00e0b0f957ac}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
O33 - MountPoints2\{1f608d83-f046-11dd-81ff-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{1f608d83-f046-11dd-81ff-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f608d83-f046-11dd-81ff-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}\Shell\AutoRun\command - "" = 1u0o8bnq.cmd
O33 - MountPoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}\Shell\explore\Command - "" = 1u0o8bnq.cmd
O33 - MountPoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}\Shell\open\Command - "" = 1u0o8bnq.cmd
O33 - MountPoints2\{2ee6b7a7-f253-11dd-8202-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee6b7a7-f253-11dd-8202-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ee6b7a7-f253-11dd-8202-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{2ee6b7b7-f253-11dd-8202-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee6b7b7-f253-11dd-8202-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ee6b7b7-f253-11dd-8202-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{332fc156-03ed-11de-8224-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{332fc156-03ed-11de-8224-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{332fc156-03ed-11de-8224-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}\Shell\autoplAy\coMMand - "" = E:\kvogm.exe -- File not found
O33 - MountPoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\kvogm.exe -- File not found
O33 - MountPoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}\Shell\Explore\comMANd - "" = E:\kvogm.exe -- File not found
O33 - MountPoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}\Shell\opeN\CoMmaNd - "" = E:\kvogm.exe -- File not found
O33 - MountPoints2\{36473822-6a1b-11dd-b085-806d6172696f}\Shell\AutoRun\command - "" = D:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473822-6a1b-11dd-b085-806d6172696f}\Shell\explore\Command - "" = D:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473822-6a1b-11dd-b085-806d6172696f}\Shell\open\Command - "" = D:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473823-6a1b-11dd-b085-806d6172696f}\Shell\AutoRun\command - "" = E:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473823-6a1b-11dd-b085-806d6172696f}\Shell\explore\Command - "" = E:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473823-6a1b-11dd-b085-806d6172696f}\Shell\open\Command - "" = E:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{477bb646-e04e-11dd-81dd-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\winlogon.exe -- File not found
O33 - MountPoints2\{47b1e782-b387-11dd-8199-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\.System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe -- File not found
O33 - MountPoints2\{47b1e782-b387-11dd-8199-00e0b0f957ac}\Shell\open\command - "" = E:\.System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe -- File not found
O33 - MountPoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{4ee969d9-c8ba-11dd-81be-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{4ee969d9-c8ba-11dd-81be-00e0b0f957ac}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{509a3212-f0d3-11dd-8200-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{509a3212-f0d3-11dd-8200-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{509a3212-f0d3-11dd-8200-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}\Shell\AutoRun\command - "" = H:\Install.exe -- File not found
O33 - MountPoints2\{563c95d9-f71d-11dd-820b-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{563c95d9-f71d-11dd-820b-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{563c95d9-f71d-11dd-820b-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{56e27cf6-fb23-11dd-8213-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{56e27cf6-fb23-11dd-8213-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{56e27cf6-fb23-11dd-8213-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{57eaa3c8-fe28-11dd-821b-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{57eaa3c8-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57eaa3c8-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{57eaa3d3-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\2fiy.bat -- File not found
O33 - MountPoints2\{57eaa3d3-fe28-11dd-821b-00e0b0f957ac}\Shell\open\Command - "" = E:\2fiy.bat -- File not found
O33 - MountPoints2\{57eaa3d4-fe28-11dd-821b-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{57eaa3d4-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57eaa3d4-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{57eaa3d5-fe28-11dd-821b-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{57eaa3d5-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57eaa3d5-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{73d6902f-09ef-11de-8230-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{73d6902f-09ef-11de-8230-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73d6902f-09ef-11de-8230-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{7526797e-dba1-11dd-81d6-00e0b0f957ac}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{7526797e-dba1-11dd-81d6-00e0b0f957ac}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{7da315e3-df84-11dd-81dc-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe -- File not found
O33 - MountPoints2\{7da315e3-df84-11dd-81dc-00e0b0f957ac}\Shell\open\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe -- File not found
O33 - MountPoints2\{7da315e4-df84-11dd-81dc-00e0b0f957ac}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found
O33 - MountPoints2\{7f4cb465-0268-11de-8220-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{7f4cb465-0268-11de-8220-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f4cb465-0268-11de-8220-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}\Shell\explore\Command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}\Shell\open\Command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{8a0dcf7b-f8fa-11dd-820d-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{8a0dcf7b-f8fa-11dd-820d-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a0dcf7b-f8fa-11dd-820d-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8abae87e-becc-11dd-81ae-00e0b0f957ac}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{8abae87e-becc-11dd-81ae-00e0b0f957ac}\Shell\Open\Command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{8bb81788-c71b-11dd-81bb-00e0b0f957ac}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
O33 - MountPoints2\{8bb81788-c71b-11dd-81bb-00e0b0f957ac}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
O33 - MountPoints2\{8bb81789-c71b-11dd-81bb-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe -- File not found
O33 - MountPoints2\{8bb81789-c71b-11dd-81bb-00e0b0f957ac}\Shell\open\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe -- File not found
O33 - MountPoints2\{8f89d6d6-0342-11de-8221-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{8f89d6d6-0342-11de-8221-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f89d6d6-0342-11de-8221-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{922a05e5-ec65-11dd-81fa-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{922a05e5-ec65-11dd-81fa-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{922a05e5-ec65-11dd-81fa-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{930c6698-03a1-11de-8222-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{930c6698-03a1-11de-8222-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{930c6698-03a1-11de-8222-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{98ea3c3e-f18b-11dd-8201-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{98ea3c3e-f18b-11dd-8201-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ea3c3e-f18b-11dd-8201-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{98ea3c43-f18b-11dd-8201-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{98ea3c43-f18b-11dd-8201-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ea3c43-f18b-11dd-8201-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\no.com -- File not found
O33 - MountPoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}\Shell\explore\Command - "" = E:\no.com -- File not found
O33 - MountPoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}\Shell\open\Command - "" = E:\no.com -- File not found
O33 - MountPoints2\{9b85e921-097d-11de-822f-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{9b85e921-097d-11de-822f-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b85e921-097d-11de-822f-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{a52b1e8c-ddf1-11dd-81da-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{a52b1e8c-ddf1-11dd-81da-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a52b1e8c-ddf1-11dd-81da-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{ba1d3903-e4ec-11dd-81e8-00e0b0f957ac}\Shell\explore\Command - "" = E:\boot.exe -- File not found
O33 - MountPoints2\{ba1d3903-e4ec-11dd-81e8-00e0b0f957ac}\Shell\open\Command - "" = E:\boot.exe -- File not found
O33 - MountPoints2\{c61534db-eb8b-11dd-81f9-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{c61534db-eb8b-11dd-81f9-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c61534db-eb8b-11dd-81f9-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{c61534dc-eb8b-11dd-81f9-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{c61534dc-eb8b-11dd-81f9-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c61534dc-eb8b-11dd-81f9-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{cb00885a-e769-11dd-81f3-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe -- File not found
O33 - MountPoints2\{cb00885a-e769-11dd-81f3-00e0b0f957ac}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe -- File not found
O33 - MountPoints2\{d10dfa20-b05f-11dd-8195-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe -- File not found
O33 - MountPoints2\{d10dfa20-b05f-11dd-8195-00e0b0f957ac}\Shell\open\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe -- File not found
O33 - MountPoints2\{d73e907d-ca93-11dd-81c0-00e0b0f957ac}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{d73e907d-ca93-11dd-81c0-00e0b0f957ac}\Shell\Open\Command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{e0ec3df8-e822-11dd-81f4-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e0ec3df8-e822-11dd-81f4-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e0ec3df8-e822-11dd-81f4-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e0ff0890-0170-11de-821f-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e0ff0890-0170-11de-821f-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e0ff0890-0170-11de-821f-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}\Shell\explore\Command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}\Shell\open\Command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}\Shell\Explore\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}\Shell\Open\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{f1a41061-e174-11dd-81df-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whatuulikelol.exe -- File not found
O33 - MountPoints2\{f1a41061-e174-11dd-81df-00e0b0f957ac}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whatuulikelol.exe -- File not found
O33 - MountPoints2\{f8a47032-07ba-11de-822d-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f8a47032-07ba-11de-822d-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f8a47032-07ba-11de-822d-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{f8a47035-07ba-11de-822d-00e0b0f957ac}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{f8a47035-07ba-11de-822d-00e0b0f957ac}\Shell\Open\Command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{feb32034-dc53-11dd-81d8-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{feb32034-dc53-11dd-81d8-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{feb32034-dc53-11dd-81d8-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2 C:\*.tmp files]
[2009/03/12 20:31:59 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTListIt2.exe
[2009/03/11 22:55:45 | 00,298,157 | RHS- | C] () -- C:\WINDOWS\password_viewer.exe
[2009/03/11 17:37:26 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Book1.xls
[2009/03/11 13:42:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/03/11 12:33:51 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SSC Service Utility.lnk
[2009/03/11 12:33:51 | 00,000,000 | ---D | C] -- C:\Program Files\SSC Service Utility
[2009/03/11 11:48:07 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/03/11 11:44:32 | 00,990,876 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sscserve.exe
[2009/03/11 03:00:33 | 00,000,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Loader.lnk
[2009/03/11 02:01:54 | 03,105,530 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009/03/09 23:18:05 | 00,009,264 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2009/03/09 23:18:05 | 00,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/03/08 15:41:25 | 00,000,162 | -H-- | C] () -- C:\~$nus That can be prepared in different Patient.docx
[2009/03/06 22:06:48 | 00,359,068 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc5.docx
[2009/03/06 21:46:07 | 00,338,127 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GUARDIAN TRARPO.jpg
[2009/03/03 21:59:54 | 00,007,030 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\sunog ito, shanica.nra
[2009/03/02 17:28:27 | 00,145,725 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc4.docx
[2009/03/02 17:24:23 | 00,075,281 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\picture.docx
[2009/03/02 01:04:32 | 00,006,775 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\burn ito.nra
[2009/03/01 15:34:11 | 00,000,162 | -H-- | C] () -- C:\~$abeg22.docx
[2009/02/28 19:56:52 | 00,012,394 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\diane.docx
[2009/02/28 00:05:19 | 00,023,898 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc3.docx
[2009/02/26 21:47:25 | 00,000,000 | ---D | C] -- C:\Program Files\Imikimi
[2009/02/26 19:58:45 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\JENEPHER LOBATON ORTEGA.doc
[2009/02/26 19:21:48 | 00,000,162 | -H-- | C] () -- C:\~$ring Basa.docx
[2009/02/26 19:21:39 | 00,000,162 | -H-- | C] () -- C:\~$Ina.docx
[2009/02/24 20:22:30 | 00,441,702 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc2.docx
[2009/02/23 14:11:59 | 00,011,643 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.docx
[2009/02/22 19:22:37 | 00,084,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mary lisa.doc
[2009/02/22 18:45:42 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vash...doc
[2009/02/22 16:13:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2009/02/20 14:01:46 | 00,098,816 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\resume.doc
[2009/02/20 11:00:45 | 00,011,180 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Ordered Pc..docx
[2009/02/16 20:46:58 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\JonathanFelix.doc
[2009/02/14 15:57:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/02/14 13:06:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RohanScreenShot
[2009/02/13 14:03:49 | 00,000,000 | ---D | C] -- C:\attachments_2009_02_130
[2009/02/13 14:01:32 | 01,478,486 | ---- | C] () -- C:\attachments_2009_02_130.zip
[2009/02/13 11:23:34 | 01,478,486 | ---- | C] () -- C:\attachments_2009_02_13....zip
[2009/02/13 10:38:52 | 01,478,486 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13...zip
[2009/02/13 10:37:40 | 01,507,680 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Hi.docx
[2009/02/13 10:10:45 | 01,395,843 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13..zip
[2009/02/13 10:09:36 | 00,397,387 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13.zip
[2009/02/12 19:44:44 | 00,010,482 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Phenom X3 8650.docx
[2009/02/11 21:41:13 | 00,015,258 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BENEDICT GARCIA RACINES.docx
========== Files - Modified Within 30 Days ==========
[2 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/03/12 21:36:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/12 21:36:56 | 00,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/03/12 15:36:29 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2009/03/12 09:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/03/11 17:37:26 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Book1.xls
[2009/03/11 13:24:41 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2009/03/11 12:33:51 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SSC Service Utility.lnk
[2009/03/11 11:48:07 | 00,005,248 | ---- | M] () -- C:\WINDOWS\System32\giveio.sys
[2009/03/11 11:44:45 | 00,990,876 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sscserve.exe
[2009/03/11 10:31:58 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/03/11 03:00:33 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Loader.lnk
[2009/03/10 09:03:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/09 23:18:08 | 00,009,264 | RHS- | M] () -- C:\WINDOWS\System32\setting.ini
[2009/03/08 15:41:25 | 00,000,162 | -H-- | M] () -- C:\~$nus That can be prepared in different Patient.docx
[2009/03/06 22:06:49 | 00,359,068 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc5.docx
[2009/03/06 21:46:08 | 00,338,127 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GUARDIAN TRARPO.jpg
[2009/03/06 17:15:00 | 00,000,392 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/03/03 21:59:54 | 00,007,030 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\sunog ito, shanica.nra
[2009/03/02 17:28:27 | 00,145,725 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc4.docx
[2009/03/02 17:24:23 | 00,075,281 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\picture.docx
[2009/03/02 01:04:32 | 00,006,775 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\burn ito.nra
[2009/03/01 15:34:11 | 00,000,162 | -H-- | M] () -- C:\~$abeg22.docx
[2009/02/28 19:56:52 | 00,012,394 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\diane.docx
[2009/02/28 00:05:19 | 00,023,898 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc3.docx
[2009/02/27 13:28:55 | 00,029,224 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Calling Card.docx
[2009/02/26 20:37:02 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\JENEPHER LOBATON ORTEGA.doc
[2009/02/26 20:21:23 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mary lisa.doc
[2009/02/26 19:21:48 | 00,000,162 | -H-- | M] () -- C:\~$ring Basa.docx
[2009/02/26 19:21:39 | 00,000,162 | -H-- | M] () -- C:\~$Ina.docx
[2009/02/24 20:22:30 | 00,441,702 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc2.docx
[2009/02/23 20:44:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/23 20:44:30 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/23 18:11:57 | 00,011,180 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Ordered Pc..docx
[2009/02/23 14:12:00 | 00,011,643 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.docx
[2009/02/23 05:22:00 | 03,105,530 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009/02/22 18:45:44 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vash...doc
[2009/02/20 14:01:47 | 00,098,816 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\resume.doc
[2009/02/16 20:46:58 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\JonathanFelix.doc
[2009/02/13 14:01:38 | 01,478,486 | ---- | M] () -- C:\attachments_2009_02_130.zip
[2009/02/13 11:23:36 | 01,478,486 | ---- | M] () -- C:\attachments_2009_02_13....zip
[2009/02/13 10:38:54 | 01,478,486 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13...zip
[2009/02/13 10:37:40 | 01,507,680 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hi.docx
[2009/02/13 10:10:47 | 01,395,843 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13..zip
[2009/02/13 10:09:39 | 00,397,387 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13.zip
[2009/02/12 19:44:44 | 00,010,482 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Phenom X3 8650.docx
[2009/02/12 08:25:52 | 00,015,258 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BENEDICT GARCIA RACINES.docx
========== LOP Check ==========
[2009/03/11 13:42:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/06/13 15:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/12/20 22:02:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2008/11/08 00:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
[2008/06/13 18:31:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ATI
[2009/02/22 16:13:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2008/06/13 01:50:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Camfrog
[2008/06/14 20:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CamfrogBar
[2008/11/08 00:07:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2008/06/08 18:08:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
[2008/06/08 00:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/06/08 00:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2008/11/05 11:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2009/03/12 21:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2008/06/08 17:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/02/26 08:55:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/06/11 11:53:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mIRC
[2008/06/13 01:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008/11/05 11:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2008/11/05 12:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star
[2008/06/13 07:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2008/11/05 17:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2008/12/25 08:57:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/06/13 06:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008/12/10 09:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
[2008/06/10 16:01:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft
[2008/09/16 01:19:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\USBSafelyRemove
[2009/03/11 13:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2008/06/08 14:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2008/06/11 11:14:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2009/02/14 15:57:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/06/13 11:45:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/01/06 19:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/11/05 11:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/09/04 12:55:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/10/10 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/11/05 17:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/06/11 11:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/11 10:31:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/01/18 21:21:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/06/13 07:58:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/11/05 11:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/11/05 11:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/02/14 15:57:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/06/13 06:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/06/10 15:46:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/06/08 10:42:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/06/08 17:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/06/11 05:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/06/11 11:06:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/06 17:15:00 | 00,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/03/12 09:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2001/08/23 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/12 21:36:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\My Documents\Thumbs.db:encryptable
< End of report >
OTListItExtras.txt
OTListIt Extras logfile created on: 3/12/2009 11:52:03 PM - Run 7
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.48% Memory free
3.78 Gb Paging File | 3.30 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 73.30 Gb Free Space | 49.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RICK_SERVER
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.DLL (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\system32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ ()
C:\Program Files\CafeManila\CafeClient.exe:*:Enabled:CafeClient File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{14298AFE-9001-9CFB-595E-38BB3DCB25D3}" = ccc-utility
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1BA6EE26-3358-B634-FD05-D07C964EE944}" = Skins
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{216A729A-1E12-4483-BE80-4CAAF8B540AD}" = VideoCAM NB 300
"{24AEE00B-90C1-4254-8D1E-53CDBAE2187C}" = Zero Hour Reborn The Last Stand
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{4F55E486-4EDE-A879-B6CC-0B07DD475540}" = Catalyst Control Center Graphics Light
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{746E4937-CC0E-C8A2-CEF3-41774D227847}" = Catalyst Control Center Graphics Full Existing
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{80A1F948-2D8E-7C25-87AA-6D8294334A5D}" = Catalyst Control Center Core Implementation
"{838BC0FB-4F8F-47B9-847F-06AE4CCE4181}" = Manual CanoScan LiDE 25
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A50284B-6426-2FDF-48BD-0895482344E8}" = CCC Help English
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Special Force
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{A40FBD4C-BDF3-49BC-A231-36686D3D766C}" = WarRock
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B93F0E87-FBDB-097E-5DCA-FF99110F26E0}" = Catalyst Control Center Graphics Previews Common
"{C04ED833-89A3-BC13-BAE3-96FDD56933F9}" = Catalyst Control Center Graphics Full New
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CDC31D08-9789-2554-2670-C33BC49F0DD3}" = ccc-core-static
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{DC65F64E-025D-4DF0-BD98-FE79828C3D8A}_is1" = Xtreme-G Catalyst 8.5 XP 32bit
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FE2881D8-236B-6B25-2C5A-74CFB00F2756}" = ccc-core-preinstall
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"ATI Display Driver" = ATI Display Driver
"Audition" = Audition 0.1.2.0
"Bejeweled Twist" = Bejeweled Twist (remove only)
"CABAL Online (PH)" = CABAL Online (PH) 1.0
"Camfrog 3.92" = Camfrog Video Chat 3.92 (remove only)
"CamfrogBar" = Camfrog IE Toolbar 1.0.29
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Chikka Messenger V4" = Chikka Messenger V4
"CrazyKart" = CrazyKart
"DriftCity" = Drift City
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"FreeStyle OnlineLimited Open Beta" = FreeStyle Online
"Half-Life" = Half-Life
"HighStreet 5_is1" = HighStreet 5 - 0.14 - PH
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LimeWire" = LimeWire 4.18.8
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyRO Complete Package" = MyRO Complete Package
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"O2Jam_ph" = O2Jam_PH
"POD-Bot 2.5" = POD-Bot 2.5
"RanOnline" = Ran Online
"Sierra Utilities" = Sierra Utilities
"SSC Service Utility_is1" = SSC Service Utility v4.30
"USB Safely Remove_is1" = USB Safely Remove 4.0 beta 4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! ¤u¨ă¦C
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Internet Caffe" = Antamedia Internet Caffe
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/9/2009 9:15:03 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/10/2009 10:48:23 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application VanRO.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/11/2009 8:33:32 AM | Computer Name = RICK_SERVER | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 8.1.0.421, faulting module
yvoicesm.dll, version 1.0.201.1, fault address 0x0007485d.
Error - 3/11/2009 10:55:32 AM | Computer Name = RICK_SERVER | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module indiv01.key, version 11.0.6000.6324, fault address 0x000f91da.
Error - 3/12/2009 8:35:31 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/12/2009 10:13:23 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/12/2009 11:48:43 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ Application Events ]
Error - 3/9/2009 9:15:03 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/10/2009 10:48:23 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application VanRO.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/11/2009 8:33:32 AM | Computer Name = RICK_SERVER | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 8.1.0.421, faulting module
yvoicesm.dll, version 1.0.201.1, fault address 0x0007485d.
Error - 3/11/2009 10:55:32 AM | Computer Name = RICK_SERVER | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module indiv01.key, version 11.0.6000.6324, fault address 0x000f91da.
