[code] OTS logfile created on: 2/4/2010 7:16:19 PM - Run 1 OTS by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Max\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 20.10 Gb Free Space | 13.49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THE_REVELATOR Current User Name: Max Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\Max\Desktop\OTS.exe -> [2010/02/04 15:48:02 | 000,632,320 | ---- | M] (OldTimer Tools) pnkbstrb.exe -> C:\WINDOWS\system32\PnkBstrB.exe -> [2009/12/25 14:04:58 | 000,107,832 | ---- | M] () pnkbstra.exe -> C:\WINDOWS\system32\PnkBstrA.exe -> [2009/12/25 14:04:47 | 000,066,872 | ---- | M] () avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) a2service.exe -> C:\Program Files\a-squared Free\a2service.exe -> [2008/12/06 21:34:53 | 000,419,448 | ---- | M] (Emsi Software GmbH) scmanager.sys -> C:\Program Files\SafeConnect\scManager.sys -> [2008/11/25 13:24:37 | 000,136,472 | ---- | M] (Impulse Point, LLC) applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) evteng.exe -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) wlkeeper.exe -> C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -> [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) s24evmon.exe -> C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -> [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) regsrvc.exe -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) wscntfy.exe -> C:\WINDOWS\system32\wscntfy.exe -> [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) nicconfigsvc.exe -> C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -> [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> [2008/02/22 05:46:00 | 000,155,716 | ---- | M] (NVIDIA Corporation) stacsv.exe -> C:\WINDOWS\system32\stacsv.exe -> [2007/12/05 17:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) tcsd_win32.exe -> C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -> [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () syncservices.exe -> C:\Program Files\Maxtor\Sync\SyncServices.exe -> [2007/09/28 11:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) tdmservice.exe -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -> [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) asfipmon.exe -> C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -> [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Modules - Safe List] ots.exe -> C:\Documents and Settings\Max\Desktop\OTS.exe -> [2010/02/04 15:48:02 | 000,632,320 | ---- | M] (OldTimer Tools) [Win32 Services - Safe List] (PnkBstrB) PnkBstrB [Auto | Running] -> C:\WINDOWS\system32\PnkBstrB.exe -> [2009/12/25 14:04:58 | 000,107,832 | ---- | M] () (PnkBstrA) PnkBstrA [Auto | Running] -> C:\WINDOWS\system32\PnkBstrA.exe -> [2009/12/25 14:04:47 | 000,066,872 | ---- | M] () (getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/11/06 09:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) (ASKUpgrade) ASKUpgrade [Auto | Stopped] -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 11:47:04 | 000,234,888 | ---- | M] () (gusvc) Google Software Updater [Auto | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/03/25 05:29:18 | 000,183,280 | ---- | M] (Google) (npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\WINDOWS\System32\GameMon.des -> [2009/03/10 17:42:00 | 003,121,464 | ---- | M] (INCA Internet Co., Ltd.) (ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) (a2free) a-squared Free Service [Auto | Running] -> C:\Program Files\a-squared Free\a2service.exe -> [2008/12/06 21:34:53 | 000,419,448 | ---- | M] (Emsi Software GmbH) (SCManager) SafeConnect Manager [Auto | Running] -> C:\Program Files\SafeConnect\scManager.sys -> [2008/11/25 13:24:37 | 000,136,472 | ---- | M] (Impulse Point, LLC) (iPod Service) iPod Service [On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 000,536,872 | ---- | M] (Apple Inc.) (Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) (Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) (EvtEng) Intel® PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) (WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -> [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) (S24EventMonitor) Intel® PROSet/Wireless WiFi Service [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -> [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) (RegSrvc) Intel® PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) (NICCONFIGSVC) NICCONFIGSVC [Auto | Running] -> C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -> [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) (NVSvc) NVIDIA Display Driver Service [Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> [2008/02/22 05:46:00 | 000,155,716 | ---- | M] (NVIDIA Corporation) (STacSV) SigmaTel Audio Service [Auto | Running] -> C:\WINDOWS\system32\stacsv.exe -> [2007/12/05 17:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) (tcsd_win32.exe) NTRU TSS v1.2.1.25 TCS [Auto | Running] -> C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -> [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () (Maxtor Sync Service) Maxtor Service [Auto | Running] -> C:\Program Files\Maxtor\Sync\SyncServices.exe -> [2007/09/28 11:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) (WaveEnrollmentService) WaveEnrollmentService [On_Demand | Stopped] -> C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -> [2007/09/13 14:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) (TdmService) TdmService [Auto | Running] -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -> [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) (SecureStorageService) SecureStorageService [On_Demand | Stopped] -> C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -> [2007/08/31 17:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) (stllssvr) stllssvr [On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2007/07/11 09:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) (Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) (ASFIPmon) Broadcom ASF IP and SMBIOS Mailbox Monitor [Auto | Running] -> C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -> [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Driver Services - Safe List] (avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2010/01/30 