[code] OTS logfile created on: 1/10/2010 10:10:27 PM - Run 2 OTS by OldTimer - Version 3.1.14.0 Folder = C:\Documents and Settings\Bruche\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,012.00 Mb Total Physical Memory | 540.00 Mb Available Physical Memory | 53.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.20 Gb Total Space | 7.45 Gb Free Space | 5.20% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BRUCHEACER Current User Name: Bruche Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/01/06 22:59:22 | 00,307,672 | ---- | M] (Mozilla Corporation) avgtray.exe -> C:\Program Files\AVG\AVG9\avgtray.exe -> [2009/12/31 11:50:12 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) rtkbtmnt.exe -> C:\Documents and Settings\Bruche\Local Settings\Temp\RtkBtMnt.exe -> [2009/12/25 13:08:27 | 00,212,992 | ---- | M] (Realtek Semiconductor Corp.) ots.exe -> C:\Documents and Settings\Bruche\Desktop\OTS.exe -> [2009/12/25 11:40:25 | 00,599,552 | ---- | M] (OldTimer Tools) avgrsx.exe -> C:\Program Files\AVG\AVG9\avgrsx.exe -> [2009/12/12 16:34:55 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) avgnsx.exe -> C:\Program Files\AVG\AVG9\avgnsx.exe -> [2009/12/12 16:34:53 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) avgchsvx.exe -> C:\Program Files\AVG\AVG9\avgchsvx.exe -> [2009/11/30 16:54:09 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) avgcsrvx.exe -> C:\Program Files\AVG\AVG9\avgcsrvx.exe -> [2009/11/30 16:54:04 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) avgemc.exe -> C:\Program Files\AVG\AVG9\avgemc.exe -> [2009/11/30 16:53:57 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) avgwdsvc.exe -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2009/11/30 16:53:54 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/05 16:29:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2008/12/30 16:58:28 | 18,082,304 | ---- | M] (Realtek Semiconductor Corp.) wincinemamgr.exe -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe -> [2008/06/04 21:10:02 | 00,114,688 | ---- | M] (InterVideo Inc.) qtzgacer.exe -> C:\Program Files\Launch Manager\QtZgAcer.EXE -> [2008/05/13 22:14:34 | 00,821,768 | ---- | M] (Dritek System Inc.) syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2008/04/25 11:32:08 | 01,044,480 | ---- | M] (Synaptics, Inc.) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 15:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) igfxtray.exe -> C:\WINDOWS\system32\igfxtray.exe -> [2008/02/28 17:00:20 | 00,141,848 | ---- | M] (Intel Corporation) igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> [2008/02/28 17:00:16 | 00,256,536 | ---- | M] (Intel Corporation) igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> [2008/02/28 17:00:14 | 00,137,752 | ---- | M] (Intel Corporation) igfxext.exe -> C:\WINDOWS\system32\igfxext.exe -> [2008/02/28 17:00:10 | 00,170,520 | ---- | M] (Intel Corporation) hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> [2008/02/28 17:00:04 | 00,166,424 | ---- | M] (Intel Corporation) iviregmgr.exe -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 22:48:52 | 00,112,152 | R--- | M] (InterVideo) viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Modules - Safe List] ots.exe -> C:\Documents and Settings\Bruche\Desktop\OTS.exe -> [2009/12/25 11:40:25 | 00,599,552 | ---- | M] (OldTimer Tools) [Win32 Services - Safe List] (avg9emc) AVG Free E-mail Scanner [Auto | Running] -> C:\Program Files\AVG\AVG9\avgemc.exe -> [2009/11/30 16:53:57 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) (avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2009/11/30 16:53:54 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) (JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/05 16:29:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\WINDOWS\System32\GameMon.des -> [2009/02/18 