Error - 3/12/2009 8:35:31 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/12/2009 10:13:23 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/12/2009 11:48:43 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 12/23/2008 11:21:21 AM | Computer Name = RICK_SERVER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 72
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/11/2009 10:50:55 PM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Center Update service terminated with the following error: %%1114
Error - 3/11/2009 10:50:55 PM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Microsoft Shell service terminated with the following error: %%1114
Error - 3/12/2009 3:13:21 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 3/12/2009 3:13:21 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Config Server service terminated with the following error: %%1114
Error - 3/12/2009 3:13:21 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Center Update service terminated with the following error: %%127
Error - 3/12/2009 3:13:21 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Microsoft Shell service terminated with the following error: %%1114
Error - 3/12/2009 9:37:47 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 3/12/2009 9:37:47 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Config Server service terminated with the following error: %%127
Error - 3/12/2009 9:37:47 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Center Update service terminated with the following error: %%1114
Error - 3/12/2009 9:37:47 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Microsoft Shell service terminated with the following error: %%1114
< End of report >
OTListIt.txt
OTListIt logfile created on: 3/12/2009 11:52:03 PM - Run 7
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.48% Memory free
3.78 Gb Paging File | 3.30 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 73.30 Gb Free Space | 49.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RICK_SERVER
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe (Faronics Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP)
PRC - C:\WINDOWS\Domino.EXE (Vimicro)
PRC - C:\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
PRC - C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Caffe\Server.exe (Antamedia)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe (Faronics Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AntiVirMailService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
SRV - (AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
SRV - (antivirwebservice [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (AVEService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DF5Serv [Auto | Running]) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe (Faronics Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (DeepFrz [Boot | Running]) -- C:\WINDOWS\System32\drivers\DeepFrz.sys (Faronics Corporation)
DRV - (giveio [On_Demand | Stopped]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (irsir [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (snapman [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (tifsfilter [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (vmfilter303 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\vmfilter303.sys (Vimicro Corporation)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)
DRV - (ZSMC303 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbVM303.sys (Vimicro Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Prev SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2008/06/13 01:10:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/06/13 01:10:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\dqwjp4oe.default\extensions [2008/06/13 01:10:36 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2008/06/13 12:48:34 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2008/06/13 07:58:07 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Camfrog Toolbar) - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll (Camshare LC)
O3 - HKLM\..\Toolbar: (Camfrog Toolbar) - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll (Camshare LC)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ă¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) File not found
O4 - HKLM..\Run: [CafeClient] C:\PROGRA~1\CAFEMA~1\CafeClient.exe /normal File not found
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.EXE (Vimicro)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP)
O4 - HKCU..\Run: [Caffe-ICUpdater] C:\Program Files\Caffe\ICUpdater.exe File not found
O4 - HKCU..\Run: [Caffe-Server] C:\Program Files\Caffe\Server.exe (Antamedia)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S104.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [InternetCaffeUpdater] ICUpdater.exe File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup ()
O4 - HKCU..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\CabinetState: FullPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1212892417250 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Imikimi_activex_plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{34D74BE8-0ABF-4AA5-809D-9DFF6D85E8DC}\\NameServer = 58.69.254.4,58.69.254.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{34DC6105-39F8-4225-998B-C64886AB860D}\\NameServer = 58.69.254.4,58.69.254.7
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (RVHOST.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (password_viewer.exe) - C:\WINDOWS\password_viewer.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - C:\WINDOWS\system32\LogonDll.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\##herick_server#H\Shell - "" = AutoRun
O33 - MountPoints2\##herick_server#H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##herick_server#H\Shell\AutoRun\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\##herick_server#H\Shell\configure\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\##herick_server#H\Shell\install\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{09926e38-00c4-11de-821e-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{09926e38-00c4-11de-821e-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09926e38-00c4-11de-821e-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\kk3.bat -- File not found
O33 - MountPoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}\Shell\explore\Command - "" = E:\kk3.bat -- File not found
O33 - MountPoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}\Shell\open\Command - "" = E:\kk3.bat -- File not found
O33 - MountPoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\password_viewer.exe -- [2008/11/17 17:33:16 | 00,298,157 | RHS- | M] ()
O33 - MountPoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}\Shell\Explore\command - "" = C:\WINDOWS\password_viewer.exe -- [2008/11/17 17:33:16 | 00,298,157 | RHS- | M] ()
O33 - MountPoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}\Shell\Open\command - "" = C:\WINDOWS\password_viewer.exe -- [2008/11/17 17:33:16 | 00,298,157 | RHS- | M] ()
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\Auto\command - "" = Recycled/dllcache32.exe
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\explore\Command - "" = Recycled/dllcache32.exe
O33 - MountPoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}\Shell\open\Command - "" = Recycled/dllcache32.exe
O33 - MountPoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}\Shell\Explore\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}\Shell\Open\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}\Shell\AutoPlay\Command - "" = wscript.exe ntidr.vbs
O33 - MountPoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}\Shell\AutoRun\command - "" = wscript.exe ntidr.vbs
O33 - MountPoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}\Shell\Explore\Command - "" = wscript.exe ntidr.vbs
O33 - MountPoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}\Shell\Open\Command - "" = wscript.exe ntidr.vbs
O33 - MountPoints2\{1f1fd749-ed31-11dd-81fb-00e0b0f957ac}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
O33 - MountPoints2\{1f1fd749-ed31-11dd-81fb-00e0b0f957ac}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
O33 - MountPoints2\{1f608d83-f046-11dd-81ff-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{1f608d83-f046-11dd-81ff-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f608d83-f046-11dd-81ff-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}\Shell\AutoRun\command - "" = 1u0o8bnq.cmd
O33 - MountPoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}\Shell\explore\Command - "" = 1u0o8bnq.cmd
O33 - MountPoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}\Shell\open\Command - "" = 1u0o8bnq.cmd
O33 - MountPoints2\{2ee6b7a7-f253-11dd-8202-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee6b7a7-f253-11dd-8202-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ee6b7a7-f253-11dd-8202-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{2ee6b7b7-f253-11dd-8202-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee6b7b7-f253-11dd-8202-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ee6b7b7-f253-11dd-8202-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{332fc156-03ed-11de-8224-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{332fc156-03ed-11de-8224-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{332fc156-03ed-11de-8224-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}\Shell\autoplAy\coMMand - "" = E:\kvogm.exe -- File not found
O33 - MountPoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\kvogm.exe -- File not found
O33 - MountPoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}\Shell\Explore\comMANd - "" = E:\kvogm.exe -- File not found
O33 - MountPoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}\Shell\opeN\CoMmaNd - "" = E:\kvogm.exe -- File not found
O33 - MountPoints2\{36473822-6a1b-11dd-b085-806d6172696f}\Shell\AutoRun\command - "" = D:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473822-6a1b-11dd-b085-806d6172696f}\Shell\explore\Command - "" = D:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473822-6a1b-11dd-b085-806d6172696f}\Shell\open\Command - "" = D:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473823-6a1b-11dd-b085-806d6172696f}\Shell\AutoRun\command - "" = E:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473823-6a1b-11dd-b085-806d6172696f}\Shell\explore\Command - "" = E:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{36473823-6a1b-11dd-b085-806d6172696f}\Shell\open\Command - "" = E:\kn6jhgc.cmd -- File not found
O33 - MountPoints2\{477bb646-e04e-11dd-81dd-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\winlogon.exe -- File not found
O33 - MountPoints2\{47b1e782-b387-11dd-8199-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\.System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe -- File not found
O33 - MountPoints2\{47b1e782-b387-11dd-8199-00e0b0f957ac}\Shell\open\command - "" = E:\.System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe -- File not found
O33 - MountPoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{4ee969d9-c8ba-11dd-81be-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{4ee969d9-c8ba-11dd-81be-00e0b0f957ac}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{509a3212-f0d3-11dd-8200-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{509a3212-f0d3-11dd-8200-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{509a3212-f0d3-11dd-8200-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}\Shell\AutoRun\command - "" = H:\Install.exe -- File not found
O33 - MountPoints2\{563c95d9-f71d-11dd-820b-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{563c95d9-f71d-11dd-820b-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{563c95d9-f71d-11dd-820b-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{56e27cf6-fb23-11dd-8213-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{56e27cf6-fb23-11dd-8213-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{56e27cf6-fb23-11dd-8213-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{57eaa3c8-fe28-11dd-821b-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{57eaa3c8-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57eaa3c8-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{57eaa3d3-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\2fiy.bat -- File not found
O33 - MountPoints2\{57eaa3d3-fe28-11dd-821b-00e0b0f957ac}\Shell\open\Command - "" = E:\2fiy.bat -- File not found
O33 - MountPoints2\{57eaa3d4-fe28-11dd-821b-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{57eaa3d4-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57eaa3d4-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{57eaa3d5-fe28-11dd-821b-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{57eaa3d5-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57eaa3d5-fe28-11dd-821b-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{73d6902f-09ef-11de-8230-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{73d6902f-09ef-11de-8230-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73d6902f-09ef-11de-8230-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{7526797e-dba1-11dd-81d6-00e0b0f957ac}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{7526797e-dba1-11dd-81d6-00e0b0f957ac}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{7da315e3-df84-11dd-81dc-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe -- File not found
O33 - MountPoints2\{7da315e3-df84-11dd-81dc-00e0b0f957ac}\Shell\open\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe -- File not found
O33 - MountPoints2\{7da315e4-df84-11dd-81dc-00e0b0f957ac}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found
O33 - MountPoints2\{7f4cb465-0268-11de-8220-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{7f4cb465-0268-11de-8220-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f4cb465-0268-11de-8220-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}\Shell\explore\Command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}\Shell\open\Command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{8a0dcf7b-f8fa-11dd-820d-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{8a0dcf7b-f8fa-11dd-820d-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a0dcf7b-f8fa-11dd-820d-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8abae87e-becc-11dd-81ae-00e0b0f957ac}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{8abae87e-becc-11dd-81ae-00e0b0f957ac}\Shell\Open\Command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{8bb81788-c71b-11dd-81bb-00e0b0f957ac}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
O33 - MountPoints2\{8bb81788-c71b-11dd-81bb-00e0b0f957ac}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
O33 - MountPoints2\{8bb81789-c71b-11dd-81bb-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe -- File not found
O33 - MountPoints2\{8bb81789-c71b-11dd-81bb-00e0b0f957ac}\Shell\open\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe -- File not found
O33 - MountPoints2\{8f89d6d6-0342-11de-8221-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{8f89d6d6-0342-11de-8221-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f89d6d6-0342-11de-8221-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{922a05e5-ec65-11dd-81fa-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{922a05e5-ec65-11dd-81fa-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{922a05e5-ec65-11dd-81fa-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{930c6698-03a1-11de-8222-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{930c6698-03a1-11de-8222-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{930c6698-03a1-11de-8222-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{98ea3c3e-f18b-11dd-8201-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{98ea3c3e-f18b-11dd-8201-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ea3c3e-f18b-11dd-8201-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{98ea3c43-f18b-11dd-8201-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{98ea3c43-f18b-11dd-8201-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ea3c43-f18b-11dd-8201-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\no.com -- File not found
O33 - MountPoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}\Shell\explore\Command - "" = E:\no.com -- File not found
O33 - MountPoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}\Shell\open\Command - "" = E:\no.com -- File not found
O33 - MountPoints2\{9b85e921-097d-11de-822f-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{9b85e921-097d-11de-822f-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b85e921-097d-11de-822f-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{a52b1e8c-ddf1-11dd-81da-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{a52b1e8c-ddf1-11dd-81da-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a52b1e8c-ddf1-11dd-81da-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{ba1d3903-e4ec-11dd-81e8-00e0b0f957ac}\Shell\explore\Command - "" = E:\boot.exe -- File not found
O33 - MountPoints2\{ba1d3903-e4ec-11dd-81e8-00e0b0f957ac}\Shell\open\Command - "" = E:\boot.exe -- File not found
O33 - MountPoints2\{c61534db-eb8b-11dd-81f9-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{c61534db-eb8b-11dd-81f9-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c61534db-eb8b-11dd-81f9-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{c61534dc-eb8b-11dd-81f9-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{c61534dc-eb8b-11dd-81f9-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c61534dc-eb8b-11dd-81f9-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{cb00885a-e769-11dd-81f3-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe -- File not found
O33 - MountPoints2\{cb00885a-e769-11dd-81f3-00e0b0f957ac}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe -- File not found
O33 - MountPoints2\{d10dfa20-b05f-11dd-8195-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe -- File not found
O33 - MountPoints2\{d10dfa20-b05f-11dd-8195-00e0b0f957ac}\Shell\open\command - "" = E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe -- File not found
O33 - MountPoints2\{d73e907d-ca93-11dd-81c0-00e0b0f957ac}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{d73e907d-ca93-11dd-81c0-00e0b0f957ac}\Shell\Open\Command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{e0ec3df8-e822-11dd-81f4-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e0ec3df8-e822-11dd-81f4-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e0ec3df8-e822-11dd-81f4-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e0ff0890-0170-11de-821f-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e0ff0890-0170-11de-821f-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e0ff0890-0170-11de-821f-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}\Shell\explore\Command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}\Shell\open\Command - "" = E:\r.bat -- File not found
O33 - MountPoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}\Shell\Explore\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}\Shell\Open\command - "" = E:\password_viewer.exe -- File not found
O33 - MountPoints2\{f1a41061-e174-11dd-81df-00e0b0f957ac}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whatuulikelol.exe -- File not found
O33 - MountPoints2\{f1a41061-e174-11dd-81df-00e0b0f957ac}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whatuulikelol.exe -- File not found
O33 - MountPoints2\{f8a47032-07ba-11de-822d-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{f8a47032-07ba-11de-822d-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f8a47032-07ba-11de-822d-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{f8a47035-07ba-11de-822d-00e0b0f957ac}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{f8a47035-07ba-11de-822d-00e0b0f957ac}\Shell\Open\Command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{feb32034-dc53-11dd-81d8-00e0b0f957ac}\Shell - "" = AutoRun
O33 - MountPoints2\{feb32034-dc53-11dd-81d8-00e0b0f957ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{feb32034-dc53-11dd-81d8-00e0b0f957ac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2004/08/04 06:56:46 | 08,384,000 | ---- | M] (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2 C:\*.tmp files]
[2009/03/12 20:31:59 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTListIt2.exe
[2009/03/11 22:55:45 | 00,298,157 | RHS- | C] () -- C:\WINDOWS\password_viewer.exe
[2009/03/11 17:37:26 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Book1.xls
[2009/03/11 13:42:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/03/11 12:33:51 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SSC Service Utility.lnk
[2009/03/11 12:33:51 | 00,000,000 | ---D | C] -- C:\Program Files\SSC Service Utility
[2009/03/11 11:48:07 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/03/11 11:44:32 | 00,990,876 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sscserve.exe
[2009/03/11 03:00:33 | 00,000,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Loader.lnk
[2009/03/11 02:01:54 | 03,105,530 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009/03/09 23:18:05 | 00,009,264 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2009/03/09 23:18:05 | 00,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/03/08 15:41:25 | 00,000,162 | -H-- | C] () -- C:\~$nus That can be prepared in different Patient.docx
[2009/03/06 22:06:48 | 00,359,068 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc5.docx
[2009/03/06 21:46:07 | 00,338,127 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GUARDIAN TRARPO.jpg
[2009/03/03 21:59:54 | 00,007,030 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\sunog ito, shanica.nra
[2009/03/02 17:28:27 | 00,145,725 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc4.docx
[2009/03/02 17:24:23 | 00,075,281 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\picture.docx
[2009/03/02 01:04:32 | 00,006,775 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\burn ito.nra
[2009/03/01 15:34:11 | 00,000,162 | -H-- | C] () -- C:\~$abeg22.docx
[2009/02/28 19:56:52 | 00,012,394 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\diane.docx
[2009/02/28 00:05:19 | 00,023,898 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc3.docx
[2009/02/26 21:47:25 | 00,000,000 | ---D | C] -- C:\Program Files\Imikimi
[2009/02/26 19:58:45 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\JENEPHER LOBATON ORTEGA.doc
[2009/02/26 19:21:48 | 00,000,162 | -H-- | C] () -- C:\~$ring Basa.docx
[2009/02/26 19:21:39 | 00,000,162 | -H-- | C] () -- C:\~$Ina.docx
[2009/02/24 20:22:30 | 00,441,702 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc2.docx
[2009/02/23 14:11:59 | 00,011,643 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.docx
[2009/02/22 19:22:37 | 00,084,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mary lisa.doc
[2009/02/22 18:45:42 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vash...doc
[2009/02/22 16:13:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2009/02/20 14:01:46 | 00,098,816 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\resume.doc
[2009/02/20 11:00:45 | 00,011,180 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Ordered Pc..docx
[2009/02/16 20:46:58 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\JonathanFelix.doc
[2009/02/14 15:57:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/02/14 13:06:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RohanScreenShot
[2009/02/13 14:03:49 | 00,000,000 | ---D | C] -- C:\attachments_2009_02_130
[2009/02/13 14:01:32 | 01,478,486 | ---- | C] () -- C:\attachments_2009_02_130.zip
[2009/02/13 11:23:34 | 01,478,486 | ---- | C] () -- C:\attachments_2009_02_13....zip
[2009/02/13 10:38:52 | 01,478,486 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13...zip
[2009/02/13 10:37:40 | 01,507,680 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Hi.docx
[2009/02/13 10:10:45 | 01,395,843 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13..zip
[2009/02/13 10:09:36 | 00,397,387 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13.zip
[2009/02/12 19:44:44 | 00,010,482 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Phenom X3 8650.docx
[2009/02/11 21:41:13 | 00,015,258 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BENEDICT GARCIA RACINES.docx
========== Files - Modified Within 30 Days ==========
[2 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/03/12 21:36:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/12 21:36:56 | 00,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/03/12 15:36:29 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2009/03/12 09:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/03/11 17:37:26 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Book1.xls
[2009/03/11 13:24:41 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2009/03/11 12:33:51 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SSC Service Utility.lnk
[2009/03/11 11:48:07 | 00,005,248 | ---- | M] () -- C:\WINDOWS\System32\giveio.sys
[2009/03/11 11:44:45 | 00,990,876 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sscserve.exe
[2009/03/11 10:31:58 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/03/11 03:00:33 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Loader.lnk
[2009/03/10 09:03:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/09 23:18:08 | 00,009,264 | RHS- | M] () -- C:\WINDOWS\System32\setting.ini
[2009/03/08 15:41:25 | 00,000,162 | -H-- | M] () -- C:\~$nus That can be prepared in different Patient.docx
[2009/03/06 22:06:49 | 00,359,068 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc5.docx
[2009/03/06 21:46:08 | 00,338,127 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GUARDIAN TRARPO.jpg
[2009/03/06 17:15:00 | 00,000,392 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/03/03 21:59:54 | 00,007,030 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\sunog ito, shanica.nra
[2009/03/02 17:28:27 | 00,145,725 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc4.docx
[2009/03/02 17:24:23 | 00,075,281 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\picture.docx
[2009/03/02 01:04:32 | 00,006,775 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\burn ito.nra
[2009/03/01 15:34:11 | 00,000,162 | -H-- | M] () -- C:\~$abeg22.docx
[2009/02/28 19:56:52 | 00,012,394 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\diane.docx
[2009/02/28 00:05:19 | 00,023,898 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc3.docx
[2009/02/27 13:28:55 | 00,029,224 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Calling Card.docx
[2009/02/26 20:37:02 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\JENEPHER LOBATON ORTEGA.doc
[2009/02/26 20:21:23 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mary lisa.doc
[2009/02/26 19:21:48 | 00,000,162 | -H-- | M] () -- C:\~$ring Basa.docx
[2009/02/26 19:21:39 | 00,000,162 | -H-- | M] () -- C:\~$Ina.docx
[2009/02/24 20:22:30 | 00,441,702 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc2.docx
[2009/02/23 20:44:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/23 20:44:30 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/23 18:11:57 | 00,011,180 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Ordered Pc..docx
[2009/02/23 14:12:00 | 00,011,643 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.docx
[2009/02/23 05:22:00 | 03,105,530 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009/02/22 18:45:44 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vash...doc
[2009/02/20 14:01:47 | 00,098,816 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\resume.doc
[2009/02/16 20:46:58 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\JonathanFelix.doc
[2009/02/13 14:01:38 | 01,478,486 | ---- | M] () -- C:\attachments_2009_02_130.zip
[2009/02/13 11:23:36 | 01,478,486 | ---- | M] () -- C:\attachments_2009_02_13....zip
[2009/02/13 10:38:54 | 01,478,486 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13...zip
[2009/02/13 10:37:40 | 01,507,680 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hi.docx
[2009/02/13 10:10:47 | 01,395,843 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13..zip
[2009/02/13 10:09:39 | 00,397,387 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\attachments_2009_02_13.zip
[2009/02/12 19:44:44 | 00,010,482 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Phenom X3 8650.docx
[2009/02/12 08:25:52 | 00,015,258 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BENEDICT GARCIA RACINES.docx
========== LOP Check ==========
[2009/03/11 13:42:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/06/13 15:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/12/20 22:02:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2008/11/08 00:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
[2008/06/13 18:31:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ATI
[2009/02/22 16:13:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2008/06/13 01:50:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Camfrog
[2008/06/14 20:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CamfrogBar
[2008/11/08 00:07:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2008/06/08 18:08:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
[2008/06/08 00:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/06/08 00:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2008/11/05 11:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2009/03/12 21:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2008/06/08 17:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/02/26 08:55:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/06/11 11:53:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mIRC
[2008/06/13 01:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008/11/05 11:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2008/11/05 12:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star
[2008/06/13 07:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2008/11/05 17:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2008/12/25 08:57:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/06/13 06:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008/12/10 09:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
[2008/06/10 16:01:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft
[2008/09/16 01:19:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\USBSafelyRemove
[2009/03/11 13:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2008/06/08 14:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2008/06/11 11:14:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2009/02/14 15:57:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/06/13 11:45:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/01/06 19:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/11/05 11:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/09/04 12:55:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/10/10 09:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/11/05 17:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/06/11 11:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/11 10:31:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/01/18 21:21:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/06/13 07:58:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/11/05 11:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/11/05 11:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/02/14 15:57:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/06/13 06:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/06/10 15:46:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/06/08 10:42:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/06/08 17:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/06/11 05:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/06/11 11:06:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/06 17:15:00 | 00,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/03/12 09:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2001/08/23 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/12 21:36:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\My Documents\Thumbs.db:encryptable
< End of report >
OTListItExtras.txt
OTListIt Extras logfile created on: 3/12/2009 11:52:03 PM - Run 7
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.48% Memory free
3.78 Gb Paging File | 3.30 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 73.30 Gb Free Space | 49.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RICK_SERVER
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.DLL (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\system32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ ()
C:\Program Files\CafeManila\CafeClient.exe:*:Enabled:CafeClient File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{14298AFE-9001-9CFB-595E-38BB3DCB25D3}" = ccc-utility
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1BA6EE26-3358-B634-FD05-D07C964EE944}" = Skins
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{216A729A-1E12-4483-BE80-4CAAF8B540AD}" = VideoCAM NB 300
"{24AEE00B-90C1-4254-8D1E-53CDBAE2187C}" = Zero Hour Reborn The Last Stand
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{4F55E486-4EDE-A879-B6CC-0B07DD475540}" = Catalyst Control Center Graphics Light
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{746E4937-CC0E-C8A2-CEF3-41774D227847}" = Catalyst Control Center Graphics Full Existing
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{80A1F948-2D8E-7C25-87AA-6D8294334A5D}" = Catalyst Control Center Core Implementation
"{838BC0FB-4F8F-47B9-847F-06AE4CCE4181}" = Manual CanoScan LiDE 25
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A50284B-6426-2FDF-48BD-0895482344E8}" = CCC Help English
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Special Force
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{A40FBD4C-BDF3-49BC-A231-36686D3D766C}" = WarRock
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B93F0E87-FBDB-097E-5DCA-FF99110F26E0}" = Catalyst Control Center Graphics Previews Common
"{C04ED833-89A3-BC13-BAE3-96FDD56933F9}" = Catalyst Control Center Graphics Full New
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CDC31D08-9789-2554-2670-C33BC49F0DD3}" = ccc-core-static
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{DC65F64E-025D-4DF0-BD98-FE79828C3D8A}_is1" = Xtreme-G Catalyst 8.5 XP 32bit
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FE2881D8-236B-6B25-2C5A-74CFB00F2756}" = ccc-core-preinstall
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"ATI Display Driver" = ATI Display Driver
"Audition" = Audition 0.1.2.0
"Bejeweled Twist" = Bejeweled Twist (remove only)
"CABAL Online (PH)" = CABAL Online (PH) 1.0
"Camfrog 3.92" = Camfrog Video Chat 3.92 (remove only)
"CamfrogBar" = Camfrog IE Toolbar 1.0.29
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Chikka Messenger V4" = Chikka Messenger V4
"CrazyKart" = CrazyKart
"DriftCity" = Drift City
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"FreeStyle OnlineLimited Open Beta" = FreeStyle Online
"Half-Life" = Half-Life
"HighStreet 5_is1" = HighStreet 5 - 0.14 - PH
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LimeWire" = LimeWire 4.18.8
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyRO Complete Package" = MyRO Complete Package
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"O2Jam_ph" = O2Jam_PH
"POD-Bot 2.5" = POD-Bot 2.5
"RanOnline" = Ran Online
"Sierra Utilities" = Sierra Utilities
"SSC Service Utility_is1" = SSC Service Utility v4.30
"USB Safely Remove_is1" = USB Safely Remove 4.0 beta 4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! ¤u¨ă¦C
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Internet Caffe" = Antamedia Internet Caffe
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/9/2009 9:15:03 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/10/2009 10:48:23 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application VanRO.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/11/2009 8:33:32 AM | Computer Name = RICK_SERVER | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 8.1.0.421, faulting module
yvoicesm.dll, version 1.0.201.1, fault address 0x0007485d.