01:04:56 | 000,056,816 | ---- | M] (Avira GmbH) (Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2009/07/12 18:15:45 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) (NuidFltr) NUID filter driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nuidfltr.sys -> [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) (avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) (avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) (sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/02/05 16:25:16 | 000,685,816 | ---- | M] () (TVICHW32) TVICHW32 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\TVICHW32.SYS -> [2008/11/20 22:43:59 | 000,023,600 | ---- | M] (EnTech Taiwan) (pfmfs_201) pfmfs_201 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\pfmfs_201.sys -> [2008/11/03 19:22:36 | 000,149,688 | ---- | M] (Pismo Technic Inc.) (atksgt) atksgt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\atksgt.sys -> [2008/10/17 18:11:48 | 000,271,360 | ---- | M] () (lirsgt) lirsgt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\lirsgt.sys -> [2008/10/17 18:11:48 | 000,018,048 | ---- | M] () (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaapl.sys -> [2008/10/01 12:01:28 | 000,032,000 | ---- | M] (Apple, Inc.) (NETw5x32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw5x32.sys -> [2008/08/28 23:34:30 | 003,632,384 | ---- | M] (Intel Corporation) (s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2008/08/04 11:32:26 | 000,011,904 | ---- | M] (Intel Corporation) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) (RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rdpwd.sys -> [2008/04/13 19:13:22 | 000,139,656 | ---- | M] () (PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\raspptp.sys -> [2008/04/13 14:19:48 | 000,048,384 | ---- | M] () (Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rasl2tp.sys -> [2008/04/13 14:19:43 | 000,051,328 | ---- | M] () (RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\raspppoe.sys -> [2008/04/13 13:57:32 | 000,041,472 | ---- | M] () (splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\splitter.sys -> [2008/04/13 13:45:07 | 000,006,272 | ---- | M] () (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) (rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rdpdr.sys -> [2008/04/13 13:32:51 | 000,196,224 | ---- | M] () (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2008/02/22 05:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007/12/05 17:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2007/12/02 18:26:28 | 000,012,672 | ---- | M] (Conexant) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) (HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWAZL.sys -> [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) (TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tcusb.sys -> [2007/12/02 18:06:06 | 000,046,992 | ---- | M] (UPEK Inc.) (guardian2) guardian2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\oz776.sys -> [2007/11/28 16:18:24 | 000,062,208 | ---- | M] (O2Micro) (WavxDMgr) WavxDMgr [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\WavxDMgr.sys -> [2007/09/10 09:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) (PBADRV) PBADRV [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\PBADRV.sys -> [2007/09/07 09:57:14 | 000,026,608 | ---- | M] (Dell Inc) (WaveFDE) Wave System Power Monitor Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\WaveFDE.sys -> [2007/09/06 09:18:40 | 000,018,176 | ---- | M] (Windows (R) Codename Longhorn DDK provider) (NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\NETw4x32.sys -> [2007/08/12 18:05:34 | 002,211,456 | ---- | M] (Intel Corporation) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2007/07/26 03:00:00 | 000,043,872 | ---- | M] (Sonic Solutions) (DLADResM) DLADResM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLADResM.SYS -> [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) (DLABMFSM) DLABMFSM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLABMFSM.SYS -> [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) (DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -> [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) (DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -> [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) (DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -> [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) (DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLABOIOM.SYS -> [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) (DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAPoolM.SYS -> [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) (DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -> [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) (DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2007/07/23 14:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) (DLARTL_M) DLARTL_M [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_M.SYS -> [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) (DLACDBHM) DLACDBHM [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -> [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) (DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2007/07/23 14:43:42 | 000,052,000 | ---- | M] (Roxio) (MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mxopswd.sys -> [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) (CoachUsb) Coach Digital Camera on USB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CoachUsb.sys -> [2007/04/20 08:22:34 | 000,050,368 | ---- | M] (FotoNation Inc.) (CoachVid) CoachVid [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CoachVid.sys -> [2007/04/20 08:22:34 | 000,045,344 | ---- | M] (FotoNation Inc.) (ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Apfiltr.sys -> [2007/04/15 21:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) (b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2007/03/18 15:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) (BASFND) BASFND [Kernel | Auto | Running] -> C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -> [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) (Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\afc.sys -> [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) (DXEC01) DXEC01 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\dxec01.sys -> [2006/11/02 12:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) (APPDRV) APPDRV [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nwlnkfwd.sys -> [2004/08/04 05:00:00 | 000,032,512 | ---- | M] () (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 05:00:00 | 000,017,792 | ---- | M] () (Raspti) Direct Parallel [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\raspti.sys -> [2004/08/04 05:00:00 | 000,016,512 | ---- | M] () (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nwlnkflt.sys -> [2004/08/04 05:00:00 | 000,012,416 | ---- | M] () (vcdrom) Virtual CD-ROM Device Driver [File_System | System | Running] -> C:\Program Files\Virtual Cd\VCdRom.sys -> [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) (symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) (ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) (ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) (ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) (asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) (AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\e100b325.sys -> [2001/08/17 12:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625 -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us -> HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625 -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> C:\Program Files\AIM Toolbar\aimtb.dll [AIM Toolbar Search Class] -> [2009/05/06 13:14:26 | 001,279,272 | ---- | M] (AOL LLC.) < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625 -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625 -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625 -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625 -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\] > -> -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080625 -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: Main\\"Search Page" -> http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: Main\\"SearchMigratedDefaultName" -> Google -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: Main\\"Start Page" -> http://www.ask.com/?o=13920&l=dis -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: Search\\"SearchAssistant" -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> C:\Program Files\AIM Toolbar\aimtb.dll [AIM Toolbar Search Class] -> [2009/05/06 13:14:26 | 001,279,272 | ---- | M] (AOL LLC.) HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Max\Application Data\Mozilla\FireFox\Profiles\u22bdwzz.default\prefs.js -> browser.search.defaultenginename -> "Fast Browser Search" -> browser.search.defaultthis.engineName -> "FearFM Customized Web Search" -> browser.search.defaulturl -> "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" -> browser.search.order.1 -> "Fast Browser Search" -> browser.search.selectedEngine -> "Fast Browser Search" -> browser.search.useDBForOrder -> true -> browser.startup.homepage -> "http://www.google.com/" -> extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 -> extensions.enabledItems -> 6 -> extensions.enabledItems -> 2 -> extensions.enabledItems -> 49 -> extensions.enabledItems -> {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1 -> extensions.enabledItems -> lookingforgroupboom@lookingforgroup.com:1.2.3 -> extensions.enabledItems -> {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.9 -> extensions.enabledItems -> {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3 -> extensions.enabledItems -> {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2 -> extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 -> < FireFox Settings [User.js] > -> C:\Documents and Settings\Max\Application Data\Mozilla\FireFox\Profiles\u22bdwzz.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/12/18 17:52:30 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/12/18 17:52:30 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Max\Application Data\Mozilla\Extensions -> [2008/07/03 20:19:12 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions -> [2010/01/29 16:11:39 | 000,000,000 | ---D | M] Surf Canyon - Search Engine Assistant -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86} -> [2009/12/09 21:11:46 | 000,000,000 | ---D | M] No name found -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2) -> [2009/11/14 16:07:47 | 000,000,000 | ---D | M] FearFM Toolbar -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\{bab31fc4-cb97-46f4-9565-26d65225cc2c}(2) -> [2009/11/14 16:07:50 | 000,000,000 | ---D | M] My Web Tattoo (Fast Browser Search) -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} -> [2009/09/10 11:28:31 | 000,000,000 | ---D | M] No name found -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} -> [2009/06/16 00:55:27 | 000,000,000 | ---D | M] Adobe DLM (powered by getPlus(R)) -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2009/11/18 15:50:55 | 000,000,000 | ---D | M] User Agent Switcher -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} -> [2009/08/13 02:32:01 | 000,000,000 | ---D | M] No name found -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} -> [2009/08/27 00:11:38 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\chachaguidebar@chacha.com -> [2008/10/16 20:05:39 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\extensions\lookingforgroupboom@lookingforgroup.com -> [2009/12/09 21:11:45 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> ask.xml -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\searchplugins\ask.xml -> [2009/08/18 01:38:33 | 000,002,273 | ---- | M] () conduit.xml -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\searchplugins\conduit.xml -> [2009/07/01 14:06:30 | 000,000,872 | ---- | M] () yahoo.xml -> C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\u22bdwzz.default\searchplugins\yahoo.xml -> [2009/08/18 01:38:34 | 000,000,567 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2010/01/29 16:01:50 | 000,000,000 | ---D | M] < HOSTS File > (736 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 11:07:26 | 000,075,128 | ---- | M] (Adobe Systems