17:21:00 | 02,769,658 | ---- | M] (INCA Internet Co., Ltd.) (IviRegMgr) IviRegMgr [Auto | Running] -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 22:48:52 | 00,112,152 | R--- | M] (InterVideo) (Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Driver Services - Safe List] (AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/11/30 16:54:29 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/11/30 16:54:29 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/11/30 16:54:29 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2009/01/06 21:00:08 | 04,968,448 | ---- | M] (Realtek Semiconductor Corp.) (RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtenicxp.sys -> [2008/10/30 23:14:20 | 00,117,888 | ---- | M] (Realtek Semiconductor Corporation ) (AR5416) Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\athw.sys -> [2008/08/20 22:47:46 | 01,318,464 | ---- | M] (Atheros Communications, Inc.) (M3000Srv) Acer Crystal Eye webcam Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\M3000KNT.sys -> [2008/08/06 15:54:14 | 00,151,936 | ---- | M] () (JMCR) JMCR [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\jmcr.sys -> [2008/07/08 12:16:26 | 00,096,856 | ---- | M] (JMicron Technology Corporation) (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2008/04/25 11:17:10 | 00,225,024 | ---- | M] (Synaptics, Inc.) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/14 15:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/14 15:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2008/04/14 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2008/02/15 15:12:06 | 05,854,752 | ---- | M] (Intel Corporation) (int15.sys) int15.sys [Kernel | On_Demand | Stopped] -> C:\Acer\Empowering Technology\eRecovery\int15.sys -> [2005/01/13 13:46:16 | 00,069,632 | ---- | M] () (NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\npptNT2.sys -> [2005/01/04 04:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) (DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\DKbFltr.SYS -> [2004/12/08 01:10:00 | 00,016,896 | ---- | M] (Dritek System Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aoa150 -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://aimzones.aol.com/homepage -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> -> HKEY_CURRENT_USER\: "ProxyEnable" -> 1 -> HKEY_CURRENT_USER\: "ProxyOverride" -> -> HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:5555 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Bruche\Application Data\Mozilla\FireFox\Profiles\rep0n4jq.default\prefs.js -> browser.search.defaultenginename -> "AIM Search" -> browser.search.defaulturl -> "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=" -> browser.search.selectedEngine -> "AIM Search" -> browser.search.suggest.enabled -> false -> browser.search.useDBForOrder -> true -> browser.startup.homepage -> "http://baka-updates.com/releases/index/filter/Fansub" -> extensions.enabledItems -> YoutubeDownloader@PeterOlayev.com:1.0 -> extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716 -> keyword.URL -> "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=" -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files\AVG\AVG9\Firefox [C:\PROGRAM FILES\AVG\AVG9\FIREFOX] -> [2009/12/13 22:46:25 | 00,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/06 22:59:32 | 00,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/01/06 22:59:32 | 00,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Bruche\Application Data\Mozilla\Extensions -> [2009/05/26 22:44:56 | 00,000,000 | ---D | M] -> C:\Documents and Settings\Bruche\Application Data\Mozilla\Extensions\mozswing@mozswing.org -> [2009/05/26 22:44:56 | 00,000,000 | ---D | M] -> C:\Documents and Settings\Bruche\Application Data\Mozilla\Firefox\Profiles\rep0n4jq.default\extensions -> [2010/01/08 15:54:10 | 00,000,000 | ---D | M] DownloadHelper -> C:\Documents and Settings\Bruche\Application Data\Mozilla\Firefox\Profiles\rep0n4jq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2009/10/14 20:50:32 | 00,000,000 | ---D | M] No name found -> C:\Documents and Settings\Bruche\Application Data\Mozilla\Firefox\Profiles\rep0n4jq.