Error - 3/11/2009 10:55:32 AM | Computer Name = RICK_SERVER | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module indiv01.key, version 11.0.6000.6324, fault address 0x000f91da.
Error - 3/12/2009 8:35:31 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/12/2009 10:13:23 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/12/2009 11:48:43 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ Application Events ]
Error - 3/9/2009 9:15:03 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/9/2009 9:15:05 AM | Computer Name = RICK_SERVER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 3/10/2009 10:48:23 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application VanRO.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/11/2009 8:33:32 AM | Computer Name = RICK_SERVER | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 8.1.0.421, faulting module
yvoicesm.dll, version 1.0.201.1, fault address 0x0007485d.
Error - 3/11/2009 10:55:32 AM | Computer Name = RICK_SERVER | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module indiv01.key, version 11.0.6000.6324, fault address 0x000f91da.
Error - 3/12/2009 8:35:31 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/12/2009 10:13:23 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/12/2009 11:48:43 AM | Computer Name = RICK_SERVER | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 12/23/2008 11:21:21 AM | Computer Name = RICK_SERVER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 72
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/11/2009 10:50:55 PM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Center Update service terminated with the following error: %%1114
Error - 3/11/2009 10:50:55 PM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Microsoft Shell service terminated with the following error: %%1114
Error - 3/12/2009 3:13:21 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 3/12/2009 3:13:21 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Config Server service terminated with the following error: %%1114
Error - 3/12/2009 3:13:21 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Center Update service terminated with the following error: %%127
Error - 3/12/2009 3:13:21 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Microsoft Shell service terminated with the following error: %%1114
Error - 3/12/2009 9:37:47 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 3/12/2009 9:37:47 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Config Server service terminated with the following error: %%127
Error - 3/12/2009 9:37:47 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Center Update service terminated with the following error: %%1114
Error - 3/12/2009 9:37:47 AM | Computer Name = RICK_SERVER | Source = Service Control Manager | ID = 7023
Description = The Microsoft Shell service terminated with the following error: %%1114
< End of report >
#4
Posted 12 March 2009 - 10:00 AM
zNadz
- Topic Starter
-
- Member
-
- 4 posts
New Member
im new in this kind of problem.. please help me...tnx tnx tnx...
#5
Posted 12 March 2009 - 12:07 PM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Please plug in any removable drives before running Combofix:
================================
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
================================
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
#6
Posted 13 March 2009 - 06:50 PM
zNadz
- Topic Starter
-
- Member
-
- 4 posts
New Member
this is the log that i've got
ComboFix 09-03-13.01 - Administrator 2009-03-14 8:32:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1983.1449 [GMT 8:00]
Running from: c:\program files\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp
c:\recycler\RECYCLER.exe
c:\windows\system32\logondll.dll
c:\windows\system32\setting.ini
----- File Replicators -----
c:\a4tech\a4tech.exe
c:\a4tech\CameraH\CameraH.exe
c:\a4tech\CameraH\Win2K_XP\EffectRes\EffectRes.exe
c:\a4tech\CameraH\Win2K_XP\Win2K_XP.exe
c:\a4tech\CameraH\Win64Bits\EffectRes\EffectRes.exe
c:\a4tech\CameraH\Win64Bits\Win64Bits.exe
c:\a4tech\CameraH\Win98_ME\EffectRes\EffectRes.exe
c:\a4tech\CameraH\Win98_ME\Win98_ME.exe
c:\ati\ATI.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\BIN\BIN.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Blizzard\Blizzard.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CatalystRegistration\CatalystRegistration.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Branding\Branding.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\CCC.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Core-Implementation\Core-Implementation.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Core-PreInstall\Core-PreInstall.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Core-Static\Core-Static.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Full-Existing\Graphics-Full-Existing.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Full-New\Graphics-Full-New.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Light\Graphics-Light.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Previews-Common\Graphics-Previews-Common.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Help\en-us\en-us.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Help\Help.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\MOM-InstallProxy\MOM-InstallProxy.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Skins\Skins.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Utility\Utility.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Utility64\Utility64.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Driver\Driver.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Driver\XP_INF\B_67690\B_67690.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Driver\XP_INF\XP_INF.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\GARTnt\GARTnt.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\IDE\IDE.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\IDEATA133\IDEATA133.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID\i386\i386.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID\RAID.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID7xx\RAID7xx.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID7xx\x86\x86.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\SATARAID\SATARAID.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\SBDrv.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\SMBUS\SMBUS.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\WDM_ALL\AVS_T200\AVS_T200.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\WDM_ALL\AVS_T200\XP\XP.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\WDM_ALL\WDM_ALL.exe
c:\ati\SUPPORT\SUPPORT.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\BIN\BIN.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CatalystRegistration\CatalystRegistration.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\CCC.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Core-Implementation\Core-Implementation.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Core-PreInstall\Core-PreInstall.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Core-Static\Core-Static.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Full-Existing\Graphics-Full-Existing.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Full-New\Graphics-Full-New.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Light\Graphics-Light.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Previews-Common\Graphics-Previews-Common.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Help\en-us\en-us.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Help\Help.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Skins\Skins.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Utility\Utility.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Utility64\Utility64.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Driver\Driver.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Driver\XP_INF\B_64119\B_64119.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Driver\XP_INF\XP_INF.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\IDE\IDE.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\IDEATA133\IDEATA133.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID\i386\i386.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID\RAID.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID7xx\RAID7xx.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID7xx\x86\x86.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\SATARAID\SATARAID.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\SBDrv.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\SMBUS\SMBUS.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\WDM_ALL\AVS_T200\AVS_T200.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\WDM_ALL\AVS_T200\XP\XP.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\WDM_ALL\WDM_ALL.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Xtreme-G Catalyst 8.5 XP 32bit.exe
c:\attachments_2009_02_130\attachments_2009_02_130.exe
c:\bios\bios.exe
c:\bios\EMX-AMD780G-PRO BIOS V1.2\DOS\DOS.exe
c:\bios\EMX-AMD780G-PRO BIOS V1.2\EMX-AMD780G-PRO BIOS V1.2.exe
c:\bios\EMX-AMD780G-PRO BIOS V1.2\Wintools\Wintools.exe
c:\canoscan\CanoScan.exe
c:\canoscan\CNQL25\CNQL25.exe
c:\canoscan\CNQL25\CNQL25\CNQL25.exe
c:\canoscan\CNQL25\CNQSG110\CNQSG110.exe
c:\counterstrike_cd_key\COUNTERSTRIKE_CD_KEY.exe
c:\dmc\DEVILMAYCRY4\DEVILMAYCRY4.exe
c:\dmc\dmc.exe
c:\ga-m61vme-s2 1.0\GA-M61VME-S2 1.0.exe
c:\ga-m61vme-s2 1.0\Realtek\Config\Config.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\MSHDQFE.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K_XP\us\us.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K3\us\us.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K3\Win2K3.exe
c:\ga-m61vme-s2 1.0\Realtek\Realtek.exe
c:\ga-m61vme-s2 1.0\Realtek\Vista\Vista.exe
c:\ga-m61vme-s2 1.0\Realtek\Vista64\Vista64.exe
c:\ga-m61vme-s2 1.0\Realtek\WDM\WDM.exe
c:\ga-m61vme-s2 1.0\Setup\Ethernet\Ethernet.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\IDE.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\raidtool\raidtool.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\sata_ide\sata_ide.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\sataraid\sataraid.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\Win2K.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\raidtool\raidtool.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\sata_ide\sata_ide.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\sataraid\sataraid.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\WinXP.exe
c:\ga-m61vme-s2 1.0\Setup\SMBus\SMBus.exe
c:\games\GAMES.exe
c:\games\Granado Espada\ge\ge.exe
c:\games\Granado Espada\ge\ies\ies.exe
c:\games\Granado Espada\ge\item_hi\item_hi.exe
c:\games\Granado Espada\ge\item_hi\material\material.exe
c:\games\Granado Espada\ge\ui\loadingimg\loadingimg.exe
c:\games\Granado Espada\ge\ui\minimap\minimap.exe
c:\games\Granado Espada\ge\ui\ui.exe
c:\games\Granado Espada\ge\ui\uiscp\uiscp.exe
c:\games\Granado Espada\ge\ui\uixml\uixml.exe
c:\games\Granado Espada\Granado Espada.exe
c:\games\Granado Espada\release\patch\patch.exe
c:\games\Granado Espada\release\release.exe
c:\games\Granado Espada\release\replay\replay.exe
c:\games\Granado Espada\release\screenshot\screenshot.exe
c:\games\Granado Espada\release\user\hotkey\hotkey.exe
c:\games\Granado Espada\release\user\skin\skin.exe
c:\games\Granado Espada\release\user\ui\ui.exe
c:\games\Granado Espada\release\user\url\url.exe
c:\games\Granado Espada\release\user\user.exe
c:\games\Granado Espada\release\xtrap\xtrap.exe
c:\games\NBA2008\EA SPORTS online\EA SPORTS online.exe
c:\games\NBA2008\NBA LIVE 08\ai\act\act.exe
c:\games\NBA2008\NBA LIVE 08\ai\ai.exe
c:\games\NBA2008\NBA LIVE 08\anim\anim.exe
c:\games\NBA2008\NBA LIVE 08\anim\body\body.exe
c:\games\NBA2008\NBA LIVE 08\anim\skel\skel.exe
c:\games\NBA2008\NBA LIVE 08\audio\aems\aems.exe
c:\games\NBA2008\NBA LIVE 08\audio\audio.exe
c:\games\NBA2008\NBA LIVE 08\audio\music\music.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\arena\arena.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\asw\asw.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\asw\english\english.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\asw\french\french.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\frontend\english\english.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\frontend\french\french.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\frontend\frontend.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\gamespch\english\english.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\gamespch\french\french.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\gamespch\gamespch.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\speech.exe
c:\games\NBA2008\NBA LIVE 08\database\database.exe
c:\games\NBA2008\NBA LIVE 08\database\OrigDB\OrigDB.exe
c:\games\NBA2008\NBA LIVE 08\fe\act\act.exe
c:\games\NBA2008\NBA LIVE 08\fe\fe.exe
c:\games\NBA2008\NBA LIVE 08\fe\fonts\common\common.exe
c:\games\NBA2008\NBA LIVE 08\fe\fonts\fonts.exe
c:\games\NBA2008\NBA LIVE 08\gamedir\gamedir.exe
c:\games\NBA2008\NBA LIVE 08\interface\configs\configs.exe
c:\games\NBA2008\NBA LIVE 08\interface\interface.exe
c:\games\NBA2008\NBA LIVE 08\layouts\credits\credits.exe
c:\games\NBA2008\NBA LIVE 08\layouts\layouts.exe
c:\games\NBA2008\NBA LIVE 08\loc\loc.exe
c:\games\NBA2008\NBA LIVE 08\main\cscripts\cscripts.exe
c:\games\NBA2008\NBA LIVE 08\main\main.exe
c:\games\NBA2008\NBA LIVE 08\merlin\merlin.exe
c:\games\NBA2008\NBA LIVE 08\movies\English\English.exe
c:\games\NBA2008\NBA LIVE 08\movies\French\French.exe
c:\games\NBA2008\NBA LIVE 08\movies\German\German.exe
c:\games\NBA2008\NBA LIVE 08\movies\Italian\Italian.exe
c:\games\NBA2008\NBA LIVE 08\movies\movies.exe
c:\games\NBA2008\NBA LIVE 08\NBA LIVE 08.exe
c:\games\NBA2008\NBA LIVE 08\scripter\noncdrom\noncdrom.exe
c:\games\NBA2008\NBA LIVE 08\scripter\scripter.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\allstar\allstar.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\allstar\judges\judges.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\coach\coach.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\common\common.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\crowd\crowd.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\crowd3d\crowd3d.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\feenv\feenv.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\players\players.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\props\props.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\sgsm.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\stadia\stadia.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\uniforms\uniforms.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\uniforms\unihalf\unihalf.exe
c:\games\NBA2008\NBA LIVE 08\simeng\simeng.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Cz\Cz.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Da\Da.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\De\De.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\EA Help.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-uk\en-uk.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Controller\Controller.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Crash\Crash.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Direct_X\Direct_X.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\en-us.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Error_Message\Error_Message.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Getting_More_Help_Online\Getting_More_Help_Online.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Graphics\Graphics.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Install\Install.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Lock-up_and_Freeze\Lock-up_and_Freeze.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Online_Connectivity_and_Performance\Online_Connectivity_and_Performance.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Sound\Sound.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\WebHelp_Skin_Files\WebHelp_Skin_Files.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\XP_Silver.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\whdata\whdata.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Whitepages\Whitepages.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\whxdata\whxdata.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Es\Es.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Fi\Fi.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\fr-fr\fr-fr.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Hu\Hu.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\It\It.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\NL\NL.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\No\No.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Pol\Pol.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\pt-br\pt-br.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\pt\pt.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Ru\Ru.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Sv\Sv.exe
c:\games\NBA2008\NBA LIVE 08\Support\Support.exe
c:\games\NBA2008\NBA LIVE 08\sysmgr\autocfg\autocfg.exe
c:\games\NBA2008\NBA LIVE 08\sysmgr\synctest\synctest.exe
c:\games\NBA2008\NBA LIVE 08\sysmgr\sysmgr.exe
c:\games\NBA2008\NBA LIVE 08\tuning\tuning.exe
c:\games\NBA2008\NBA LIVE 08\ubi\ubi.exe
c:\games\NBA2008\NBA2008.exe
c:\games\RagnarokOnline\_tmpEmblem\_tmpEmblem.exe
c:\games\RagnarokOnline\AI\AI.exe
c:\games\RagnarokOnline\AI\USER_AI\USER_AI.exe
c:\games\RagnarokOnline\BGM\BGM.exe
c:\games\RagnarokOnline\Chat\Chat.exe
c:\games\RagnarokOnline\GameGuard\GameGuard.exe
c:\games\RagnarokOnline\PatchClient\PatchClient.exe
c:\games\RagnarokOnline\RagnarokOnline.exe
c:\games\RagnarokOnline\ScreenShot\ScreenShot.exe
c:\games\RagnarokOnline\skin\default\basic_interface\basic_interface.exe
c:\games\RagnarokOnline\skin\default\default.exe
c:\games\RagnarokOnline\skin\Scribbling Kid\basic_interface\basic_interface.exe
c:\games\RagnarokOnline\skin\Scribbling Kid\Scribbling Kid.exe
c:\games\RagnarokOnline\skin\skin.exe
c:\games\Rohan\bitmaps\bitmaps.exe
c:\games\Rohan\bitmaps\effect\effect.exe
c:\games\Rohan\bitmaps\interface\interface.exe
c:\games\Rohan\bitmaps\interface4\basicaction\basicaction.exe
c:\games\Rohan\bitmaps\interface4\CreateCharacter2\CreateCharacter2.exe
c:\games\Rohan\bitmaps\interface4\Font\Font.exe
c:\games\Rohan\bitmaps\interface4\interface4.exe
c:\games\Rohan\bitmaps\interface4\iteminventory\iteminventory.exe
c:\games\Rohan\bitmaps\interface4\itemscript\itemscript.exe
c:\games\Rohan\bitmaps\interface4\loadingsheet\loadingsheet.exe
c:\games\Rohan\bitmaps\interface4\login\login.exe
c:\games\Rohan\bitmaps\interface4\Minimap\Minimap.exe
c:\games\Rohan\bitmaps\interface4\npcscript\npcscript.exe
c:\games\Rohan\bitmaps\interface4\QuestDialog\QuestDialog.exe
c:\games\Rohan\bitmaps\interface4\rohanguide\rohanguide.exe
c:\games\Rohan\bitmaps\interface4\skillicon\skillicon.exe
c:\games\Rohan\bitmaps\interface4\skillscript\skillscript.exe
c:\games\Rohan\bitmaps\interface4\SystemSheet\SystemSheet.exe
c:\games\Rohan\bitmaps\interface4\Trade\Trade.exe
c:\games\Rohan\bitmaps\interface4\UI\UI.exe
c:\games\Rohan\bitmaps\item\item.exe
c:\games\Rohan\Collision\Collision.exe
c:\games\Rohan\data\data.exe
c:\games\Rohan\data\data\data.exe
c:\games\Rohan\data\Script\Script.exe
c:\games\Rohan\GameGuard\GameGuard.exe
c:\games\Rohan\model\Building\Animation\Animation.exe
c:\games\Rohan\model\Building\Bin\Bin.exe
c:\games\Rohan\model\Building\Building.exe
c:\games\Rohan\model\Building\Material\Material.exe
c:\games\Rohan\model\Building\Mesh\Mesh.exe
c:\games\Rohan\model\Building\Skeleton\Skeleton.exe
c:\games\Rohan\model\Building\Texture\Texture.exe
c:\games\Rohan\model\Etc\Animation\Animation.exe
c:\games\Rohan\model\Etc\Bin\Bin.exe
c:\games\Rohan\model\Etc\Etc.exe
c:\games\Rohan\model\Etc\Material\Material.exe
c:\games\Rohan\model\Etc\Mesh\Mesh.exe
c:\games\Rohan\model\Etc\Skeleton\Skeleton.exe
c:\games\Rohan\model\Etc\texture\texture.exe
c:\games\Rohan\model\Grass\Animation\Animation.exe
c:\games\Rohan\model\Grass\Bin\Bin.exe
c:\games\Rohan\model\Grass\Grass.exe
c:\games\Rohan\model\Grass\Material\Material.exe
c:\games\Rohan\model\Grass\Mesh\Mesh.exe
c:\games\Rohan\model\Grass\Skeleton\Skeleton.exe
c:\games\Rohan\model\Grass\texture\texture.exe
c:\games\Rohan\model\item\bin\bin.exe
c:\games\Rohan\model\item\item.exe
c:\games\Rohan\model\model.exe
c:\games\Rohan\model\monster\animation\animation.exe
c:\games\Rohan\model\monster\bin\bin.exe
c:\games\Rohan\model\monster\material\material.exe
c:\games\Rohan\model\monster\mesh\mesh.exe
c:\games\Rohan\model\monster\monster.exe
c:\games\Rohan\model\monster\skeleton\skeleton.exe
c:\games\Rohan\model\monster\texture\texture.exe
c:\games\Rohan\model\natureobject\animation\animation.exe
c:\games\Rohan\model\natureobject\bin\bin.exe
c:\games\Rohan\model\natureobject\material\material.exe
c:\games\Rohan\model\natureobject\mesh\mesh.exe
c:\games\Rohan\model\natureobject\natureobject.exe
c:\games\Rohan\model\natureobject\skeleton\skeleton.exe
c:\games\Rohan\model\natureobject\texture\texture.exe
c:\games\Rohan\model\npc\Animation\Animation.exe
c:\games\Rohan\model\npc\Bin\Bin.exe
c:\games\Rohan\model\npc\Material\Material.exe
c:\games\Rohan\model\npc\Mesh\Mesh.exe
c:\games\Rohan\model\npc\npc.exe
c:\games\Rohan\model\npc\Skeleton\Skeleton.exe
c:\games\Rohan\model\npc\Texture\Texture.exe
c:\games\Rohan\model\player\animation\animation.exe
c:\games\Rohan\model\player\bin\bin.exe
c:\games\Rohan\model\player\ief\ief.exe
c:\games\Rohan\model\player\material\material.exe
c:\games\Rohan\model\player\mesh\mesh.exe
c:\games\Rohan\model\player\player.exe
c:\games\Rohan\model\player\texture\texture.exe
c:\games\Rohan\model\Tree\Animation\Animation.exe
c:\games\Rohan\model\Tree\Bin\Bin.exe
c:\games\Rohan\model\Tree\Material\Material.exe
c:\games\Rohan\model\Tree\Mesh\Mesh.exe
c:\games\Rohan\model\Tree\Skeleton\Skeleton.exe
c:\games\Rohan\model\Tree\texture\texture.exe
c:\games\Rohan\model\Tree\Tree.exe
c:\games\Rohan\music\background\background.exe
c:\games\Rohan\music\background\EventMusic\EventMusic.exe
c:\games\Rohan\music\background\JukeBox\JukeBox.exe
c:\games\Rohan\music\background\MiniCardGame\MiniCardGame.exe
c:\games\Rohan\music\music.exe
c:\games\Rohan\res\model\AniClientObject\AniClientObject.exe
c:\games\Rohan\res\model\Building\Building.exe
c:\games\Rohan\res\model\BuildingSiege\BuildingSiege.exe
c:\games\Rohan\res\model\Effect\Effect.exe
c:\games\Rohan\res\model\Etc\Etc.exe
c:\games\Rohan\res\model\Grass\Grass.exe
c:\games\Rohan\res\model\Item\Item.exe
c:\games\Rohan\res\model\model.exe
c:\games\Rohan\res\model\Monster\Monster.exe
c:\games\Rohan\res\model\NatureObject\NatureObject.exe
c:\games\Rohan\res\model\Npc\Npc.exe
c:\games\Rohan\res\model\Player\Player.exe
c:\games\Rohan\res\model\Sky\Sky.exe
c:\games\Rohan\res\model\Tree\Tree.exe
c:\games\Rohan\res\res.exe
c:\games\Rohan\res\sound\sound.exe
c:\games\Rohan\Rohan.exe
c:\games\Rohan\Save\ittest01\ittest01.exe
c:\games\Rohan\Save\ittest02\ittest02.exe
c:\games\Rohan\Save\RHBW197081\RHBW197081.exe
c:\games\Rohan\Save\RHCBT096793\RHCBT096793.exe
c:\games\Rohan\Save\RHCBT097201\RHCBT097201.exe
c:\games\Rohan\Save\rtest04\rtest04.exe
c:\games\Rohan\Save\Save.exe
c:\games\Rohan\Save\TestPH04\TestPH04.exe
c:\games\Rohan\shaderbin\shaderbin.exe
c:\games\Rohan\sound\entity\entity.exe
c:\games\Rohan\sound\entity\mon\mon.exe
c:\games\Rohan\sound\entity\mon\pet_duck\pet_duck.exe
c:\games\Rohan\sound\entity\mon\pet_maid\pet_maid.exe
c:\games\Rohan\sound\entity\voice\society_add\society_add.exe
c:\games\Rohan\sound\entity\voice\voice.exe
c:\games\Rohan\sound\sound.exe
c:\games\Rohan\world\1-0\1-0.exe
c:\games\Rohan\world\1-0\layer\layer.exe
c:\games\Rohan\world\1-0\layer\layer\layer.exe
c:\games\Rohan\world\1-1\1-1.exe
c:\games\Rohan\world\1-2\1-2.exe
c:\games\Rohan\world\1-3\1-3.exe
c:\games\Rohan\world\1-4\1-4.exe
c:\games\Rohan\world\2-0\2-0.exe
c:\games\Rohan\world\2-1\2-1.exe
c:\games\Rohan\world\2-2\2-2.exe
c:\games\Rohan\world\2-3\2-3.exe
c:\games\Rohan\world\2-4\2-4.exe
c:\games\Rohan\world\3-0\3-0.exe
c:\games\Rohan\world\3-1\3-1.exe
c:\games\Rohan\world\3-2\3-2.exe
c:\games\Rohan\world\3-3\3-3.exe
c:\games\Rohan\world\3-4\3-4.exe
c:\games\Rohan\world\4-0\4-0.exe
c:\games\Rohan\world\4-1\4-1.exe
c:\games\Rohan\world\4-4\4-4.exe
c:\games\Rohan\world\5-0\5-0.exe
c:\games\Rohan\world\5-1\5-1.exe
c:\games\Rohan\world\5-2\5-2.exe
c:\games\Rohan\world\5-3\5-3.exe
c:\games\Rohan\world\5-3\layer\layer.exe
c:\games\Rohan\world\5-4\5-4.exe
c:\games\Rohan\world\5-5\5-5.exe
c:\games\Rohan\world\6-0\6-0.exe
c:\games\Rohan\world\6-1\6-1.exe
c:\games\Rohan\world\6-2\6-2.exe
c:\games\Rohan\world\6-2\layer\layer.exe
c:\games\Rohan\world\minimap\minimap.exe
c:\games\Rohan\world\region\region.exe
c:\games\Rohan\world\srvattr\5-1\5-1.exe
c:\games\Rohan\world\srvattr\srvattr.exe
c:\games\Rohan\world\world.exe
c:\games\VanRO\_tmpEmblem\_tmpEmblem.exe
c:\games\VanRO\02-24-2009.play.ratemyserver.net.client\02-24-2009.play.ratemyserver.net.client.exe
c:\games\VanRO\AI\AI.exe
c:\games\VanRO\beta\beta.exe
c:\games\VanRO\beta\Book\Book.exe
c:\games\VanRO\beta\Dev\Dev.exe
c:\games\VanRO\beta\PatchClient\PatchClient.exe
c:\games\VanRO\beta\skin\default\basic_interface\basic_interface.exe
c:\games\VanRO\beta\skin\default\default.exe
c:\games\VanRO\beta\skin\default\login_interface\login_interface.exe
c:\games\VanRO\beta\skin\euRO\basic_interface\basic_interface.exe
c:\games\VanRO\beta\skin\euRO\euRO.exe
c:\games\VanRO\beta\skin\skin.exe
c:\games\VanRO\beta\sprite\npc\npc.exe
c:\games\VanRO\beta\sprite\sprite.exe
c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\À¯ÀúÀÎÅÍÆäÀ̀½º.exe
c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\basic_interface\basic_interface.exe
c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\illust\illust.exe
c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\login_interface\login_interface.exe
c:\games\VanRO\beta\texture\Aí-AuAIAIAaAI_o\Aí-AuAIAIAaAI_o.exe
c:\games\VanRO\beta\texture\Aí-AuAIAIAaAI_o\basic_interface\basic_interface.exe
c:\games\VanRO\beta\texture\Aí-AuAIAIAaAI_o\login_interface\login_interface.exe
c:\games\VanRO\beta\texture\effect\effect.exe
c:\games\VanRO\beta\texture\texture.exe
c:\games\VanRO\BGM\BGM.exe
c:\games\VanRO\Chat\Chat.exe
c:\games\VanRO\Chat_BM\Chat_BM.exe
c:\games\VanRO\Emblem\Emblem.exe
c:\games\VanRO\GameGuard\GameGuard.exe
c:\games\VanRO\neoncube\neoncube.exe
c:\games\VanRO\neoncube\vanro\vanro.exe
c:\games\VanRO\New Folder (2)\New Folder (2).exe
c:\games\VanRO\New Folder\data\data.exe
c:\games\VanRO\New Folder\data\Dev\Dev.exe
c:\games\VanRO\New Folder\data\PatchClient\PatchClient.exe
c:\games\VanRO\New Folder\data\skin\default\basic_interface\basic_interface.exe
c:\games\VanRO\New Folder\data\skin\default\default.exe
c:\games\VanRO\New Folder\data\skin\default\login_interface\login_interface.exe
c:\games\VanRO\New Folder\data\skin\euRO\basic_interface\basic_interface.exe
c:\games\VanRO\New Folder\data\skin\euRO\euRO.exe
c:\games\VanRO\New Folder\data\skin\skin.exe
c:\games\VanRO\New Folder\data\sprite\npc\npc.exe
c:\games\VanRO\New Folder\data\sprite\sprite.exe
c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\À¯ÀúÀÎÅÍÆäÀ̀½º.exe
c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\basic_interface\basic_interface.exe
c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\illust\illust.exe
c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\login_interface\login_interface.exe
c:\games\VanRO\New Folder\data\texture\texture.exe
c:\games\VanRO\New Folder\New Folder.exe
c:\games\VanRO\PatchClient\PatchClient.exe
c:\games\VanRO\RagLite-DLL-1210\RagLite-DLL-1210.exe
c:\games\VanRO\ScreenShot\ScreenShot.exe
c:\games\VanRO\skin\default\basic_interface\basic_interface.exe
c:\games\VanRO\skin\default\default.exe
c:\games\VanRO\skin\scribbling kid\basic_interface\basic_interface.exe
c:\games\VanRO\skin\scribbling kid\scribbling kid.exe
c:\games\VanRO\skin\skin.exe
c:\games\WARCRAFT\Warcraft III 1.20e\AI Scripts\AI Scripts.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Campaigns\Campaigns.exe
c:\games\WARCRAFT\Warcraft III 1.20e\downloads\downloads.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Errors\Errors.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\Download\Download.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\downloads\downloads.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\FrozenThrone\FrozenThrone.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\FrozenThrone\Scenario\Scenario.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\Maps.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\Scenario\Scenario.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Movies\Movies.exe
c:\games\WARCRAFT\Warcraft III 1.20e\redist\miles\miles.exe
c:\games\WARCRAFT\Warcraft III 1.20e\redist\redist.exe
c:\games\WARCRAFT\Warcraft III 1.20e\replay\replay.exe
c:\games\WARCRAFT\Warcraft III 1.20e\save\Multiplayer\Multiplayer.exe
c:\games\WARCRAFT\Warcraft III 1.20e\save\Profile1\Profile1.exe
c:\games\WARCRAFT\Warcraft III 1.20e\save\save.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\BattleNet\BattleNet.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Images\ClanIcons\ClanIcons.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Images\Images.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Images\Nav\Nav.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Layout\Layout.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Readme\Readme.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\support.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Support\Support.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\WorldEdit\WorldEdit.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Warcraft III 1.20e.exe
c:\games\WARCRAFT\WARCRAFT.exe
c:\internet cafe software\Internet Cafe Software.exe
c:\logs\logs.exe
c:\mobo\BIOSTAR N61VM21.1\BIOSTAR N61VM21.1.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\2kxp.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\Ethernet\Ethernet.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\Ethernet\NAM\NAM.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\IDE.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\Win2K.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\WinXP.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\SMBus\SMBus.exe
c:\mobo\BIOSTAR NF61V v1.0\BIOSTAR NF61V v1.0.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\GA-M61VME-S2 (rev. 1.0).exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\Ethernet.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\NAM\NAM.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\MCP61.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\SMBus\SMBus.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\New Folder.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\Config\Config.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\MSHDQFE.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\us\us.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\us\us.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\Win2K3.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\realtek.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\Vista\Vista.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\Vista64\Vista64.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\WDM\WDM.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\Ethernet\Ethernet.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\IDE.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\Win2K.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\WinXP.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\SMBus\SMBus.exe
c:\mobo\GA_M61spm\GA_M61spm.exe
c:\mobo\GA_M61spm\MSHDQFE\MSHDQFE.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\ara\ara.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\br\br.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\chs\chs.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\cht\cht.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\cs\cs.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\da\da.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\el\el.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\es\es.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\fi\fi.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\fr\fr.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\ger\ger.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\heb\heb.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\hu\hu.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\it\it.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\jpn\jpn.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\kor\kor.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\nl\nl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\no\no.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\pl\pl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\pt\pt.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\ru\ru.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\sk\sk.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\sl\sl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\sv\sv.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\tr\tr.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\us\us.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\ara\ara.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\br\br.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\chs\chs.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\cht\cht.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\cs\cs.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\da\da.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\el\el.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\es\es.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\fi\fi.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\fr\fr.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\ger\ger.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\heb\heb.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\hu\hu.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\it\it.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\jpn\jpn.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\kor\kor.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\nl\nl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\no\no.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\pl\pl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\pt\pt.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\ru\ru.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\sk\sk.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\sl\sl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\sv\sv.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\tr\tr.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\us\us.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\Win2K3.exe
c:\mobo\GA_M61spm\Realtek\Config\Config.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\MSHDQFE.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K_XP\us\us.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K3\us\us.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K3\Win2K3.exe
c:\mobo\GA_M61spm\Realtek\Realtek.exe
c:\mobo\GA_M61spm\Realtek\Vista\Vista.exe
c:\mobo\GA_M61spm\Realtek\Vista64\Vista64.exe
c:\mobo\GA_M61spm\Realtek\WDM\WDM.exe
c:\mobo\GA_M61spm\Setup\Ethernet\Ethernet.exe
c:\mobo\GA_M61spm\Setup\IDE\IDE.exe
c:\mobo\GA_M61spm\Setup\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\GA_M61spm\Setup\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\GA_M61spm\Setup\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\GA_M61spm\Setup\IDE\Win2K\Win2K.exe
c:\mobo\GA_M61spm\Setup\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\GA_M61spm\Setup\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\GA_M61spm\Setup\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\GA_M61spm\Setup\IDE\WinXP\WinXP.exe
c:\mobo\GA_M61spm\Setup\SMBus\SMBus.exe
c:\mobo\L177WSB\L177WSB.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\2kxp.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\Ethernet\Ethernet.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\Ethernet\NAM\NAM.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\IDE.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\Win2K.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\WinXP.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\SMBus\SMBus.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\BIOSTAR NF61V v1.0.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\GA-M61VME-S2 (rev. 1.0).exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\Ethernet.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\NAM\NAM.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\MCP61.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\SMBus\SMBus.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\New Folder.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\Config\Config.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\MSHDQFE.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\us\us.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\us\us.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\Win2K3.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\realtek.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\Vista\Vista.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\Vista64\Vista64.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\WDM\WDM.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\Ethernet\Ethernet.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\IDE.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\Win2K.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\WinXP.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\SMBus\SMBus.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\Audio_Realtek-AC65x-850_3.74_all(2).exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\Ap\Ap.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\V3.74.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\WDM\WDM.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\Win95\Win95.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\WinNT4\WinNT4.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\Ethernet\Ethernet.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\IDE.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\Win2K.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\WinXP.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\SMBus\SMBus.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\geforce 6100.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce6100epox.exe
c:\mobo\MOBO DRIVER\MOBO DRIVER.exe
c:\mobo\mobo.exe
c:\pansa\Games\Games.exe
c:\pansa\Internet\Internet.exe
c:\pansa\Office\Office.exe
c:\pansa\pansa.exe
c:\rockstar games\GTA San Andreas\anim\anim.exe
c:\rockstar games\GTA San Andreas\audio\audio.exe
c:\rockstar games\GTA San Andreas\audio\CONFIG\CONFIG.exe
c:\rockstar games\GTA San Andreas\audio\SFX\SFX.exe
c:\rockstar games\GTA San Andreas\audio\streams\streams.exe
c:\rockstar games\GTA San Andreas\data\data.exe
c:\rockstar games\GTA San Andreas\data\Decision\Allowed\Allowed.exe
c:\rockstar games\GTA San Andreas\data\Decision\andyd\andyd.exe
c:\rockstar games\GTA San Andreas\data\Decision\chris\chris.exe
c:\rockstar games\GTA San Andreas\data\Decision\ChrisM\ChrisM.exe
c:\rockstar games\GTA San Andreas\data\Decision\Craig\Craig.exe
c:\rockstar games\GTA San Andreas\data\Decision\david\david.exe
c:\rockstar games\GTA San Andreas\data\Decision\Decision.exe
c:\rockstar games\GTA San Andreas\data\Decision\Imran\Imran.exe
c:\rockstar games\GTA San Andreas\data\Icons\Icons.exe
c:\rockstar games\GTA San Andreas\data\maps\country\country.exe
c:\rockstar games\GTA San Andreas\data\maps\generic\generic.exe
c:\rockstar games\GTA San Andreas\data\maps\interior\interior.exe
c:\rockstar games\GTA San Andreas\data\maps\LA\LA.exe
c:\rockstar games\GTA San Andreas\data\maps\leveldes\leveldes.exe
c:\rockstar games\GTA San Andreas\data\maps\maps.exe
c:\rockstar games\GTA San Andreas\data\maps\SF\SF.exe
c:\rockstar games\GTA San Andreas\data\maps\vegas\vegas.exe
c:\rockstar games\GTA San Andreas\data\maps\veh_mods\veh_mods.exe
c:\rockstar games\GTA San Andreas\data\Paths\Paths.exe
c:\rockstar games\GTA San Andreas\data\script\script.exe
c:\rockstar games\GTA San Andreas\filterscripts\filterscripts.exe
c:\rockstar games\GTA San Andreas\gamemodes\gamemodes.exe
c:\rockstar games\GTA San Andreas\GTA San Andreas.exe
c:\rockstar games\GTA San Andreas\models\coll\coll.exe
c:\rockstar games\GTA San Andreas\models\generic\generic.exe
c:\rockstar games\GTA San Andreas\models\grass\grass.exe
c:\rockstar games\GTA San Andreas\models\models.exe
c:\rockstar games\GTA San Andreas\models\txd\txd.exe
c:\rockstar games\GTA San Andreas\movies\movies.exe
c:\rockstar games\GTA San Andreas\pawno\include\include.exe
c:\rockstar games\GTA San Andreas\ReadMe\ReadMe.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\filterscripts\filterscripts.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\gamemodes\gamemodes.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\pawno\include\include.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\samp022server.win32.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\scriptfiles\scriptfiles.exe
c:\rockstar games\GTA San Andreas\scriptfiles\scriptfiles.exe
c:\rockstar games\GTA San Andreas\text\text.exe
c:\rockstar games\Rockstar Games.exe
c:\rockstar games\samp022server.win32\filterscripts\filterscripts.exe
c:\rockstar games\samp022server.win32\gamemodes\gamemodes.exe
c:\rockstar games\samp022server.win32\pawno\include\include.exe
c:\rockstar games\samp022server.win32\samp022server.win32.exe
c:\rockstar games\samp022server.win32\scriptfiles\scriptfiles.exe
c:\sierra\Half-Life\cstrike\cl_dlls\cl_dlls.exe
c:\sierra\Half-Life\cstrike\classes\classes.exe
c:\sierra\Half-Life\cstrike\cstrike.exe
c:\sierra\Half-Life\cstrike\dlls\dlls.exe
c:\sierra\Half-Life\cstrike\events\events.exe
c:\sierra\Half-Life\cstrike\gfx\env\env.exe