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} -> [2009/09/07 19:16:06 | 00,000,000 | ---D | M] -> C:\Documents and Settings\Bruche\Application Data\Mozilla\Firefox\Profiles\rep0n4jq.default\extensions\YoutubeDownloader@PeterOlayev.com -> [2009/10/29 11:44:55 | 00,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> MySpace.xml -> C:\Documents and Settings\Bruche\Application Data\Mozilla\Firefox\Profiles\rep0n4jq.default\searchplugins\MySpace.xml -> [2009/08/26 18:40:48 | 00,002,158 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2010/01/09 15:54:57 | 00,000,000 | ---D | M] < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/12 01:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated) {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/05/26 18:41:16 | 01,088,296 | ---- | M] (Skype Technologies S.A.) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2009/12/12 16:34:51 | 01,484,056 | ---- | M] (AVG Technologies CZ, s.r.o.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/05/05 16:29:04 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2008/06/19 18:20:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) "AVG9_TRAY" -> C:\Program Files\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2009/12/31 11:50:12 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) "AzMixerSel" -> C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe] -> [2006/07/18 00:40:30 | 00,053,248 | ---- | M] (Realtek Semiconductor Corp.) "eRecoveryService" -> C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [C:\Acer\Empowering Technology\eRecovery\eRAgent.exe] -> [2008/09/03 21:46:04 | 00,425,984 | ---- | M] (Acer Inc.) "HotKeysCmds" -> C:\WINDOWS\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2008/02/28 17:00:04 | 00,166,424 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\WINDOWS\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2008/02/28 17:00:20 | 00,141,848 | ---- | M] (Intel Corporation) "IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2008/04/14 15:00:00 | 00,208,952 | ---- | M] (Microsoft Corporation) "LaunchApp" -> C:\WINDOWS\Alaunch.exe [Alaunch] -> [2006/03/16 15:56:22 | 00,524,288 | ---- | M] (Acer Inc.) "LManager" -> C:\Program Files\Launch Manager\QtZgAcer.EXE [C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE] -> [2008/05/13 22:14:34 | 00,821,768 | ---- | M] (Dritek System Inc.) "M3000Mnt" -> [Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt] -> File not found "MSPY2002" -> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [2008/04/14 15:00:00 | 00,059,392 | ---- | M] () "Persistence" -> C:\WINDOWS\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2008/02/28 17:00:14 | 00,137,752 | ---- | M] (Intel Corporation) "PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2008/04/14 15:00:00 | 00,455,168 | ---- | M] (Microsoft Corporation) "PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2008/04/14 15:00:00 | 00,455,168 | ---- | M] (Microsoft Corporation) "RTHDCPL" -> C:\WINDOWS\RTHDCPL.EXE [RTHDCPL.EXE] -> [2008/12/30 16:58:28 | 18,082,304 | ---- | M] (Realtek Semiconductor Corp.) "SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2008/04/25 11:32:08 | 01,044,480 | ---- | M] (Synaptics, Inc.) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Desktop Software" -> C:\Program Files\Common Files\SupportSoft\bin\bcont.exe ["C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden] -> File not found "Google Update" -> C:\Documents and Settings\Bruche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\Bruche\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2009/12/29 17:40:01 | 00,135,664 | ---- | M] (Google Inc.) "PlayNC Launcher" -> [] -> File not found "Skype" -> C:\Program Files\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2009/05/26 18:41:16 | 24,264,488 | R--- | M] (Skype Technologies S.A.) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe -> [2008/06/04 21:10:02 | 00,114,688 | ---- | M] (InterVideo Inc.) < Bruche Startup Folder > -> C:\Documents and Settings\Bruche\Start Menu\Programs\Startup -> C:\Documents and Settings\Bruche\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] () C:\Documents and Settings\Bruche\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2008/12/15 12:40:44 | 00,384,000 | ---- | M] () < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2008/12/03 01:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation) {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2008/12/03 01:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation) {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2010/01/06 11:19:54 | 00,562,968 | ---- | M] (PokerStars) {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2009/05/26 18:41:16 | 01,088,296 | ---- | M] (Skype Technologies S.A.) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}" [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2008/12/03 01:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation) CmdMapping\\"{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2010/01/06 11:19:54 | 00,562,968 | ---- | M] (PokerStars) CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2009/05/26 18:41:16 | 01,088,296 | ---- | M] (Skype Technologies S.A.) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 68.87.68.166 68.87.74.166 192.168.1.1 68.87.68.166 68.87.74.166 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {8BD65950-8390-47C1-B1AF-DC316B3CAFBD}\\DhcpNameServer -> 68.87.68.166 68.87.74.166 192.168.1.1 68.87.68.166 68.87.74.166 (Atheros AR5007EG Wireless Network Adapter) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 15:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/11/30 16:54:14 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2008/02/15 14:45:40 | 00,208,896 | ---- | M] (Intel Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\NCsoft\Exteel\System\Exteel.exe" -> C:\Program Files\NCsoft\Exteel\System\Exteel.exe [C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel] -> File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2008/12/03 00:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2008/12/03 00:53:08 | 01,170,256 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> File not found "C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> File not found "C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> File not found "C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> File not found "C:\Program Files\AVG\AVG9\avgemc.exe" -> C:\Program Files\AVG\AVG9\avgemc.exe [C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe] -> [2009/11/30 16:53:57 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" -> C:\Program Files\AVG\AVG9\avgnsx.exe [C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/12/12 16:34:53 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" -> C:\Program Files\AVG\AVG9\avgupd.exe [C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/12/12 16:31:02 | 01,007,896 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2009/05/22 09:57:15 | 00,139,776 | ---- | M] (Lime Wire, LLC) "C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2010/01/06 22:59:22 | 00,307,672 | ---- | M] (Mozilla Corporation) "C:\Program Files\MySpace\IM\MySpaceIM.exe" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger] -> File not found "C:\Program Files\NCsoft\Exteel\System\Exteel.exe" -> C:\Program Files\NCsoft\Exteel\System\Exteel.exe [C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel] -> File not found "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009/05/26 18:41:16 | 24,264,488 | R--- | M] (Skype Technologies S.A.) "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/07/26 19:33:09 | 00,288,048 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2008/12/03 00:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2008/12/03 00:53:08 | 01,170,256 | ---- | M] (Microsoft Corporation) "C:\Program Files\World of Warcraft\Launcher.exe" -> C:\Program Files\World of Warcraft\Launcher.exe [C:\Program Files\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher] -> [2009/06/02 16:52:42 | 03,798,624 | ---- | M] (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/06/02 16:57:07 | 02,232,832 | ---- | M] (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2009/06/03 00:05:23 | 02,173,808 | ---- | M] (Blizzard Entertainment) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/20 13:11:40 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{ae3907b9-4489-11de-8d80-00242b8cea8f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae3907b9-4489-11de-8d80-00242b8cea8f}\Shell\AutoRun\command \{ae3907b9-4489-11de-8d80-00242b8cea8f}\Shell\AutoRun\command\\"" -> [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe] -> File not found \{ae3907b9-4489-11de-8d80-00242b8cea8f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae3907b9-4489-11de-8d80-00242b8cea8f}\Shell\open\command \{ae3907b9-4489-11de-8d80-00242b8cea8f}\Shell\open\command\\"" -> [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> [Files/Folders - Created Within 30 Days] PokerStars -> C:\Program Files\PokerStars -> [2010/01/06 11:19:39 | 00,000,000 | ---D | C] PokerStarsInstall.exe -> C:\Documents and Settings\Bruche\Desktop\PokerStarsInstall.exe -> [2010/01/06 11:15:51 | 09,749,984 | ---- | C] (PokerStars) Temp -> C:\Documents and Settings\Bruche\Local Settings\Application Data\Temp -> [2009/12/29 17:40:15 | 00,000,000 | ---D | C] ChromeSetup.exe -> C:\Documents and Settings\Bruche\Desktop\ChromeSetup.exe -> [2009/12/29 17:39:41 | 00,563,864 | ---- | C] (Google Inc.) Malwarebytes -> C:\Documents and Settings\Bruche\Application Data\Malwarebytes -> [2009/12/25 13:17:27 | 00,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/25 13:17:19 | 00,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/25 13:17:17 | 00,000,000 | ---D | C] mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/25 13:17:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/25 13:17:16 | 00,000,000 | ---D | C] avenger -> C:\Documents and Settings\Bruche\Desktop\avenger -> [2009/12/25 13:02:44 | 00,000,000 | ---D | C] _OTS -> C:\_OTS -> [2009/12/25 11:41:14 | 00,000,000 | ---D | C] OTS.exe -> C:\Documents and Settings\Bruche\Desktop\OTS.exe -> [2009/12/25 11:40:24 | 00,599,552 | ---- | C] (OldTimer Tools) MFC71.dll -> C:\WINDOWS\System32\MFC71.dll -> [2009/12/25 05:37:46 | 01,060,864 | ---- | C] (Microsoft Corporation) MSVCP71.dll -> C:\WINDOWS\System32\MSVCP71.dll -> [2009/12/25 05:37:46 | 00,499,712 | ---- | C] (Microsoft Corporation) Alwil Software -> C:\Program Files\Alwil Software -> [2009/12/25 05:37:42 | 00,000,000 | ---D | C] Panda Security -> C:\Program Files\Panda Security -> [2009/12/25 05:25:12 | 00,000,000 | ---D | C] ERDNT -> C:\WINDOWS\ERDNT -> [2009/12/25 04:34:07 | 00,000,000 | ---D | C] ERUNT -> C:\Program Files\ERUNT -> [2009/12/25 04:33:53 | 00,000,000 | ---D | C] TFC.exe -> C:\Documents and Settings\Bruche\Desktop\TFC.exe -> [2009/12/25 04:15:57 | 00,410,624 | ---- | C] (OldTimer Tools) Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/12/24 13:23:30 | 00,000,000 | ---D | M] Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/12/24 13:20:48 | 00,000,000 | ---D | M] avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2009/12/24 