c:\sierra\Half-Life\cstrike\gfx\gfx.exe
c:\sierra\Half-Life\cstrike\gfx\shell\shell.exe
c:\sierra\Half-Life\cstrike\gfx\vgui\vgui.exe
c:\sierra\Half-Life\cstrike\manual\manual.exe
c:\sierra\Half-Life\cstrike\maps\maps.exe
c:\sierra\Half-Life\cstrike\media\media.exe
c:\sierra\Half-Life\cstrike\models\models.exe
c:\sierra\Half-Life\cstrike\models\player\arctic\arctic.exe
c:\sierra\Half-Life\cstrike\models\player\gign\gign.exe
c:\sierra\Half-Life\cstrike\models\player\gsg9\gsg9.exe
c:\sierra\Half-Life\cstrike\models\player\guerilla\guerilla.exe
c:\sierra\Half-Life\cstrike\models\player\leet\leet.exe
c:\sierra\Half-Life\cstrike\models\player\player.exe
c:\sierra\Half-Life\cstrike\models\player\sas\sas.exe
c:\sierra\Half-Life\cstrike\models\player\terror\terror.exe
c:\sierra\Half-Life\cstrike\models\player\urban\urban.exe
c:\sierra\Half-Life\cstrike\models\player\vip\vip.exe
c:\sierra\Half-Life\cstrike\overviews\overviews.exe
c:\sierra\Half-Life\cstrike\PODBot\BotChats\BotChats.exe
c:\sierra\Half-Life\cstrike\PODBot\Docs\Docs.exe
c:\sierra\Half-Life\cstrike\PODBot\Docs\GFX\GFX.exe
c:\sierra\Half-Life\cstrike\PODBot\PODBot.exe
c:\sierra\Half-Life\cstrike\PODBot\Wptcs10\Wptcs10.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTCS11\WPTCS11.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTCS6.x\WPTCS6.x.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTCS71\WPTCS71.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTCustom\WPTCustom.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTDefault\WPTDefault.exe
c:\sierra\Half-Life\cstrike\SAVE\SAVE.exe
c:\sierra\Half-Life\cstrike\sound\ambience\ambience.exe
c:\sierra\Half-Life\cstrike\sound\de_torn\de_torn.exe
c:\sierra\Half-Life\cstrike\sound\hostage\hostage.exe
c:\sierra\Half-Life\cstrike\sound\items\items.exe
c:\sierra\Half-Life\cstrike\sound\misc\misc.exe
c:\sierra\Half-Life\cstrike\sound\plats\plats.exe
c:\sierra\Half-Life\cstrike\sound\player\player.exe
c:\sierra\Half-Life\cstrike\sound\radio\radio.exe
c:\sierra\Half-Life\cstrike\sound\sound.exe
c:\sierra\Half-Life\cstrike\sound\storm\storm.exe
c:\sierra\Half-Life\cstrike\sound\weapons\weapons.exe
c:\sierra\Half-Life\cstrike\sprites\sprites.exe
c:\sierra\Half-Life\dmc\dlls\dlls.exe
c:\sierra\Half-Life\dmc\events\door\door.exe
c:\sierra\Half-Life\dmc\events\events.exe
c:\sierra\Half-Life\dmc\gfx\gfx.exe
c:\sierra\Half-Life\dmc\gfx\shell\shell.exe
c:\sierra\Half-Life\dmc\gfx\vgui\vgui.exe
c:\sierra\Half-Life\dmc\maps\maps.exe
c:\sierra\Half-Life\dmc\media\media.exe
c:\sierra\Half-Life\dmc\models\models.exe
c:\sierra\Half-Life\dmc\overviews\overviews.exe
c:\sierra\Half-Life\dmc\sound\ambience\ambience.exe
c:\sierra\Half-Life\dmc\sound\items\items.exe
c:\sierra\Half-Life\dmc\sound\misc\misc.exe
c:\sierra\Half-Life\dmc\sound\player\player.exe
c:\sierra\Half-Life\dmc\sound\sound.exe
c:\sierra\Half-Life\dmc\sound\weapons\weapons.exe
c:\sierra\Half-Life\dmc\sprites\sprites.exe
c:\sierra\Half-Life\gldrv\gldrv.exe
c:\sierra\Half-Life\Half-Life.exe
c:\sierra\Half-Life\logos\logos.exe
c:\sierra\Half-Life\tfc\cl_dlls\cl_dlls.exe
c:\sierra\Half-Life\tfc\classes\classes.exe
c:\sierra\Half-Life\tfc\dlls\dlls.exe
c:\sierra\Half-Life\tfc\events\door\door.exe
c:\sierra\Half-Life\tfc\events\events.exe
c:\sierra\Half-Life\tfc\events\explode\explode.exe
c:\sierra\Half-Life\tfc\events\misc\misc.exe
c:\sierra\Half-Life\tfc\events\wpn\wpn.exe
c:\sierra\Half-Life\tfc\gfx\env\env.exe
c:\sierra\Half-Life\tfc\gfx\gfx.exe
c:\sierra\Half-Life\tfc\gfx\shell\shell.exe
c:\sierra\Half-Life\tfc\gfx\vgui\vgui.exe
c:\sierra\Half-Life\tfc\manual\manual.exe
c:\sierra\Half-Life\tfc\maps\maps.exe
c:\sierra\Half-Life\tfc\media\media.exe
c:\sierra\Half-Life\tfc\models\models.exe
c:\sierra\Half-Life\tfc\models\player\civilian\civilian.exe
c:\sierra\Half-Life\tfc\models\player\demo\demo.exe
c:\sierra\Half-Life\tfc\models\player\engineer\engineer.exe
c:\sierra\Half-Life\tfc\models\player\hvyweapon\hvyweapon.exe
c:\sierra\Half-Life\tfc\models\player\medic\medic.exe
c:\sierra\Half-Life\tfc\models\player\player.exe
c:\sierra\Half-Life\tfc\models\player\pyro\pyro.exe
c:\sierra\Half-Life\tfc\models\player\scout\scout.exe
c:\sierra\Half-Life\tfc\models\player\sniper\sniper.exe
c:\sierra\Half-Life\tfc\models\player\soldier\soldier.exe
c:\sierra\Half-Life\tfc\models\player\spy\spy.exe
c:\sierra\Half-Life\tfc\overviews\overviews.exe
c:\sierra\Half-Life\tfc\sound\misc\misc.exe
c:\sierra\Half-Life\tfc\sound\sound.exe
c:\sierra\Half-Life\tfc\sound\vox\vox.exe
c:\sierra\Half-Life\tfc\sound\weapons\weapons.exe
c:\sierra\Half-Life\tfc\sprites\sprites.exe
c:\sierra\Half-Life\tfc\tfc.exe
c:\sierra\Half-Life\valve\cl_dlls\cl_dlls.exe
c:\sierra\Half-Life\valve\dlls\dlls.exe
c:\sierra\Half-Life\valve\events\events.exe
c:\sierra\Half-Life\valve\gfx\gfx.exe
c:\sierra\Half-Life\valve\gfx\shell\shell.exe
c:\sierra\Half-Life\valve\gfx\vgui\fonts\fonts.exe
c:\sierra\Half-Life\valve\gfx\vgui\vgui.exe
c:\sierra\Half-Life\valve\hw\hw.exe
c:\sierra\Half-Life\valve\maps\maps.exe
c:\sierra\Half-Life\valve\media\DrvPage\DrvPage.exe
c:\sierra\Half-Life\valve\media\media.exe
c:\sierra\Half-Life\valve\media\previews\img\img.exe
c:\sierra\Half-Life\valve\media\previews\media\media.exe
c:\sierra\Half-Life\valve\media\previews\previews.exe
c:\sierra\Half-Life\valve\models\models.exe
c:\sierra\Half-Life\valve\models\player\barney\barney.exe
c:\sierra\Half-Life\valve\models\player\gman\gman.exe
c:\sierra\Half-Life\valve\models\player\hgrunt\hgrunt.exe
c:\sierra\Half-Life\valve\models\player\player.exe
c:\sierra\Half-Life\valve\models\player\recon\recon.exe
c:\sierra\Half-Life\valve\models\player\robo\robo.exe
c:\sierra\Half-Life\valve\models\player\zombie\zombie.exe
c:\sierra\Half-Life\valve\overviews\overviews.exe
c:\sierra\Half-Life\valve\resource\resource.exe
c:\sierra\Half-Life\valve\scripts\scripts.exe
c:\sierra\Half-Life\valve\sprites\sprites.exe
c:\sierra\Half-Life\valve\valve.exe
c:\sierra\SIERRA.exe
c:\sotec\EN3165A\EN3165A.exe
c:\sotec\EN3189A\EN3189A.exe
c:\sotec\EN3547A\EN3547A.exe
c:\sotec\EN3547A\Win2K\Win2K.exe
c:\sotec\EN3547A\Win98\Win98.exe
c:\sotec\EN3547A\WinMe\WinMe.exe
c:\sotec\EN3547A\WinXP\WinXP.exe
c:\sotec\EN4769A\EN4769A.exe
c:\sotec\sis\a12112d\a12112d.exe
c:\sotec\sis\a12112d\a12112d\a12112d.exe
c:\sotec\sis\a12112d\a12112d\App\App.exe
c:\sotec\sis\a12112d\a12112d\NT40\NT40.exe
c:\sotec\sis\a12112d\a12112d\srv2003\srv2003.exe
c:\sotec\sis\a12112d\a12112d\Win2000\Win2000.exe
c:\sotec\sis\a12112d\a12112d\win95_98\win95_98.exe
c:\sotec\sis\a12112d\a12112d\Win98se\Win98se.exe
c:\sotec\sis\a12112d\a12112d\WinME\WinME.exe
c:\sotec\sis\a12112d\a12112d\WinXP\WinXP.exe
c:\sotec\sis\a12112d\a12112d\WS03XP64\WS03XP64.exe
c:\sotec\sis\awi2152\awi2152.exe
c:\sotec\sis\ide204a\ide204a.exe
c:\sotec\sis\ide204a\R204a\IDE\IDE.exe
c:\sotec\sis\ide204a\R204a\IDE\IdeUtil\IdeUtil.exe
c:\sotec\sis\ide204a\R204a\IDE\win2k\win2k.exe
c:\sotec\sis\ide204a\R204a\IDE\winxp\winxp.exe
c:\sotec\sis\ide204a\R204a\R204a.exe
c:\sotec\sis\ide204a\R204a\setupdir\0003\0003.exe
c:\sotec\sis\ide204a\R204a\setupdir\0005\0005.exe
c:\sotec\sis\ide204a\R204a\setupdir\0006\0006.exe
c:\sotec\sis\ide204a\R204a\setupdir\0007\0007.exe
c:\sotec\sis\ide204a\R204a\setupdir\0008\0008.exe
c:\sotec\sis\ide204a\R204a\setupdir\0009\0009.exe
c:\sotec\sis\ide204a\R204a\setupdir\000a\000a.exe
c:\sotec\sis\ide204a\R204a\setupdir\000b\000b.exe
c:\sotec\sis\ide204a\R204a\setupdir\000e\000e.exe
c:\sotec\sis\ide204a\R204a\setupdir\0010\0010.exe
c:\sotec\sis\ide204a\R204a\setupdir\0011\0011.exe
c:\sotec\sis\ide204a\R204a\setupdir\0012\0012.exe
c:\sotec\sis\ide204a\R204a\setupdir\0013\0013.exe
c:\sotec\sis\ide204a\R204a\setupdir\0014\0014.exe
c:\sotec\sis\ide204a\R204a\setupdir\0015\0015.exe
c:\sotec\sis\ide204a\R204a\setupdir\0019\0019.exe
c:\sotec\sis\ide204a\R204a\setupdir\001b\001b.exe
c:\sotec\sis\ide204a\R204a\setupdir\001d\001d.exe
c:\sotec\sis\ide204a\R204a\setupdir\001e\001e.exe
c:\sotec\sis\ide204a\R204a\setupdir\001f\001f.exe
c:\sotec\sis\ide204a\R204a\setupdir\0021\0021.exe
c:\sotec\sis\ide204a\R204a\setupdir\0024\0024.exe
c:\sotec\sis\ide204a\R204a\setupdir\002d\002d.exe
c:\sotec\sis\ide204a\R204a\setupdir\0404\0404.exe
c:\sotec\sis\ide204a\R204a\setupdir\040c\040c.exe
c:\sotec\sis\ide204a\R204a\setupdir\0416\0416.exe
c:\sotec\sis\ide204a\R204a\setupdir\0804\0804.exe
c:\sotec\sis\ide204a\R204a\setupdir\0816\0816.exe
c:\sotec\sis\ide204a\R204a\setupdir\0c0c\0c0c.exe
c:\sotec\sis\ide204a\R204a\setupdir\setupdir.exe
c:\sotec\sis\ide204a\R204a\SISfiles\SISfiles.exe
c:\sotec\sis\sis.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\3[1].73Logo.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\373_Logo.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\AGP.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\current.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN2000\WIN2000.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN2003\WIN2003.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN64\WIN64.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN98\WIN98.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WINME\WINME.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WINXP\WINXP.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\old.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WIN2000\WIN2000.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WIN98\WIN98.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WINME\WINME.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WINXP\WINXP.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\sisuagp\sisuagp.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\sisuagp\WIN32\WIN32.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\sisuagp\WIN64\WIN64.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGPPack.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\SISfiles\SISfiles.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\USB.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win2K_XP\Win2K_XP.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win2K_XP\WinXPUSB\WinXPUSB.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win9x\SiSFiles\SiSFiles.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win9x\Win9x.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\Language\Language.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\NT4\NT4.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\setupDLL\setupDLL.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\SETUPRES\SETUPRES.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\9xBin\315\315.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\9xBin\9xBin.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\9xBin\Xabre\Xabre.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\ntBin\ntBin.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\utilDLL.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\3DWizard\3DWizard.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Gamma\Gamma.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\General\General.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\ICO\ICO.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Info\Info.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Manager\Manager.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Sistray\Sistray.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\UtilRes.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Video\Video.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\Win98_ME\Win98_ME.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\WinXP_2K\WinXP_2K.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\WinXP64\WinXP64.exe
c:\sotec\sis\uvga3_373\uvga3_373.exe
c:\sotec\SOTEC.exe
c:\zh_reborn_v5.0_the_last_stand\zh_reborn_v5.0_the_last_stand.exe
.
.
((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.
2009-03-14 08:24 . 2009-03-14 08:24 2,933,582 -ra------ c:\program files\ComboFix.exe
2009-03-13 07:39 . 2009-03-14 08:36 30 -rahs---- c:\windows\pc-off.bat
2009-03-11 22:55 . 2008-11-17 17:33 298,157 -rahs---- c:\windows\password_viewer.exe
2009-03-11 13:42 . 2009-03-11 13:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2009-03-11 12:33 . 2009-03-11 12:33 <DIR> d-------- c:\program files\SSC Service Utility
2009-03-11 11:48 . 2009-03-11 11:48 5,248 --a------ c:\windows\system32\giveio.sys
2009-03-11 02:01 . 2009-02-23 05:22 3,105,530 --a------ c:\windows\system32\GameMon.des
2009-03-08 15:41 . 2009-03-08 15:41 162 --ah----- C:\~$nus That can be prepared in different Patient.docx
2009-03-01 15:34 . 2009-03-01 15:34 162 --ah----- C:\~$abeg22.docx
2009-02-26 21:47 . 2009-02-26 21:47 <DIR> d-------- c:\program files\Imikimi
2009-02-26 19:21 . 2009-02-26 19:21 162 --ah----- C:\~$ring Basa.docx
2009-02-26 19:21 . 2009-02-26 19:21 162 --ah----- C:\~$Ina.docx
2009-02-22 16:13 . 2009-02-22 16:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Avira
2009-02-14 15:57 . 2009-02-14 15:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 00:36 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-03-12 12:50 --------- d-----w c:\program files\Caffe
2009-02-14 07:52 --------- d-----w c:\program files\Yahoo!
2009-02-13 06:01 1,478,486 ----a-w C:\attachments_2009_02_130.zip
2009-02-13 03:23 1,478,486 ----a-w C:\attachments_2009_02_13....zip
2009-02-12 16:26 --------- d-----w c:\program files\HighStreet 5
2009-02-12 16:12 --------- d-----w c:\program files\Garena
2009-01-18 13:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-15 10:33 231,077,053 ----a-w C:\CrazyKart_OBT.zip
2008-06-12 23:00 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2008-11-17 09:33 298,157 --sha-r c:\windows\password_viewer.exe
2004-08-03 22:56 165,141 --sha-r c:\windows\system32\zdljjssh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2008-06-02 1275904]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Caffe-Server"="c:\program files\Caffe\Server.exe" [2009-01-19 5387776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-09-19 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,password_viewer.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:H *
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6021:TCP"= 6021:TCP:ffognh
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2007-03-07 130584]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-10-10 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2008-10-10 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-10-10 41217]
S2 gqpwn;Config Server;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 mdrmsozkk;Center Update;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 sfosk;Microsoft Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-11-27 428160]
S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva197;XDva197;\??\c:\windows\system32\XDva197.sys --> c:\windows\system32\XDva197.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
mdrmsozkk
sfosk
gqpwn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##herick_server#H]
\Shell\AutoRun\command - Z:\SETUP.EXE
\Shell\configure\command - Z:\SETUP.EXE
\Shell\install\command - Z:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}]
\Shell\AutoRun\command - E:\kk3.bat
\Shell\explore\Command - E:\kk3.bat
\Shell\open\Command - E:\kk3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}]
\Shell\AutoRun\command - password_viewer.exe %1
\Shell\Explore\command - password_viewer.exe %1
\Shell\Open\command - password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}]
\Shell\Auto\command - Recycled/dllcache32.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
\Shell\explore\Command - Recycled/dllcache32.exe
\Shell\open\Command - Recycled/dllcache32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}]
\Shell\AutoRun\command - E:\password_viewer.exe %1
\Shell\Explore\command - E:\password_viewer.exe %1
\Shell\Open\command - E:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}]
\Shell\AutoPlay\Command - wscript.exe ntidr.vbs
\Shell\AutoRun\command - wscript.exe ntidr.vbs
\Shell\Explore\Command - wscript.exe ntidr.vbs
\Shell\Open\Command - wscript.exe ntidr.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1fd749-ed31-11dd-81fb-00e0b0f957ac}]
\Shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
\Shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}]
\Shell\AutoRun\command - 1u0o8bnq.cmd
\Shell\explore\Command - 1u0o8bnq.cmd
\Shell\open\Command - 1u0o8bnq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}]
\ShElL\autoplAy\coMMand - E:\kvogm.exe
\ShElL\AutoRun\command - E:\kvogm.exe
\ShElL\Explore\comMANd - E:\kvogm.exe
\ShElL\opeN\CoMmaNd - E:\kvogm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36473822-6a1b-11dd-b085-806d6172696f}]
\Shell\AutoRun\command - D:\kn6jhgc.cmd
\Shell\explore\Command - D:\kn6jhgc.cmd
\Shell\open\Command - D:\kn6jhgc.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36473823-6a1b-11dd-b085-806d6172696f}]
\Shell\AutoRun\command - E:\kn6jhgc.cmd
\Shell\explore\Command - E:\kn6jhgc.cmd
\Shell\open\Command - E:\kn6jhgc.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{477bb646-e04e-11dd-81dd-00e0b0f957ac}]
\Shell\AutoRun\command - E:\winlogon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b1e782-b387-11dd-8199-00e0b0f957ac}]
\Shell\AutoRun\command - e:\.system\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe
\Shell\open\command - e:\.system\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ee969d9-c8ba-11dd-81be-00e0b0f957ac}]
\Shell\AutoRun\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}]
\Shell\AutoRun\command - H:\Install.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57eaa3d3-fe28-11dd-821b-00e0b0f957ac}]
\Shell\AutoRun\command - E:\2fiy.bat
\Shell\open\Command - E:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da315e3-df84-11dd-81dc-00e0b0f957ac}]
\Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
\Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da315e4-df84-11dd-81dc-00e0b0f957ac}]
\Shell\AutoRun\command - F:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}]
\Shell\AutoRun\command - E:\r.bat
\Shell\explore\Command - E:\r.bat
\Shell\open\Command - E:\r.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8abae87e-becc-11dd-81ae-00e0b0f957ac}]
\Shell\AutoRun\command - wscript.exe sowar.vbs
\Shell\Open\Command - wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb81788-c71b-11dd-81bb-00e0b0f957ac}]
\Shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
\Shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb81789-c71b-11dd-81bb-00e0b0f957ac}]
\Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
\Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}]
\Shell\AutoRun\command - E:\no.com
\Shell\explore\Command - E:\no.com
\Shell\open\Command - E:\no.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1d3903-e4ec-11dd-81e8-00e0b0f957ac}]
\shell\explore\Command - E:\boot.exe
\shell\open\Command - E:\boot.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb00885a-e769-11dd-81f3-00e0b0f957ac}]
\Shell\AutoRun\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
\Shell\open\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d10dfa20-b05f-11dd-8195-00e0b0f957ac}]
\Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
\Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73e907d-ca93-11dd-81c0-00e0b0f957ac}]
\Shell\AutoRun\command - wscript.exe sowar.vbs
\Shell\Open\Command - wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}]
\Shell\AutoRun\command - E:\r.bat
\Shell\explore\Command - E:\r.bat
\Shell\open\Command - E:\r.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}]
\Shell\AutoRun\command - E:\password_viewer.exe %1
\Shell\Explore\command - E:\password_viewer.exe %1
\Shell\Open\command - E:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8a47035-07ba-11de-822d-00e0b0f957ac}]
\Shell\AutoRun\command - wscript.exe sowar.vbs
\Shell\Open\Command - wscript.exe sowar.vbs
.
Contents of the 'Scheduled Tasks' folder
2009-03-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:09]
2009-03-13 c:\windows\Tasks\At1.job
- c:\windows\system32\RVHOST.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Caffe-ICUpdater - c:\program files\Caffe\ICUpdater.exe
HKCU-Run-InternetCaffeUpdater - ICUpdater.exe
HKLM-Run-CafeClient - c:\progra~1\CAFEMA~1\CafeClient.exe
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
Notify-DfLogon - LogonDll.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 10.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: avsda.dll
TCP: {34D74BE8-0ABF-4AA5-809D-9DFF6D85E8DC} = 58.69.254.4,58.69.254.7
TCP: {34DC6105-39F8-4225-998B-C64886AB860D} = 58.69.254.4,58.69.254.7
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 08:36:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gqpwn]
"ServiceDll"="c:\program files\Movie Maker\zdljjssh.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mdrmsozkk]
"ServiceDll"="c:\windows\system32\zdljjssh.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sfosk]
"ServiceDll"="c:\program files\Internet Explorer\zdljjssh.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\relog_ap.dll
c:\windows\system32\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\windows\password_viewer.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\guardgui.exe
.
**************************************************************************
.
Completion time: 2009-03-14 8:39:09 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-03-14 00:39:07
Pre-Run: 78,200,942,592 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
1272
ComboFix 09-03-13.01 - Administrator 2009-03-14 8:32:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1983.1449 [GMT 8:00]
Running from: c:\program files\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp
c:\recycler\RECYCLER.exe
c:\windows\system32\logondll.dll
c:\windows\system32\setting.ini
----- File Replicators -----
c:\a4tech\a4tech.exe
c:\a4tech\CameraH\CameraH.exe
c:\a4tech\CameraH\Win2K_XP\EffectRes\EffectRes.exe
c:\a4tech\CameraH\Win2K_XP\Win2K_XP.exe
c:\a4tech\CameraH\Win64Bits\EffectRes\EffectRes.exe
c:\a4tech\CameraH\Win64Bits\Win64Bits.exe
c:\a4tech\CameraH\Win98_ME\EffectRes\EffectRes.exe
c:\a4tech\CameraH\Win98_ME\Win98_ME.exe
c:\ati\ATI.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\BIN\BIN.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Blizzard\Blizzard.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CatalystRegistration\CatalystRegistration.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Branding\Branding.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\CCC.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Core-Implementation\Core-Implementation.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Core-PreInstall\Core-PreInstall.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Core-Static\Core-Static.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Full-Existing\Graphics-Full-Existing.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Full-New\Graphics-Full-New.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Light\Graphics-Light.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Graphics-Previews-Common\Graphics-Previews-Common.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Help\en-us\en-us.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Help\Help.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\MOM-InstallProxy\MOM-InstallProxy.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Skins\Skins.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Utility\Utility.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\CCC\Utility64\Utility64.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Driver\Driver.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Driver\XP_INF\B_67690\B_67690.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\Driver\XP_INF\XP_INF.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\GARTnt\GARTnt.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\IDE\IDE.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\IDEATA133\IDEATA133.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID\i386\i386.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID\RAID.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID7xx\RAID7xx.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\RAID7xx\x86\x86.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\SATARAID\SATARAID.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\SBDrv.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\SBDrv\SMBUS\SMBUS.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\WDM_ALL\AVS_T200\AVS_T200.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\WDM_ALL\AVS_T200\XP\XP.exe
c:\ati\SUPPORT\8-8-igp_xp32_dd_ccc_wdm_sb_gart_enu_67975\WDM_ALL\WDM_ALL.exe
c:\ati\SUPPORT\SUPPORT.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\BIN\BIN.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CatalystRegistration\CatalystRegistration.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\CCC.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Core-Implementation\Core-Implementation.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Core-PreInstall\Core-PreInstall.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Core-Static\Core-Static.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Full-Existing\Graphics-Full-Existing.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Full-New\Graphics-Full-New.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Light\Graphics-Light.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Graphics-Previews-Common\Graphics-Previews-Common.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Help\en-us\en-us.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Help\Help.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Skins\Skins.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Utility\Utility.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\CCC\Utility64\Utility64.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Driver\Driver.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Driver\XP_INF\B_64119\B_64119.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Driver\XP_INF\XP_INF.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\IDE\IDE.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\IDEATA133\IDEATA133.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID\i386\i386.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID\RAID.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID7xx\RAID7xx.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\RAID7xx\x86\x86.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\SATARAID\SATARAID.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\SBDrv.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\SBDrv\SMBUS\SMBUS.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\WDM_ALL\AVS_T200\AVS_T200.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\WDM_ALL\AVS_T200\XP\XP.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\WDM_ALL\WDM_ALL.exe
c:\ati\SUPPORT\Xtreme-G Catalyst 8.5 XP 32bit\Xtreme-G Catalyst 8.5 XP 32bit.exe
c:\attachments_2009_02_130\attachments_2009_02_130.exe
c:\bios\bios.exe
c:\bios\EMX-AMD780G-PRO BIOS V1.2\DOS\DOS.exe
c:\bios\EMX-AMD780G-PRO BIOS V1.2\EMX-AMD780G-PRO BIOS V1.2.exe
c:\bios\EMX-AMD780G-PRO BIOS V1.2\Wintools\Wintools.exe
c:\canoscan\CanoScan.exe
c:\canoscan\CNQL25\CNQL25.exe
c:\canoscan\CNQL25\CNQL25\CNQL25.exe
c:\canoscan\CNQL25\CNQSG110\CNQSG110.exe
c:\counterstrike_cd_key\COUNTERSTRIKE_CD_KEY.exe
c:\dmc\DEVILMAYCRY4\DEVILMAYCRY4.exe
c:\dmc\dmc.exe
c:\ga-m61vme-s2 1.0\GA-M61VME-S2 1.0.exe
c:\ga-m61vme-s2 1.0\Realtek\Config\Config.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\MSHDQFE.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K_XP\us\us.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K3\us\us.exe
c:\ga-m61vme-s2 1.0\Realtek\MSHDQFE\Win2K3\Win2K3.exe
c:\ga-m61vme-s2 1.0\Realtek\Realtek.exe
c:\ga-m61vme-s2 1.0\Realtek\Vista\Vista.exe
c:\ga-m61vme-s2 1.0\Realtek\Vista64\Vista64.exe
c:\ga-m61vme-s2 1.0\Realtek\WDM\WDM.exe
c:\ga-m61vme-s2 1.0\Setup\Ethernet\Ethernet.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\IDE.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\raidtool\raidtool.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\sata_ide\sata_ide.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\sataraid\sataraid.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\Win2K\Win2K.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\raidtool\raidtool.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\sata_ide\sata_ide.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\sataraid\sataraid.exe
c:\ga-m61vme-s2 1.0\Setup\IDE\WinXP\WinXP.exe
c:\ga-m61vme-s2 1.0\Setup\SMBus\SMBus.exe
c:\games\GAMES.exe
c:\games\Granado Espada\ge\ge.exe
c:\games\Granado Espada\ge\ies\ies.exe
c:\games\Granado Espada\ge\item_hi\item_hi.exe
c:\games\Granado Espada\ge\item_hi\material\material.exe
c:\games\Granado Espada\ge\ui\loadingimg\loadingimg.exe
c:\games\Granado Espada\ge\ui\minimap\minimap.exe
c:\games\Granado Espada\ge\ui\ui.exe
c:\games\Granado Espada\ge\ui\uiscp\uiscp.exe
c:\games\Granado Espada\ge\ui\uixml\uixml.exe
c:\games\Granado Espada\Granado Espada.exe
c:\games\Granado Espada\release\patch\patch.exe
c:\games\Granado Espada\release\release.exe
c:\games\Granado Espada\release\replay\replay.exe
c:\games\Granado Espada\release\screenshot\screenshot.exe
c:\games\Granado Espada\release\user\hotkey\hotkey.exe
c:\games\Granado Espada\release\user\skin\skin.exe
c:\games\Granado Espada\release\user\ui\ui.exe
c:\games\Granado Espada\release\user\url\url.exe
c:\games\Granado Espada\release\user\user.exe
c:\games\Granado Espada\release\xtrap\xtrap.exe
c:\games\NBA2008\EA SPORTS online\EA SPORTS online.exe
c:\games\NBA2008\NBA LIVE 08\ai\act\act.exe
c:\games\NBA2008\NBA LIVE 08\ai\ai.exe
c:\games\NBA2008\NBA LIVE 08\anim\anim.exe
c:\games\NBA2008\NBA LIVE 08\anim\body\body.exe
c:\games\NBA2008\NBA LIVE 08\anim\skel\skel.exe
c:\games\NBA2008\NBA LIVE 08\audio\aems\aems.exe
c:\games\NBA2008\NBA LIVE 08\audio\audio.exe
c:\games\NBA2008\NBA LIVE 08\audio\music\music.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\arena\arena.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\asw\asw.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\asw\english\english.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\asw\french\french.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\frontend\english\english.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\frontend\french\french.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\frontend\frontend.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\gamespch\english\english.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\gamespch\french\french.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\gamespch\gamespch.exe
c:\games\NBA2008\NBA LIVE 08\audio\speech\speech.exe
c:\games\NBA2008\NBA LIVE 08\database\database.exe
c:\games\NBA2008\NBA LIVE 08\database\OrigDB\OrigDB.exe
c:\games\NBA2008\NBA LIVE 08\fe\act\act.exe
c:\games\NBA2008\NBA LIVE 08\fe\fe.exe
c:\games\NBA2008\NBA LIVE 08\fe\fonts\common\common.exe
c:\games\NBA2008\NBA LIVE 08\fe\fonts\fonts.exe
c:\games\NBA2008\NBA LIVE 08\gamedir\gamedir.exe
c:\games\NBA2008\NBA LIVE 08\interface\configs\configs.exe
c:\games\NBA2008\NBA LIVE 08\interface\interface.exe
c:\games\NBA2008\NBA LIVE 08\layouts\credits\credits.exe
c:\games\NBA2008\NBA LIVE 08\layouts\layouts.exe
c:\games\NBA2008\NBA LIVE 08\loc\loc.exe
c:\games\NBA2008\NBA LIVE 08\main\cscripts\cscripts.exe
c:\games\NBA2008\NBA LIVE 08\main\main.exe
c:\games\NBA2008\NBA LIVE 08\merlin\merlin.exe
c:\games\NBA2008\NBA LIVE 08\movies\English\English.exe
c:\games\NBA2008\NBA LIVE 08\movies\French\French.exe
c:\games\NBA2008\NBA LIVE 08\movies\German\German.exe
c:\games\NBA2008\NBA LIVE 08\movies\Italian\Italian.exe
c:\games\NBA2008\NBA LIVE 08\movies\movies.exe
c:\games\NBA2008\NBA LIVE 08\NBA LIVE 08.exe
c:\games\NBA2008\NBA LIVE 08\scripter\noncdrom\noncdrom.exe
c:\games\NBA2008\NBA LIVE 08\scripter\scripter.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\allstar\allstar.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\allstar\judges\judges.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\coach\coach.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\common\common.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\crowd\crowd.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\crowd3d\crowd3d.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\feenv\feenv.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\players\players.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\props\props.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\sgsm.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\stadia\stadia.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\uniforms\uniforms.exe
c:\games\NBA2008\NBA LIVE 08\sgsm\uniforms\unihalf\unihalf.exe
c:\games\NBA2008\NBA LIVE 08\simeng\simeng.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Cz\Cz.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Da\Da.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\De\De.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\EA Help.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-uk\en-uk.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Controller\Controller.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Crash\Crash.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Direct_X\Direct_X.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\en-us.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Error_Message\Error_Message.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Getting_More_Help_Online\Getting_More_Help_Online.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Graphics\Graphics.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Install\Install.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Lock-up_and_Freeze\Lock-up_and_Freeze.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Online_Connectivity_and_Performance\Online_Connectivity_and_Performance.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Sound\Sound.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\WebHelp_Skin_Files\WebHelp_Skin_Files.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\WebHelp_Skin_Files\XP_Silver\XP_Silver.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\whdata\whdata.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\Whitepages\Whitepages.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\en-us\whxdata\whxdata.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Es\Es.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Fi\Fi.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\fr-fr\fr-fr.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Hu\Hu.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\It\It.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\NL\NL.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\No\No.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Pol\Pol.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\pt-br\pt-br.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\pt\pt.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Ru\Ru.exe
c:\games\NBA2008\NBA LIVE 08\Support\EA Help\Sv\Sv.exe
c:\games\NBA2008\NBA LIVE 08\Support\Support.exe
c:\games\NBA2008\NBA LIVE 08\sysmgr\autocfg\autocfg.exe
c:\games\NBA2008\NBA LIVE 08\sysmgr\synctest\synctest.exe
c:\games\NBA2008\NBA LIVE 08\sysmgr\sysmgr.exe
c:\games\NBA2008\NBA LIVE 08\tuning\tuning.exe
c:\games\NBA2008\NBA LIVE 08\ubi\ubi.exe
c:\games\NBA2008\NBA2008.exe
c:\games\RagnarokOnline\_tmpEmblem\_tmpEmblem.exe
c:\games\RagnarokOnline\AI\AI.exe
c:\games\RagnarokOnline\AI\USER_AI\USER_AI.exe
c:\games\RagnarokOnline\BGM\BGM.exe
c:\games\RagnarokOnline\Chat\Chat.exe
c:\games\RagnarokOnline\GameGuard\GameGuard.exe
c:\games\RagnarokOnline\PatchClient\PatchClient.exe
c:\games\RagnarokOnline\RagnarokOnline.exe
c:\games\RagnarokOnline\ScreenShot\ScreenShot.exe
c:\games\RagnarokOnline\skin\default\basic_interface\basic_interface.exe
c:\games\RagnarokOnline\skin\default\default.exe
c:\games\RagnarokOnline\skin\Scribbling Kid\basic_interface\basic_interface.exe
c:\games\RagnarokOnline\skin\Scribbling Kid\Scribbling Kid.exe
c:\games\RagnarokOnline\skin\skin.exe
c:\games\Rohan\bitmaps\bitmaps.exe
c:\games\Rohan\bitmaps\effect\effect.exe
c:\games\Rohan\bitmaps\interface\interface.exe
c:\games\Rohan\bitmaps\interface4\basicaction\basicaction.exe
c:\games\Rohan\bitmaps\interface4\CreateCharacter2\CreateCharacter2.exe
c:\games\Rohan\bitmaps\interface4\Font\Font.exe
c:\games\Rohan\bitmaps\interface4\interface4.exe
c:\games\Rohan\bitmaps\interface4\iteminventory\iteminventory.exe
c:\games\Rohan\bitmaps\interface4\itemscript\itemscript.exe
c:\games\Rohan\bitmaps\interface4\loadingsheet\loadingsheet.exe
c:\games\Rohan\bitmaps\interface4\login\login.exe
c:\games\Rohan\bitmaps\interface4\Minimap\Minimap.exe
c:\games\Rohan\bitmaps\interface4\npcscript\npcscript.exe
c:\games\Rohan\bitmaps\interface4\QuestDialog\QuestDialog.exe
c:\games\Rohan\bitmaps\interface4\rohanguide\rohanguide.exe
c:\games\Rohan\bitmaps\interface4\skillicon\skillicon.exe
c:\games\Rohan\bitmaps\interface4\skillscript\skillscript.exe
c:\games\Rohan\bitmaps\interface4\SystemSheet\SystemSheet.exe
c:\games\Rohan\bitmaps\interface4\Trade\Trade.exe
c:\games\Rohan\bitmaps\interface4\UI\UI.exe
c:\games\Rohan\bitmaps\item\item.exe
c:\games\Rohan\Collision\Collision.exe
c:\games\Rohan\data\data.exe
c:\games\Rohan\data\data\data.exe
c:\games\Rohan\data\Script\Script.exe
c:\games\Rohan\GameGuard\GameGuard.exe
c:\games\Rohan\model\Building\Animation\Animation.exe
c:\games\Rohan\model\Building\Bin\Bin.exe
c:\games\Rohan\model\Building\Building.exe
c:\games\Rohan\model\Building\Material\Material.exe
c:\games\Rohan\model\Building\Mesh\Mesh.exe
c:\games\Rohan\model\Building\Skeleton\Skeleton.exe
c:\games\Rohan\model\Building\Texture\Texture.exe
c:\games\Rohan\model\Etc\Animation\Animation.exe
c:\games\Rohan\model\Etc\Bin\Bin.exe
c:\games\Rohan\model\Etc\Etc.exe
c:\games\Rohan\model\Etc\Material\Material.exe
c:\games\Rohan\model\Etc\Mesh\Mesh.exe
c:\games\Rohan\model\Etc\Skeleton\Skeleton.exe
c:\games\Rohan\model\Etc\texture\texture.exe
c:\games\Rohan\model\Grass\Animation\Animation.exe
c:\games\Rohan\model\Grass\Bin\Bin.exe
c:\games\Rohan\model\Grass\Grass.exe
c:\games\Rohan\model\Grass\Material\Material.exe
c:\games\Rohan\model\Grass\Mesh\Mesh.exe
c:\games\Rohan\model\Grass\Skeleton\Skeleton.exe
c:\games\Rohan\model\Grass\texture\texture.exe
c:\games\Rohan\model\item\bin\bin.exe
c:\games\Rohan\model\item\item.exe
c:\games\Rohan\model\model.exe
c:\games\Rohan\model\monster\animation\animation.exe
c:\games\Rohan\model\monster\bin\bin.exe
c:\games\Rohan\model\monster\material\material.exe
c:\games\Rohan\model\monster\mesh\mesh.exe
c:\games\Rohan\model\monster\monster.exe
c:\games\Rohan\model\monster\skeleton\skeleton.exe
c:\games\Rohan\model\monster\texture\texture.exe
c:\games\Rohan\model\natureobject\animation\animation.exe
c:\games\Rohan\model\natureobject\bin\bin.exe
c:\games\Rohan\model\natureobject\material\material.exe
c:\games\Rohan\model\natureobject\mesh\mesh.exe
c:\games\Rohan\model\natureobject\natureobject.exe
c:\games\Rohan\model\natureobject\skeleton\skeleton.exe
c:\games\Rohan\model\natureobject\texture\texture.exe
c:\games\Rohan\model\npc\Animation\Animation.exe
c:\games\Rohan\model\npc\Bin\Bin.exe
c:\games\Rohan\model\npc\Material\Material.exe
c:\games\Rohan\model\npc\Mesh\Mesh.exe
c:\games\Rohan\model\npc\npc.exe
c:\games\Rohan\model\npc\Skeleton\Skeleton.exe
c:\games\Rohan\model\npc\Texture\Texture.exe
c:\games\Rohan\model\player\animation\animation.exe
c:\games\Rohan\model\player\bin\bin.exe
c:\games\Rohan\model\player\ief\ief.exe
c:\games\Rohan\model\player\material\material.exe
c:\games\Rohan\model\player\mesh\mesh.exe
c:\games\Rohan\model\player\player.exe
c:\games\Rohan\model\player\texture\texture.exe
c:\games\Rohan\model\Tree\Animation\Animation.exe
c:\games\Rohan\model\Tree\Bin\Bin.exe
c:\games\Rohan\model\Tree\Material\Material.exe
c:\games\Rohan\model\Tree\Mesh\Mesh.exe
c:\games\Rohan\model\Tree\Skeleton\Skeleton.exe
c:\games\Rohan\model\Tree\texture\texture.exe
c:\games\Rohan\model\Tree\Tree.exe
c:\games\Rohan\music\background\background.exe
c:\games\Rohan\music\background\EventMusic\EventMusic.exe
c:\games\Rohan\music\background\JukeBox\JukeBox.exe
c:\games\Rohan\music\background\MiniCardGame\MiniCardGame.exe
c:\games\Rohan\music\music.exe
c:\games\Rohan\res\model\AniClientObject\AniClientObject.exe
c:\games\Rohan\res\model\Building\Building.exe
c:\games\Rohan\res\model\BuildingSiege\BuildingSiege.exe
c:\games\Rohan\res\model\Effect\Effect.exe
c:\games\Rohan\res\model\Etc\Etc.exe
c:\games\Rohan\res\model\Grass\Grass.exe
c:\games\Rohan\res\model\Item\Item.exe
c:\games\Rohan\res\model\model.exe
c:\games\Rohan\res\model\Monster\Monster.exe
c:\games\Rohan\res\model\NatureObject\NatureObject.exe
c:\games\Rohan\res\model\Npc\Npc.exe
c:\games\Rohan\res\model\Player\Player.exe
c:\games\Rohan\res\model\Sky\Sky.exe
c:\games\Rohan\res\model\Tree\Tree.exe
c:\games\Rohan\res\res.exe
c:\games\Rohan\res\sound\sound.exe
c:\games\Rohan\Rohan.exe
c:\games\Rohan\Save\ittest01\ittest01.exe
c:\games\Rohan\Save\ittest02\ittest02.exe
c:\games\Rohan\Save\RHBW197081\RHBW197081.exe
c:\games\Rohan\Save\RHCBT096793\RHCBT096793.exe
c:\games\Rohan\Save\RHCBT097201\RHCBT097201.exe
c:\games\Rohan\Save\rtest04\rtest04.exe
c:\games\Rohan\Save\Save.exe
c:\games\Rohan\Save\TestPH04\TestPH04.exe
c:\games\Rohan\shaderbin\shaderbin.exe
c:\games\Rohan\sound\entity\entity.exe
c:\games\Rohan\sound\entity\mon\mon.exe
c:\games\Rohan\sound\entity\mon\pet_duck\pet_duck.exe
c:\games\Rohan\sound\entity\mon\pet_maid\pet_maid.exe
c:\games\Rohan\sound\entity\voice\society_add\society_add.exe
c:\games\Rohan\sound\entity\voice\voice.exe
c:\games\Rohan\sound\sound.exe
c:\games\Rohan\world\1-0\1-0.exe
c:\games\Rohan\world\1-0\layer\layer.exe
c:\games\Rohan\world\1-0\layer\layer\layer.exe
c:\games\Rohan\world\1-1\1-1.exe
c:\games\Rohan\world\1-2\1-2.exe
c:\games\Rohan\world\1-3\1-3.exe
c:\games\Rohan\world\1-4\1-4.exe
c:\games\Rohan\world\2-0\2-0.exe
c:\games\Rohan\world\2-1\2-1.exe
c:\games\Rohan\world\2-2\2-2.exe
c:\games\Rohan\world\2-3\2-3.exe
c:\games\Rohan\world\2-4\2-4.exe
c:\games\Rohan\world\3-0\3-0.exe
c:\games\Rohan\world\3-1\3-1.exe
c:\games\Rohan\world\3-2\3-2.exe
c:\games\Rohan\world\3-3\3-3.exe
c:\games\Rohan\world\3-4\3-4.exe
c:\games\Rohan\world\4-0\4-0.exe
c:\games\Rohan\world\4-1\4-1.exe
c:\games\Rohan\world\4-4\4-4.exe
c:\games\Rohan\world\5-0\5-0.exe
c:\games\Rohan\world\5-1\5-1.exe
c:\games\Rohan\world\5-2\5-2.exe
c:\games\Rohan\world\5-3\5-3.exe
c:\games\Rohan\world\5-3\layer\layer.exe
c:\games\Rohan\world\5-4\5-4.exe
c:\games\Rohan\world\5-5\5-5.exe
c:\games\Rohan\world\6-0\6-0.exe
c:\games\Rohan\world\6-1\6-1.exe
c:\games\Rohan\world\6-2\6-2.exe
c:\games\Rohan\world\6-2\layer\layer.exe
c:\games\Rohan\world\minimap\minimap.exe
c:\games\Rohan\world\region\region.exe
c:\games\Rohan\world\srvattr\5-1\5-1.exe