13:11:58 | 00,056,816 | ---- | C] (Avira GmbH) Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/11/30 16:51:03 | 00,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/11/30 16:51:03 | 00,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/11/30 16:51:03 | 00,000,000 | ---D | M] SACore -> C:\Documents and Settings\LocalService\Application Data\SACore -> [2009/05/05 05:11:02 | 00,000,000 | ---D | M] drvc.dll -> C:\WINDOWS\System32\drvc.dll -> [2004/11/24 14:25:52 | 00,335,872 | ---- | C] ( ) [Files/Folders - Modified Within 30 Days] prvlcl.dat -> C:\Documents and Settings\Bruche\Local Settings\Application Data\prvlcl.dat -> [2010/01/10 22:14:36 | 00,000,000 | ---- | M] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/01/10 22:09:53 | 00,443,034 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/01/10 22:09:52 | 00,072,134 | ---- | M] () PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/01/10 22:09:51 | 00,524,016 | ---- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/01/10 22:05:19 | 00,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/01/10 22:04:58 | 00,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/01/10 22:04:51 | 10,611,05664 | -HS- | M] () ntuser.dat -> C:\Documents and Settings\Bruche\ntuser.dat -> [2010/01/10 22:00:53 | 03,194,880 | ---- | M] () ntuser.ini -> C:\Documents and Settings\Bruche\ntuser.ini -> [2010/01/10 22:00:53 | 00,000,178 | -HS- | M] () IconCache.db -> C:\Documents and Settings\Bruche\Local Settings\Application Data\IconCache.db -> [2010/01/10 22:00:19 | 03,776,428 | -H-- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Bruche\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/01/10 21:53:09 | 00,044,032 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-312922198-1829784181-2104353545-1006UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-312922198-1829784181-2104353545-1006UA.job -> [2010/01/10 21:45:16 | 00,000,982 | ---- | M] () [T-N]Kamen_Rider_W_16SD[8633796B].avi.torrent -> C:\Documents and Settings\Bruche\Desktop\[T-N]Kamen_Rider_W_16SD[8633796B].avi.torrent -> [2010/01/10 21:23:04 | 00,018,947 | ---- | M] () [T-N]Kamen_Rider_W_15SD[8E452B7B].avi.torrent -> C:\Documents and Settings\Bruche\Desktop\[T-N]Kamen_Rider_W_15SD[8E452B7B].avi.torrent -> [2010/01/10 21:23:01 | 00,018,907 | ---- | M] () incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/01/10 20:42:17 | 47,690,391 | ---- | M] () microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2010/01/10 20:41:39 | 00,137,429 | ---- | M] () logo_120.jpg -> C:\Documents and Settings\Bruche\Desktop\logo_120.jpg -> [2010/01/08 11:28:00 | 00,014,458 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-312922198-1829784181-2104353545-1006Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-312922198-1829784181-2104353545-1006Core.job -> [2010/01/07 17:45:01 | 00,000,930 | ---- | M] () logo.zip -> C:\Documents and Settings\Bruche\Desktop\logo.zip -> [2010/01/07 14:26:58 | 00,121,511 | ---- | M] () l_0f9cc11336e7dad2d9be7fa5e95615fb.jpg -> C:\Documents and Settings\Bruche\Desktop\l_0f9cc11336e7dad2d9be7fa5e95615fb.jpg -> [2010/01/07 14:07:45 | 00,007,547 | ---- | M] () PokerStars.lnk -> C:\Documents and Settings\All Users\Desktop\PokerStars.lnk -> [2010/01/06 11:20:01 | 00,000,740 | ---- | M] () PokerStarsInstall.exe -> C:\Documents and Settings\Bruche\Desktop\PokerStarsInstall.exe -> [2010/01/06 11:18:52 | 09,749,984 | ---- | M] (PokerStars) gmer.zip -> C:\Documents and Settings\Bruche\Desktop\gmer.zip -> [2009/12/30 16:12:14 | 00,284,915 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Bruche\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/12/30 16:04:45 | 00,063,936 | ---- | M] () Google Chrome.lnk -> C:\Documents and Settings\Bruche\Desktop\Google Chrome.lnk -> [2009/12/29 17:42:37 | 00,002,297 | ---- | M] () ChromeSetup.exe -> C:\Documents and Settings\Bruche\Desktop\ChromeSetup.exe -> [2009/12/29 17:39:43 | 00,563,864 | ---- | M] (Google Inc.) atapi.sys -> C:\WINDOWS\System32\dllcache\atapi.sys -> [2009/12/27 01:50:03 | 00,096,512 | ---- | M] (Microsoft Corporation) immaletyoufinish.m4r -> C:\Documents and Settings\Bruche\Desktop\immaletyoufinish.m4r -> [2009/12/27 00:57:43 | 00,832,868 | ---- | M] () [T-N]Kamen_Rider_W_14SD[5ED1F08E].avi.torrent -> C:\Documents and Settings\Bruche\Desktop\[T-N]Kamen_Rider_W_14SD[5ED1F08E].avi.torrent -> [2009/12/25 15:32:11 | 00,018,967 | ---- | M] () [T-N]Gosei_Sentai_DaiRanger_01[2D9009A1]DVD.avi.torrent -> C:\Documents and Settings\Bruche\Desktop\[T-N]Gosei_Sentai_DaiRanger_01[2D9009A1]DVD.avi.torrent -> [2009/12/25 14:12:49 | 00,019,877 | ---- | M] () CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2009/12/25 13:36:15 | 00,002,577 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/12/25 13:17:23 | 00,000,700 | ---- | M] () srcr.dat -> C:\WINDOWS\System32\srcr.dat -> [2009/12/25 11:45:17 | 00,000,203 | ---- | M] () OTS.exe -> C:\Documents and Settings\Bruche\Desktop\OTS.exe -> [2009/12/25 11:40:25 | 00,599,552 | ---- | M] (OldTimer Tools) FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/25 11:26:36 | 00,264,616 | ---- | M] () ERUNT AutoBackup.lnk -> C:\Documents and Settings\Bruche\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/12/25 05:02:14 | 00,000,771 | ---- | M] () TFC.exe -> C:\Documents and Settings\Bruche\Desktop\TFC.exe -> [2009/12/25 04:15:58 | 00,410,624 | ---- | M] (OldTimer Tools) d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/12/25 00:35:52 | 00,000,664 | ---- | M] () System Restore.lnk -> C:\Documents and Settings\Bruche\Desktop\System Restore.lnk -> [2009/12/24 22:00:56 | 00,001,620 | ---- | M] () sysReserve.ini -> C:\Documents and Settings\All Users\Application Data\sysReserve.ini -> [2009/12/24 20:46:18 | 00,000,008 | ---- | M] () 6 C:\Documents and Settings\Bruche\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Bruche\Local Settings\Temp\*.tmp -> 6 C:\Documents and Settings\Bruche\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Bruche\Local Settings\Temp\*.tmp -> 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files - No Company Name] [T-N]Kamen_Rider_W_16SD[8633796B].avi.torrent -> C:\Documents and Settings\Bruche\Desktop\[T-N]Kamen_Rider_W_16SD[8633796B].avi.torrent -> [2010/01/10 21:23:02 | 00,018,947 | ---- | C] () [T-N]Kamen_Rider_W_15SD[8E452B7B].avi.torrent -> C:\Documents and Settings\Bruche\Desktop\[T-N]Kamen_Rider_W_15SD[8E452B7B].avi.torrent -> [2010/01/10 21:22:58 | 00,018,907 | ---- | C] () logo_120.jpg -> C:\Documents and Settings\Bruche\Desktop\logo_120.jpg -> [2010/01/07 14:27:14 | 00,014,458 | ---- | C] () logo.zip -> C:\Documents and Settings\Bruche\Desktop\logo.zip -> [2010/01/07 14:26:57 | 00,121,511 | ---- | C] () l_0f9cc11336e7dad2d9be7fa5e95615fb.jpg -> C:\Documents and Settings\Bruche\Desktop\l_0f9cc11336e7dad2d9be7fa5e95615fb.jpg -> [2010/01/07 14:07:42 | 00,007,547 | ---- | C] () PokerStars.lnk -> C:\Documents and Settings\All Users\Desktop\PokerStars.lnk -> [2010/01/06 11:20:01 | 00,000,740 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2009/12/30 16:27:51 | 10,611,05664 | -HS- | C] () gmer.zip -> C:\Documents and Settings\Bruche\Desktop\gmer.zip -> [2009/12/30 16:12:12 | 00,284,915 | ---- | C] () Google Chrome.lnk -> C:\Documents and Settings\Bruche\Desktop\Google Chrome.lnk -> [2009/12/29 17:42:37 | 00,002,297 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-312922198-1829784181-2104353545-1006UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-312922198-1829784181-2104353545-1006UA.job -> [2009/12/29 17:40:12 | 00,000,982 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-312922198-1829784181-2104353545-1006Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-312922198-1829784181-2104353545-1006Core.job -> [2009/12/29 17:40:08 | 00,000,930 | ---- | C] () immaletyoufinish.m4r -> C:\Documents and Settings\Bruche\Desktop\immaletyoufinish.m4r -> [2009/12/27 00:57:42 | 00,832,868 | ---- | C] () [T-N]Kamen_Rider_W_14SD[5ED1F08E].avi.torrent -> C:\Documents and Settings\Bruche\Desktop\[T-N]Kamen_Rider_W_14SD[5ED1F08E].avi.torrent -> [2009/12/25 15:32:09 | 00,018,967 | ---- | C] () [T-N]Gosei_Sentai_DaiRanger_01[2D9009A1]DVD.avi.torrent -> C:\Documents and Settings\Bruche\Desktop\[T-N]Gosei_Sentai_DaiRanger_01[2D9009A1]DVD.avi.torrent -> [2009/12/25 14:12:44 | 00,019,877 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/12/25 13:17:23 | 00,000,700 | ---- | C] () ERUNT AutoBackup.lnk -> C:\Documents and Settings\Bruche\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/12/25 04:33:56 | 00,000,771 | ---- | C] () d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/12/25 00:33:30 | 00,000,664 | ---- | C] () srcr.dat -> C:\WINDOWS\System32\srcr.dat -> [2009/12/24 20:47:56 | 00,000,203 | ---- | C] () sysReserve.ini -> C:\Documents and Settings\All Users\Application Data\sysReserve.ini -> [2009/12/24 20:46:18 | 00,000,008 | ---- | C] () prvlcl.dat -> C:\Documents and Settings\Bruche\Local Settings\Application Data\prvlcl.dat -> [2009/12/13 22:09:26 | 00,000,000 | ---- | C] () AviSplitter.INI -> C:\WINDOWS\AviSplitter.INI -> [2009/08/19 18:26:52 | 00,000,038 | ---- | C] () M3000DIF.dll -> C:\WINDOWS\System32\M3000DIF.dll -> [2009/05/05 05:02:10 | 00,233,472 | ---- | C] () M3000KNT.sys -> C:\WINDOWS\System32\drivers\M3000KNT.sys -> [2009/05/05 05:02:10 | 00,151,936 | ---- | C] () M3000Twn.ini -> C:\WINDOWS\M3000Twn.ini -> [2009/05/05 05:02:10 | 00,015,190 | ---- | C] () SASETS.INI -> C:\WINDOWS\SASETS.INI -> [2009/02/13 11:24:52 | 00,001,233 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2009/01/20 18:12:26 | 00,000,061 | ---- | C] () libavcodec.dll -> C:\WINDOWS\System32\libavcodec.dll -> [2008/12/19 10:15:58 | 04,338,246 | ---- | C] () ff_x264.dll -> C:\WINDOWS\System32\ff_x264.dll -> [2008/12/17 12:41:18 | 00,884,237 | ---- | C] () ff_wmv9.dll -> C:\WINDOWS\System32\ff_wmv9.dll -> [2008/12/17 12:22:58 | 00,093,184 | ---- | C] () ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2008/12/17 12:22:48 | 00,057,344 | ---- | C] () ff_theora.dll -> C:\WINDOWS\System32\ff_theora.dll -> [2008/12/17 12:17:34 | 00,239,247 | ---- | C] () libmplayer.dll -> C:\WINDOWS\System32\libmplayer.dll -> [2008/12/17 11:59:54 | 00,560,802 | ---- | C] () ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2008/12/11 06:27:02 | 00,000,547 | ---- | C] () oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2008/07/30 21:37:26 | 00,006,782 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2008/04/14 15:00:00 | 00,001,793 | ---- | C] () igfxCoIn_v4926.dll -> C:\WINDOWS\System32\igfxCoIn_v4926.dll -> [2008/02/15 15:21:56 | 00,147,456 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () ALaunch.ini -> C:\WINDOWS\ALaunch.ini -> [2005/03/28 17:45:26 | 00,000,135 | ---- | C] () ff_mpeg2enc.dll -> C:\WINDOWS\System32\ff_mpeg2enc.dll -> [2004/10/03 12:50:54 | 00,129,024 | ---- | C] () IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2002/11/22 05:57:26 | 00,204,800 | ---- | C] () IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2002/11/22 05:57:26 | 00,200,704 | ---- | C] () IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2002/11/22 05:57:26 | 00,192,512 | ---- | C] () IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2002/11/22 05:57:26 | 00,192,512 | ---- | C] () IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2002/11/22 05:57:26 | 00,188,416 | ---- | C] () IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2002/11/22 05:57:24 | 00,020,480 | ---- | C] () < End of report > [/code]