c:\games\Rohan\world\srvattr\srvattr.exe
c:\games\Rohan\world\world.exe
c:\games\VanRO\_tmpEmblem\_tmpEmblem.exe
c:\games\VanRO\02-24-2009.play.ratemyserver.net.client\02-24-2009.play.ratemyserver.net.client.exe
c:\games\VanRO\AI\AI.exe
c:\games\VanRO\beta\beta.exe
c:\games\VanRO\beta\Book\Book.exe
c:\games\VanRO\beta\Dev\Dev.exe
c:\games\VanRO\beta\PatchClient\PatchClient.exe
c:\games\VanRO\beta\skin\default\basic_interface\basic_interface.exe
c:\games\VanRO\beta\skin\default\default.exe
c:\games\VanRO\beta\skin\default\login_interface\login_interface.exe
c:\games\VanRO\beta\skin\euRO\basic_interface\basic_interface.exe
c:\games\VanRO\beta\skin\euRO\euRO.exe
c:\games\VanRO\beta\skin\skin.exe
c:\games\VanRO\beta\sprite\npc\npc.exe
c:\games\VanRO\beta\sprite\sprite.exe
c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\À¯ÀúÀÎÅÍÆäÀ̀½º.exe
c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\basic_interface\basic_interface.exe
c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\illust\illust.exe
c:\games\VanRO\beta\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\login_interface\login_interface.exe
c:\games\VanRO\beta\texture\Aí-AuAIAIAaAI_o\Aí-AuAIAIAaAI_o.exe
c:\games\VanRO\beta\texture\Aí-AuAIAIAaAI_o\basic_interface\basic_interface.exe
c:\games\VanRO\beta\texture\Aí-AuAIAIAaAI_o\login_interface\login_interface.exe
c:\games\VanRO\beta\texture\effect\effect.exe
c:\games\VanRO\beta\texture\texture.exe
c:\games\VanRO\BGM\BGM.exe
c:\games\VanRO\Chat\Chat.exe
c:\games\VanRO\Chat_BM\Chat_BM.exe
c:\games\VanRO\Emblem\Emblem.exe
c:\games\VanRO\GameGuard\GameGuard.exe
c:\games\VanRO\neoncube\neoncube.exe
c:\games\VanRO\neoncube\vanro\vanro.exe
c:\games\VanRO\New Folder (2)\New Folder (2).exe
c:\games\VanRO\New Folder\data\data.exe
c:\games\VanRO\New Folder\data\Dev\Dev.exe
c:\games\VanRO\New Folder\data\PatchClient\PatchClient.exe
c:\games\VanRO\New Folder\data\skin\default\basic_interface\basic_interface.exe
c:\games\VanRO\New Folder\data\skin\default\default.exe
c:\games\VanRO\New Folder\data\skin\default\login_interface\login_interface.exe
c:\games\VanRO\New Folder\data\skin\euRO\basic_interface\basic_interface.exe
c:\games\VanRO\New Folder\data\skin\euRO\euRO.exe
c:\games\VanRO\New Folder\data\skin\skin.exe
c:\games\VanRO\New Folder\data\sprite\npc\npc.exe
c:\games\VanRO\New Folder\data\sprite\sprite.exe
c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\À¯ÀúÀÎÅÍÆäÀ̀½º.exe
c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\basic_interface\basic_interface.exe
c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\illust\illust.exe
c:\games\VanRO\New Folder\data\texture\À¯ÀúÀÎÅÍÆäÀ̀½º\login_interface\login_interface.exe
c:\games\VanRO\New Folder\data\texture\texture.exe
c:\games\VanRO\New Folder\New Folder.exe
c:\games\VanRO\PatchClient\PatchClient.exe
c:\games\VanRO\RagLite-DLL-1210\RagLite-DLL-1210.exe
c:\games\VanRO\ScreenShot\ScreenShot.exe
c:\games\VanRO\skin\default\basic_interface\basic_interface.exe
c:\games\VanRO\skin\default\default.exe
c:\games\VanRO\skin\scribbling kid\basic_interface\basic_interface.exe
c:\games\VanRO\skin\scribbling kid\scribbling kid.exe
c:\games\VanRO\skin\skin.exe
c:\games\WARCRAFT\Warcraft III 1.20e\AI Scripts\AI Scripts.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Campaigns\Campaigns.exe
c:\games\WARCRAFT\Warcraft III 1.20e\downloads\downloads.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Errors\Errors.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\Download\Download.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\downloads\downloads.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\FrozenThrone\FrozenThrone.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\FrozenThrone\Scenario\Scenario.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\Maps.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Maps\Scenario\Scenario.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Movies\Movies.exe
c:\games\WARCRAFT\Warcraft III 1.20e\redist\miles\miles.exe
c:\games\WARCRAFT\Warcraft III 1.20e\redist\redist.exe
c:\games\WARCRAFT\Warcraft III 1.20e\replay\replay.exe
c:\games\WARCRAFT\Warcraft III 1.20e\save\Multiplayer\Multiplayer.exe
c:\games\WARCRAFT\Warcraft III 1.20e\save\Profile1\Profile1.exe
c:\games\WARCRAFT\Warcraft III 1.20e\save\save.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\BattleNet\BattleNet.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Images\ClanIcons\ClanIcons.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Images\Images.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Images\Nav\Nav.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Layout\Layout.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Readme\Readme.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\support.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\Support\Support.exe
c:\games\WARCRAFT\Warcraft III 1.20e\support\WorldEdit\WorldEdit.exe
c:\games\WARCRAFT\Warcraft III 1.20e\Warcraft III 1.20e.exe
c:\games\WARCRAFT\WARCRAFT.exe
c:\internet cafe software\Internet Cafe Software.exe
c:\logs\logs.exe
c:\mobo\BIOSTAR N61VM21.1\BIOSTAR N61VM21.1.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\2kxp.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\Ethernet\Ethernet.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\Ethernet\NAM\NAM.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\IDE.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\Win2K.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\WinXP.exe
c:\mobo\BIOSTAR NF61V v1.0\2kxp\SMBus\SMBus.exe
c:\mobo\BIOSTAR NF61V v1.0\BIOSTAR NF61V v1.0.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\GA-M61VME-S2 (rev. 1.0).exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\Ethernet.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\NAM\NAM.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\MCP61.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\SMBus\SMBus.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\New Folder\New Folder.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\Config\Config.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\MSHDQFE.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\us\us.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\us\us.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\Win2K3.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\realtek.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\Vista\Vista.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\Vista64\Vista64.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\realtek\WDM\WDM.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\Ethernet\Ethernet.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\IDE.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\Win2K.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\WinXP.exe
c:\mobo\GA-M61VME-S2 (rev. 1.0)\Setup\SMBus\SMBus.exe
c:\mobo\GA_M61spm\GA_M61spm.exe
c:\mobo\GA_M61spm\MSHDQFE\MSHDQFE.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\ara\ara.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\br\br.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\chs\chs.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\cht\cht.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\cs\cs.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\da\da.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\el\el.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\es\es.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\fi\fi.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\fr\fr.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\ger\ger.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\heb\heb.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\hu\hu.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\it\it.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\jpn\jpn.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\kor\kor.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\nl\nl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\no\no.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\pl\pl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\pt\pt.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\ru\ru.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\sk\sk.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\sl\sl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\sv\sv.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\tr\tr.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\us\us.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\ara\ara.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\br\br.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\chs\chs.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\cht\cht.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\cs\cs.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\da\da.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\el\el.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\es\es.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\fi\fi.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\fr\fr.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\ger\ger.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\heb\heb.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\hu\hu.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\it\it.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\jpn\jpn.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\kor\kor.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\nl\nl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\no\no.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\pl\pl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\pt\pt.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\ru\ru.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\sk\sk.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\sl\sl.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\sv\sv.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\tr\tr.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\us\us.exe
c:\mobo\GA_M61spm\MSHDQFE\Win2K3\Win2K3.exe
c:\mobo\GA_M61spm\Realtek\Config\Config.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\MSHDQFE.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K_XP\us\us.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K3\us\us.exe
c:\mobo\GA_M61spm\Realtek\MSHDQFE\Win2K3\Win2K3.exe
c:\mobo\GA_M61spm\Realtek\Realtek.exe
c:\mobo\GA_M61spm\Realtek\Vista\Vista.exe
c:\mobo\GA_M61spm\Realtek\Vista64\Vista64.exe
c:\mobo\GA_M61spm\Realtek\WDM\WDM.exe
c:\mobo\GA_M61spm\Setup\Ethernet\Ethernet.exe
c:\mobo\GA_M61spm\Setup\IDE\IDE.exe
c:\mobo\GA_M61spm\Setup\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\GA_M61spm\Setup\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\GA_M61spm\Setup\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\GA_M61spm\Setup\IDE\Win2K\Win2K.exe
c:\mobo\GA_M61spm\Setup\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\GA_M61spm\Setup\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\GA_M61spm\Setup\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\GA_M61spm\Setup\IDE\WinXP\WinXP.exe
c:\mobo\GA_M61spm\Setup\SMBus\SMBus.exe
c:\mobo\L177WSB\L177WSB.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\2kxp.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\Ethernet\Ethernet.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\Ethernet\NAM\NAM.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\IDE.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\Win2K\Win2K.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\IDE\WinXP\WinXP.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\2kxp\SMBus\SMBus.exe
c:\mobo\MOBO DRIVER\BIOSTAR NF61V v1.0\BIOSTAR NF61V v1.0.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\GA-M61VME-S2 (rev. 1.0).exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\Ethernet.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\Ethernet\NAM\NAM.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\MCP61.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\MCP61\SMBus\SMBus.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\New Folder\New Folder.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\Config\Config.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\MSHDQFE.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\us\us.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K_XP\Win2K_XP.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\us\us.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\MSHDQFE\Win2K3\Win2K3.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\realtek.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\Vista\Vista.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\Vista64\Vista64.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\realtek\WDM\WDM.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\Ethernet\Ethernet.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\IDE.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\Win2K\Win2K.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\IDE\WinXP\WinXP.exe
c:\mobo\MOBO DRIVER\GA-M61VME-S2 (rev. 1.0)\Setup\SMBus\SMBus.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\Audio_Realtek-AC65x-850_3.74_all(2).exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\Ap\Ap.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\V3.74.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\WDM\WDM.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\Win95\Win95.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Audio_Realtek-AC65x-850_3.74_all(2)\V3.74\WinNT4\WinNT4.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\Ethernet\Ethernet.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\IDE.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\Win2K\Win2K.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\raidtool\raidtool.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\sata_ide\sata_ide.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\sataraid\sataraid.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\IDE\WinXP\WinXP.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\Chipset_NV-C51+MCP51_8.24_2k-XP\Chipset_NV-C51+MCP51_8.24_2k-XP\SMBus\SMBus.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce 6100\geforce 6100.exe
c:\mobo\MOBO DRIVER\geforce6100epox\geforce6100epox.exe
c:\mobo\MOBO DRIVER\MOBO DRIVER.exe
c:\mobo\mobo.exe
c:\pansa\Games\Games.exe
c:\pansa\Internet\Internet.exe
c:\pansa\Office\Office.exe
c:\pansa\pansa.exe
c:\rockstar games\GTA San Andreas\anim\anim.exe
c:\rockstar games\GTA San Andreas\audio\audio.exe
c:\rockstar games\GTA San Andreas\audio\CONFIG\CONFIG.exe
c:\rockstar games\GTA San Andreas\audio\SFX\SFX.exe
c:\rockstar games\GTA San Andreas\audio\streams\streams.exe
c:\rockstar games\GTA San Andreas\data\data.exe
c:\rockstar games\GTA San Andreas\data\Decision\Allowed\Allowed.exe
c:\rockstar games\GTA San Andreas\data\Decision\andyd\andyd.exe
c:\rockstar games\GTA San Andreas\data\Decision\chris\chris.exe
c:\rockstar games\GTA San Andreas\data\Decision\ChrisM\ChrisM.exe
c:\rockstar games\GTA San Andreas\data\Decision\Craig\Craig.exe
c:\rockstar games\GTA San Andreas\data\Decision\david\david.exe
c:\rockstar games\GTA San Andreas\data\Decision\Decision.exe
c:\rockstar games\GTA San Andreas\data\Decision\Imran\Imran.exe
c:\rockstar games\GTA San Andreas\data\Icons\Icons.exe
c:\rockstar games\GTA San Andreas\data\maps\country\country.exe
c:\rockstar games\GTA San Andreas\data\maps\generic\generic.exe
c:\rockstar games\GTA San Andreas\data\maps\interior\interior.exe
c:\rockstar games\GTA San Andreas\data\maps\LA\LA.exe
c:\rockstar games\GTA San Andreas\data\maps\leveldes\leveldes.exe
c:\rockstar games\GTA San Andreas\data\maps\maps.exe
c:\rockstar games\GTA San Andreas\data\maps\SF\SF.exe
c:\rockstar games\GTA San Andreas\data\maps\vegas\vegas.exe
c:\rockstar games\GTA San Andreas\data\maps\veh_mods\veh_mods.exe
c:\rockstar games\GTA San Andreas\data\Paths\Paths.exe
c:\rockstar games\GTA San Andreas\data\script\script.exe
c:\rockstar games\GTA San Andreas\filterscripts\filterscripts.exe
c:\rockstar games\GTA San Andreas\gamemodes\gamemodes.exe
c:\rockstar games\GTA San Andreas\GTA San Andreas.exe
c:\rockstar games\GTA San Andreas\models\coll\coll.exe
c:\rockstar games\GTA San Andreas\models\generic\generic.exe
c:\rockstar games\GTA San Andreas\models\grass\grass.exe
c:\rockstar games\GTA San Andreas\models\models.exe
c:\rockstar games\GTA San Andreas\models\txd\txd.exe
c:\rockstar games\GTA San Andreas\movies\movies.exe
c:\rockstar games\GTA San Andreas\pawno\include\include.exe
c:\rockstar games\GTA San Andreas\ReadMe\ReadMe.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\filterscripts\filterscripts.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\gamemodes\gamemodes.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\pawno\include\include.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\samp022server.win32.exe
c:\rockstar games\GTA San Andreas\samp022server.win32\scriptfiles\scriptfiles.exe
c:\rockstar games\GTA San Andreas\scriptfiles\scriptfiles.exe
c:\rockstar games\GTA San Andreas\text\text.exe
c:\rockstar games\Rockstar Games.exe
c:\rockstar games\samp022server.win32\filterscripts\filterscripts.exe
c:\rockstar games\samp022server.win32\gamemodes\gamemodes.exe
c:\rockstar games\samp022server.win32\pawno\include\include.exe
c:\rockstar games\samp022server.win32\samp022server.win32.exe
c:\rockstar games\samp022server.win32\scriptfiles\scriptfiles.exe
c:\sierra\Half-Life\cstrike\cl_dlls\cl_dlls.exe
c:\sierra\Half-Life\cstrike\classes\classes.exe
c:\sierra\Half-Life\cstrike\cstrike.exe
c:\sierra\Half-Life\cstrike\dlls\dlls.exe
c:\sierra\Half-Life\cstrike\events\events.exe
c:\sierra\Half-Life\cstrike\gfx\env\env.exe
c:\sierra\Half-Life\cstrike\gfx\gfx.exe
c:\sierra\Half-Life\cstrike\gfx\shell\shell.exe
c:\sierra\Half-Life\cstrike\gfx\vgui\vgui.exe
c:\sierra\Half-Life\cstrike\manual\manual.exe
c:\sierra\Half-Life\cstrike\maps\maps.exe
c:\sierra\Half-Life\cstrike\media\media.exe
c:\sierra\Half-Life\cstrike\models\models.exe
c:\sierra\Half-Life\cstrike\models\player\arctic\arctic.exe
c:\sierra\Half-Life\cstrike\models\player\gign\gign.exe
c:\sierra\Half-Life\cstrike\models\player\gsg9\gsg9.exe
c:\sierra\Half-Life\cstrike\models\player\guerilla\guerilla.exe
c:\sierra\Half-Life\cstrike\models\player\leet\leet.exe
c:\sierra\Half-Life\cstrike\models\player\player.exe
c:\sierra\Half-Life\cstrike\models\player\sas\sas.exe
c:\sierra\Half-Life\cstrike\models\player\terror\terror.exe
c:\sierra\Half-Life\cstrike\models\player\urban\urban.exe
c:\sierra\Half-Life\cstrike\models\player\vip\vip.exe
c:\sierra\Half-Life\cstrike\overviews\overviews.exe
c:\sierra\Half-Life\cstrike\PODBot\BotChats\BotChats.exe
c:\sierra\Half-Life\cstrike\PODBot\Docs\Docs.exe
c:\sierra\Half-Life\cstrike\PODBot\Docs\GFX\GFX.exe
c:\sierra\Half-Life\cstrike\PODBot\PODBot.exe
c:\sierra\Half-Life\cstrike\PODBot\Wptcs10\Wptcs10.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTCS11\WPTCS11.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTCS6.x\WPTCS6.x.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTCS71\WPTCS71.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTCustom\WPTCustom.exe
c:\sierra\Half-Life\cstrike\PODBot\WPTDefault\WPTDefault.exe
c:\sierra\Half-Life\cstrike\SAVE\SAVE.exe
c:\sierra\Half-Life\cstrike\sound\ambience\ambience.exe
c:\sierra\Half-Life\cstrike\sound\de_torn\de_torn.exe
c:\sierra\Half-Life\cstrike\sound\hostage\hostage.exe
c:\sierra\Half-Life\cstrike\sound\items\items.exe
c:\sierra\Half-Life\cstrike\sound\misc\misc.exe
c:\sierra\Half-Life\cstrike\sound\plats\plats.exe
c:\sierra\Half-Life\cstrike\sound\player\player.exe
c:\sierra\Half-Life\cstrike\sound\radio\radio.exe
c:\sierra\Half-Life\cstrike\sound\sound.exe
c:\sierra\Half-Life\cstrike\sound\storm\storm.exe
c:\sierra\Half-Life\cstrike\sound\weapons\weapons.exe
c:\sierra\Half-Life\cstrike\sprites\sprites.exe
c:\sierra\Half-Life\dmc\dlls\dlls.exe
c:\sierra\Half-Life\dmc\events\door\door.exe
c:\sierra\Half-Life\dmc\events\events.exe
c:\sierra\Half-Life\dmc\gfx\gfx.exe
c:\sierra\Half-Life\dmc\gfx\shell\shell.exe
c:\sierra\Half-Life\dmc\gfx\vgui\vgui.exe
c:\sierra\Half-Life\dmc\maps\maps.exe
c:\sierra\Half-Life\dmc\media\media.exe
c:\sierra\Half-Life\dmc\models\models.exe
c:\sierra\Half-Life\dmc\overviews\overviews.exe
c:\sierra\Half-Life\dmc\sound\ambience\ambience.exe
c:\sierra\Half-Life\dmc\sound\items\items.exe
c:\sierra\Half-Life\dmc\sound\misc\misc.exe
c:\sierra\Half-Life\dmc\sound\player\player.exe
c:\sierra\Half-Life\dmc\sound\sound.exe
c:\sierra\Half-Life\dmc\sound\weapons\weapons.exe
c:\sierra\Half-Life\dmc\sprites\sprites.exe
c:\sierra\Half-Life\gldrv\gldrv.exe
c:\sierra\Half-Life\Half-Life.exe
c:\sierra\Half-Life\logos\logos.exe
c:\sierra\Half-Life\tfc\cl_dlls\cl_dlls.exe
c:\sierra\Half-Life\tfc\classes\classes.exe
c:\sierra\Half-Life\tfc\dlls\dlls.exe
c:\sierra\Half-Life\tfc\events\door\door.exe
c:\sierra\Half-Life\tfc\events\events.exe
c:\sierra\Half-Life\tfc\events\explode\explode.exe
c:\sierra\Half-Life\tfc\events\misc\misc.exe
c:\sierra\Half-Life\tfc\events\wpn\wpn.exe
c:\sierra\Half-Life\tfc\gfx\env\env.exe
c:\sierra\Half-Life\tfc\gfx\gfx.exe
c:\sierra\Half-Life\tfc\gfx\shell\shell.exe
c:\sierra\Half-Life\tfc\gfx\vgui\vgui.exe
c:\sierra\Half-Life\tfc\manual\manual.exe
c:\sierra\Half-Life\tfc\maps\maps.exe
c:\sierra\Half-Life\tfc\media\media.exe
c:\sierra\Half-Life\tfc\models\models.exe
c:\sierra\Half-Life\tfc\models\player\civilian\civilian.exe
c:\sierra\Half-Life\tfc\models\player\demo\demo.exe
c:\sierra\Half-Life\tfc\models\player\engineer\engineer.exe
c:\sierra\Half-Life\tfc\models\player\hvyweapon\hvyweapon.exe
c:\sierra\Half-Life\tfc\models\player\medic\medic.exe
c:\sierra\Half-Life\tfc\models\player\player.exe
c:\sierra\Half-Life\tfc\models\player\pyro\pyro.exe
c:\sierra\Half-Life\tfc\models\player\scout\scout.exe
c:\sierra\Half-Life\tfc\models\player\sniper\sniper.exe
c:\sierra\Half-Life\tfc\models\player\soldier\soldier.exe
c:\sierra\Half-Life\tfc\models\player\spy\spy.exe
c:\sierra\Half-Life\tfc\overviews\overviews.exe
c:\sierra\Half-Life\tfc\sound\misc\misc.exe
c:\sierra\Half-Life\tfc\sound\sound.exe
c:\sierra\Half-Life\tfc\sound\vox\vox.exe
c:\sierra\Half-Life\tfc\sound\weapons\weapons.exe
c:\sierra\Half-Life\tfc\sprites\sprites.exe
c:\sierra\Half-Life\tfc\tfc.exe
c:\sierra\Half-Life\valve\cl_dlls\cl_dlls.exe
c:\sierra\Half-Life\valve\dlls\dlls.exe
c:\sierra\Half-Life\valve\events\events.exe
c:\sierra\Half-Life\valve\gfx\gfx.exe
c:\sierra\Half-Life\valve\gfx\shell\shell.exe
c:\sierra\Half-Life\valve\gfx\vgui\fonts\fonts.exe
c:\sierra\Half-Life\valve\gfx\vgui\vgui.exe
c:\sierra\Half-Life\valve\hw\hw.exe
c:\sierra\Half-Life\valve\maps\maps.exe
c:\sierra\Half-Life\valve\media\DrvPage\DrvPage.exe
c:\sierra\Half-Life\valve\media\media.exe
c:\sierra\Half-Life\valve\media\previews\img\img.exe
c:\sierra\Half-Life\valve\media\previews\media\media.exe
c:\sierra\Half-Life\valve\media\previews\previews.exe
c:\sierra\Half-Life\valve\models\models.exe
c:\sierra\Half-Life\valve\models\player\barney\barney.exe
c:\sierra\Half-Life\valve\models\player\gman\gman.exe
c:\sierra\Half-Life\valve\models\player\hgrunt\hgrunt.exe
c:\sierra\Half-Life\valve\models\player\player.exe
c:\sierra\Half-Life\valve\models\player\recon\recon.exe
c:\sierra\Half-Life\valve\models\player\robo\robo.exe
c:\sierra\Half-Life\valve\models\player\zombie\zombie.exe
c:\sierra\Half-Life\valve\overviews\overviews.exe
c:\sierra\Half-Life\valve\resource\resource.exe
c:\sierra\Half-Life\valve\scripts\scripts.exe
c:\sierra\Half-Life\valve\sprites\sprites.exe
c:\sierra\Half-Life\valve\valve.exe
c:\sierra\SIERRA.exe
c:\sotec\EN3165A\EN3165A.exe
c:\sotec\EN3189A\EN3189A.exe
c:\sotec\EN3547A\EN3547A.exe
c:\sotec\EN3547A\Win2K\Win2K.exe
c:\sotec\EN3547A\Win98\Win98.exe
c:\sotec\EN3547A\WinMe\WinMe.exe
c:\sotec\EN3547A\WinXP\WinXP.exe
c:\sotec\EN4769A\EN4769A.exe
c:\sotec\sis\a12112d\a12112d.exe
c:\sotec\sis\a12112d\a12112d\a12112d.exe
c:\sotec\sis\a12112d\a12112d\App\App.exe
c:\sotec\sis\a12112d\a12112d\NT40\NT40.exe
c:\sotec\sis\a12112d\a12112d\srv2003\srv2003.exe
c:\sotec\sis\a12112d\a12112d\Win2000\Win2000.exe
c:\sotec\sis\a12112d\a12112d\win95_98\win95_98.exe
c:\sotec\sis\a12112d\a12112d\Win98se\Win98se.exe
c:\sotec\sis\a12112d\a12112d\WinME\WinME.exe
c:\sotec\sis\a12112d\a12112d\WinXP\WinXP.exe
c:\sotec\sis\a12112d\a12112d\WS03XP64\WS03XP64.exe
c:\sotec\sis\awi2152\awi2152.exe
c:\sotec\sis\ide204a\ide204a.exe
c:\sotec\sis\ide204a\R204a\IDE\IDE.exe
c:\sotec\sis\ide204a\R204a\IDE\IdeUtil\IdeUtil.exe
c:\sotec\sis\ide204a\R204a\IDE\win2k\win2k.exe
c:\sotec\sis\ide204a\R204a\IDE\winxp\winxp.exe
c:\sotec\sis\ide204a\R204a\R204a.exe
c:\sotec\sis\ide204a\R204a\setupdir\0003\0003.exe
c:\sotec\sis\ide204a\R204a\setupdir\0005\0005.exe
c:\sotec\sis\ide204a\R204a\setupdir\0006\0006.exe
c:\sotec\sis\ide204a\R204a\setupdir\0007\0007.exe
c:\sotec\sis\ide204a\R204a\setupdir\0008\0008.exe
c:\sotec\sis\ide204a\R204a\setupdir\0009\0009.exe
c:\sotec\sis\ide204a\R204a\setupdir\000a\000a.exe
c:\sotec\sis\ide204a\R204a\setupdir\000b\000b.exe
c:\sotec\sis\ide204a\R204a\setupdir\000e\000e.exe
c:\sotec\sis\ide204a\R204a\setupdir\0010\0010.exe
c:\sotec\sis\ide204a\R204a\setupdir\0011\0011.exe
c:\sotec\sis\ide204a\R204a\setupdir\0012\0012.exe
c:\sotec\sis\ide204a\R204a\setupdir\0013\0013.exe
c:\sotec\sis\ide204a\R204a\setupdir\0014\0014.exe
c:\sotec\sis\ide204a\R204a\setupdir\0015\0015.exe
c:\sotec\sis\ide204a\R204a\setupdir\0019\0019.exe
c:\sotec\sis\ide204a\R204a\setupdir\001b\001b.exe
c:\sotec\sis\ide204a\R204a\setupdir\001d\001d.exe
c:\sotec\sis\ide204a\R204a\setupdir\001e\001e.exe
c:\sotec\sis\ide204a\R204a\setupdir\001f\001f.exe
c:\sotec\sis\ide204a\R204a\setupdir\0021\0021.exe
c:\sotec\sis\ide204a\R204a\setupdir\0024\0024.exe
c:\sotec\sis\ide204a\R204a\setupdir\002d\002d.exe
c:\sotec\sis\ide204a\R204a\setupdir\0404\0404.exe
c:\sotec\sis\ide204a\R204a\setupdir\040c\040c.exe
c:\sotec\sis\ide204a\R204a\setupdir\0416\0416.exe
c:\sotec\sis\ide204a\R204a\setupdir\0804\0804.exe
c:\sotec\sis\ide204a\R204a\setupdir\0816\0816.exe
c:\sotec\sis\ide204a\R204a\setupdir\0c0c\0c0c.exe
c:\sotec\sis\ide204a\R204a\setupdir\setupdir.exe
c:\sotec\sis\ide204a\R204a\SISfiles\SISfiles.exe
c:\sotec\sis\sis.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\3[1].73Logo.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\373_Logo.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\AGP.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\current.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN2000\WIN2000.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN2003\WIN2003.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN64\WIN64.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WIN98\WIN98.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WINME\WINME.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\current\WINXP\WINXP.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\old.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WIN2000\WIN2000.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WIN98\WIN98.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WINME\WINME.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\old\WINXP\WINXP.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\sisuagp\sisuagp.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\sisuagp\WIN32\WIN32.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGP\sisuagp\WIN64\WIN64.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\AGPPack.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\SISfiles\SISfiles.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\USB.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win2K_XP\Win2K_XP.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win2K_XP\WinXPUSB\WinXPUSB.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win9x\SiSFiles\SiSFiles.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\AGPPack\USB\Win9x\Win9x.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\Language\Language.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\NT4\NT4.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\setupDLL\setupDLL.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\SETUPRES\SETUPRES.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\9xBin\315\315.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\9xBin\9xBin.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\9xBin\Xabre\Xabre.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\ntBin\ntBin.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\utilDLL\utilDLL.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\3DWizard\3DWizard.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Gamma\Gamma.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\General\General.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\ICO\ICO.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Info\Info.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Manager\Manager.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Sistray\Sistray.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\UtilRes.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\UtilRes\Video\Video.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\Win98_ME\Win98_ME.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\WinXP_2K\WinXP_2K.exe
c:\sotec\sis\uvga3_373\3[1].73Logo\373_Logo\Setup\WinXP64\WinXP64.exe
c:\sotec\sis\uvga3_373\uvga3_373.exe
c:\sotec\SOTEC.exe
c:\zh_reborn_v5.0_the_last_stand\zh_reborn_v5.0_the_last_stand.exe
.
.
((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.
2009-03-14 08:24 . 2009-03-14 08:24 2,933,582 -ra------ c:\program files\ComboFix.exe
2009-03-13 07:39 . 2009-03-14 08:36 30 -rahs---- c:\windows\pc-off.bat
2009-03-11 22:55 . 2008-11-17 17:33 298,157 -rahs---- c:\windows\password_viewer.exe
2009-03-11 13:42 . 2009-03-11 13:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2009-03-11 12:33 . 2009-03-11 12:33 <DIR> d-------- c:\program files\SSC Service Utility
2009-03-11 11:48 . 2009-03-11 11:48 5,248 --a------ c:\windows\system32\giveio.sys
2009-03-11 02:01 . 2009-02-23 05:22 3,105,530 --a------ c:\windows\system32\GameMon.des
2009-03-08 15:41 . 2009-03-08 15:41 162 --ah----- C:\~$nus That can be prepared in different Patient.docx
2009-03-01 15:34 . 2009-03-01 15:34 162 --ah----- C:\~$abeg22.docx
2009-02-26 21:47 . 2009-02-26 21:47 <DIR> d-------- c:\program files\Imikimi
2009-02-26 19:21 . 2009-02-26 19:21 162 --ah----- C:\~$ring Basa.docx
2009-02-26 19:21 . 2009-02-26 19:21 162 --ah----- C:\~$Ina.docx
2009-02-22 16:13 . 2009-02-22 16:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Avira
2009-02-14 15:57 . 2009-02-14 15:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 00:36 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-03-12 12:50 --------- d-----w c:\program files\Caffe
2009-02-14 07:52 --------- d-----w c:\program files\Yahoo!
2009-02-13 06:01 1,478,486 ----a-w C:\attachments_2009_02_130.zip
2009-02-13 03:23 1,478,486 ----a-w C:\attachments_2009_02_13....zip
2009-02-12 16:26 --------- d-----w c:\program files\HighStreet 5
2009-02-12 16:12 --------- d-----w c:\program files\Garena
2009-01-18 13:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-15 10:33 231,077,053 ----a-w C:\CrazyKart_OBT.zip
2008-06-12 23:00 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2008-11-17 09:33 298,157 --sha-r c:\windows\password_viewer.exe
2004-08-03 22:56 165,141 --sha-r c:\windows\system32\zdljjssh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2008-06-02 1275904]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Caffe-Server"="c:\program files\Caffe\Server.exe" [2009-01-19 5387776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-09-19 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,password_viewer.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:H *
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6021:TCP"= 6021:TCP:ffognh
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2007-03-07 130584]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-10-10 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2008-10-10 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-10-10 41217]
S2 gqpwn;Config Server;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 mdrmsozkk;Center Update;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 sfosk;Microsoft Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-11-27 428160]
S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva197;XDva197;\??\c:\windows\system32\XDva197.sys --> c:\windows\system32\XDva197.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
mdrmsozkk
sfosk
gqpwn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##herick_server#H]
\Shell\AutoRun\command - Z:\SETUP.EXE
\Shell\configure\command - Z:\SETUP.EXE
\Shell\install\command - Z:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}]
\Shell\AutoRun\command - E:\kk3.bat
\Shell\explore\Command - E:\kk3.bat
\Shell\open\Command - E:\kk3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}]
\Shell\AutoRun\command - password_viewer.exe %1
\Shell\Explore\command - password_viewer.exe %1
\Shell\Open\command - password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}]
\Shell\Auto\command - Recycled/dllcache32.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
\Shell\explore\Command - Recycled/dllcache32.exe
\Shell\open\Command - Recycled/dllcache32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}]
\Shell\AutoRun\command - E:\password_viewer.exe %1
\Shell\Explore\command - E:\password_viewer.exe %1
\Shell\Open\command - E:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}]
\Shell\AutoPlay\Command - wscript.exe ntidr.vbs
\Shell\AutoRun\command - wscript.exe ntidr.vbs
\Shell\Explore\Command - wscript.exe ntidr.vbs
\Shell\Open\Command - wscript.exe ntidr.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1fd749-ed31-11dd-81fb-00e0b0f957ac}]
\Shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
\Shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}]
\Shell\AutoRun\command - 1u0o8bnq.cmd
\Shell\explore\Command - 1u0o8bnq.cmd
\Shell\open\Command - 1u0o8bnq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}]
\ShElL\autoplAy\coMMand - E:\kvogm.exe
\ShElL\AutoRun\command - E:\kvogm.exe
\ShElL\Explore\comMANd - E:\kvogm.exe
\ShElL\opeN\CoMmaNd - E:\kvogm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36473822-6a1b-11dd-b085-806d6172696f}]
\Shell\AutoRun\command - D:\kn6jhgc.cmd
\Shell\explore\Command - D:\kn6jhgc.cmd
\Shell\open\Command - D:\kn6jhgc.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36473823-6a1b-11dd-b085-806d6172696f}]
\Shell\AutoRun\command - E:\kn6jhgc.cmd
\Shell\explore\Command - E:\kn6jhgc.cmd
\Shell\open\Command - E:\kn6jhgc.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{477bb646-e04e-11dd-81dd-00e0b0f957ac}]
\Shell\AutoRun\command - E:\winlogon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b1e782-b387-11dd-8199-00e0b0f957ac}]
\Shell\AutoRun\command - e:\.system\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe
\Shell\open\command - e:\.system\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ee969d9-c8ba-11dd-81be-00e0b0f957ac}]
\Shell\AutoRun\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}]
\Shell\AutoRun\command - H:\Install.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57eaa3d3-fe28-11dd-821b-00e0b0f957ac}]
\Shell\AutoRun\command - E:\2fiy.bat
\Shell\open\Command - E:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da315e3-df84-11dd-81dc-00e0b0f957ac}]
\Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
\Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da315e4-df84-11dd-81dc-00e0b0f957ac}]
\Shell\AutoRun\command - F:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}]
\Shell\AutoRun\command - E:\r.bat
\Shell\explore\Command - E:\r.bat
\Shell\open\Command - E:\r.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8abae87e-becc-11dd-81ae-00e0b0f957ac}]
\Shell\AutoRun\command - wscript.exe sowar.vbs
\Shell\Open\Command - wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb81788-c71b-11dd-81bb-00e0b0f957ac}]
\Shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
\Shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb81789-c71b-11dd-81bb-00e0b0f957ac}]
\Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
\Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}]
\Shell\AutoRun\command - E:\no.com
\Shell\explore\Command - E:\no.com
\Shell\open\Command - E:\no.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1d3903-e4ec-11dd-81e8-00e0b0f957ac}]
\shell\explore\Command - E:\boot.exe
\shell\open\Command - E:\boot.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb00885a-e769-11dd-81f3-00e0b0f957ac}]
\Shell\AutoRun\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
\Shell\open\command - e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d10dfa20-b05f-11dd-8195-00e0b0f957ac}]
\Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
\Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73e907d-ca93-11dd-81c0-00e0b0f957ac}]
\Shell\AutoRun\command - wscript.exe sowar.vbs
\Shell\Open\Command - wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}]
\Shell\AutoRun\command - E:\r.bat
\Shell\explore\Command - E:\r.bat
\Shell\open\Command - E:\r.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}]
\Shell\AutoRun\command - E:\password_viewer.exe %1
\Shell\Explore\command - E:\password_viewer.exe %1
\Shell\Open\command - E:\password_viewer.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8a47035-07ba-11de-822d-00e0b0f957ac}]
\Shell\AutoRun\command - wscript.exe sowar.vbs
\Shell\Open\Command - wscript.exe sowar.vbs
.
Contents of the 'Scheduled Tasks' folder
2009-03-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:09]
2009-03-13 c:\windows\Tasks\At1.job
- c:\windows\system32\RVHOST.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Caffe-ICUpdater - c:\program files\Caffe\ICUpdater.exe
HKCU-Run-InternetCaffeUpdater - ICUpdater.exe
HKLM-Run-CafeClient - c:\progra~1\CAFEMA~1\CafeClient.exe
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
Notify-DfLogon - LogonDll.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 10.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: avsda.dll
TCP: {34D74BE8-0ABF-4AA5-809D-9DFF6D85E8DC} = 58.69.254.4,58.69.254.7
TCP: {34DC6105-39F8-4225-998B-C64886AB860D} = 58.69.254.4,58.69.254.7
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 08:36:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gqpwn]
"ServiceDll"="c:\program files\Movie Maker\zdljjssh.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mdrmsozkk]
"ServiceDll"="c:\windows\system32\zdljjssh.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sfosk]
"ServiceDll"="c:\program files\Internet Explorer\zdljjssh.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\relog_ap.dll
c:\windows\system32\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\windows\password_viewer.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\guardgui.exe
.
**************************************************************************
.
Completion time: 2009-03-14 8:39:09 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-03-14 00:39:07
Pre-Run: 78,200,942,592 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
1272
Attached Files
-
ComboFix.txt 72.94KB
1042 downloads
Edited by zNadz, 13 March 2009 - 06:52 PM.
#7
Posted 14 March 2009 - 06:58 AM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
I would like for you to submit a file for me to analyze.
I will need to you show hidden files\folders so we can find the file.
To Set:
Now: using Windows Explorer (to get there right-click your Start button and go to "Explore")
Then navigate to this location and upload the following file.
c:\windows\password_viewer.exe
Click Here to upload the file please.
=====================================
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
I will need to you show hidden files\folders so we can find the file.
To Set:
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK
Now: using Windows Explorer (to get there right-click your Start button and go to "Explore")
Then navigate to this location and upload the following file.
c:\windows\password_viewer.exe
Click Here to upload the file please.
=====================================
1. Please open Notepad
- Click Start , then Run
- type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Driver::
gqpwn
mdrmsozkk
sfosk
File::
c:\windows\password_viewer.exe
c:\windows\system32\zdljjssh.dll
E:\password_viewer.exe
E:\r.bat
c:\windows\system32\RVHOST.exe
c:\windows\Tasks\At1.job
e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
E:\boot.exe
e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\sys.exe
E:\2fiy.bat
e:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
e:\.system\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe
E:\winlogon.exe
E:\kn6jhgc.cmd
D:\kn6jhgc.cmd
E:\kvogm.exe
E:\kk3.bat
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\\WINDOWS\\system32\\userinit.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6021:TCP"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##herick_server#H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12e7157e-d941-11dd-81d3-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12e7157f-d941-11dd-81d3-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175a7fdc-bbbf-11dd-81a8-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1de41e83-cbda-11dd-81c2-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1fd748-ed31-11dd-81fb-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1fd749-ed31-11dd-81fb-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a8ad220-dd3c-11dd-81d9-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33bae6c2-f7fd-11dd-820c-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36473822-6a1b-11dd-b085-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36473823-6a1b-11dd-b085-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{477bb646-e04e-11dd-81dd-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b1e782-b387-11dd-8199-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e0629d7-65b2-11dd-a7b4-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ee969d9-c8ba-11dd-81be-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51b6d3aa-c656-11dd-81ba-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e07fc2-34f0-11dd-b63e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57eaa3d3-fe28-11dd-821b-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da315e3-df84-11dd-81dc-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da315e4-df84-11dd-81dc-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80dbea98-aece-11dd-8192-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8abae87e-becc-11dd-81ae-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb81788-c71b-11dd-81bb-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb81789-c71b-11dd-81bb-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a34bc7e-eaab-11dd-81f8-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1d3903-e4ec-11dd-81e8-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb00885a-e769-11dd-81f3-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d10dfa20-b05f-11dd-8195-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73e907d-ca93-11dd-81c0-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed044562-bd38-11dd-81ab-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1a41060-e174-11dd-81df-00e0b0f957ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8a47035-07ba-11de-822d-00e0b0f957ac}]
NetSvc::
mdrmsozkk
sfosk
gqpwn3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