Incorporated) {201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> [2009/04/02 11:47:00 | 000,333,192 | ---- | M] (Ask.com) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/03/14 02:50:10 | 000,251,504 | ---- | M] () {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2009/12/03 01:28:23 | 000,764,912 | ---- | M] (Google Inc.) {b0cda128-b425-4eef-a174-61a11ac5dbf8} [HKLM] -> C:\Program Files\AIM Toolbar\aimtb.dll [AIM Toolbar Loader] -> [2009/05/06 13:14:26 | 001,279,272 | ---- | M] (AOL LLC.) {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2009/03/14 02:50:10 | 000,522,224 | ---- | M] (Google Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/03/14 02:50:10 | 000,251,504 | ---- | M] () "{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2009/04/02 11:47:00 | 000,333,192 | ---- | M] (Ask.com) "{61539ecd-cc67-4437-a03c-9aaccbd14326}" [HKLM] -> C:\Program Files\AIM Toolbar\aimtb.dll [AIM Toolbar] -> [2009/05/06 13:14:26 | 001,279,272 | ---- | M] (AOL LLC.) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\] > -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/03/14 02:50:10 | 000,251,504 | ---- | M] () WebBrowser\\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2009/04/02 11:47:00 | 000,333,192 | ---- | M] (Ask.com) WebBrowser\\"{61539ECD-CC67-4437-A03C-9AACCBD14326}" [HKLM] -> C:\Program Files\AIM Toolbar\aimtb.dll [AIM Toolbar] -> [2009/05/06 13:14:26 | 001,279,272 | ---- | M] (AOL LLC.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) "NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/02/22 05:46:00 | 013,508,608 | ---- | M] (NVIDIA Corporation) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Max Startup Folder > -> C:\Documents and Settings\Max\Start Menu\Programs\Startup -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005] > -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005] > -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\] > -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Toolbar Search -> C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html [C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) {0b83c99c-1efa-4259-858f-bcb33e007a5b}:{61539ecd-cc67-4437-a03c-9aaccbd14326} [HKLM] -> C:\Program Files\AIM Toolbar\aimtb.dll [Button: AIM Toolbar] -> [2009/05/06 13:14:26 | 001,279,272 | ---- | M] (AOL LLC.) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\] > -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{0b83c99c-1efa-4259-858f-bcb33e007a5b}" [HKLM] -> C:\Program Files\AIM Toolbar\aimtb.dll [AIM Toolbar] -> [2009/05/06 13:14:26 | 001,279,272 | ---- | M] (AOL LLC.) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\] > -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\] > -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1095847050-280198039-1954373208-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab [PopCapLoader Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {FDD78290-5A82-4BF2-8001-4A6A3CCEB427}\\DhcpNameServer -> 216.68.1.100 216.68.2.100 (Intel(R) Wireless WiFi Link 4965AGN) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> gemsafe -> C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll -> [2006/11/16 15:20:28 | 000,073,728 | ---- | M] (Gemplus) ssqNdabA -> -> File not found < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> wvauth -> C:\WINDOWS\System32\wvauth.dll -> [2007/09/13 14:36:18 | 000,663,552 | ---- | M] (Wave Systems Corp.) *MultiFile Done* -> -> < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2009/05/19 00:23:16 | 000,049,968 | ---- | M] (AOL LLC) "C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> File not found "C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> File not found "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 02:17:27 | 000,010,800 | ---- | M] (AOL LLC) "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.) "C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe" -> C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe [C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:*:Enabled:Battlefield 2142] -> [2008/05/21 13:45:48 | 012,113,920 | ---- | M] () "C:\Program Files\Electronic Arts\EADM\Core.exe" -> C:\Program Files\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager] -> [2009/09/03 16:17:14 | 003,342,336 | ---- | M] (Electronic Arts) "C:\Program Files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe" -> C:\Program Files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe [C:\Program Files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:*:Enabled:Starship Troopers] -> File not found "C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe" -> C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe [C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London] -> [2009/01/31 19:33:42 | 006,448,448 | ---- | M] (Flagship Studios) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 014,294,824 | ---- | M] (Apple Inc.) "C:\Program Files\LucasArts\SWKotOR\launcher.exe" -> C:\Program Files\LucasArts\SWKotOR\launcher.exe [C:\Program Files\LucasArts\SWKotOR\launcher.exe:*:Enabled: Star Wars Knights of the Old Republic] -> [2003/11/04 16:52:12 | 000,476,672 | ---- | M] (BioWare Corp.) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2009/04/22 15:41:11 | 002,919,752 | ---- | M] () "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" -> C:\Program Files\Skype\Plugin Manager\skypePM.exe [C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager] -> [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) "C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" -> C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe [C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme] -> [2009/02/22 19:12:47 | 004,725,784 | ---- | M] () "C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" -> C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe [C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance] -> [2007/01/12 10:19:04 | 005,350,920 | ---- | M] (Gas Powered Games) "C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe" -> C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe [C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander] -> [2007/01/12 13:07:02 | 004,048,392 | ---- | M] (Gas Powered Games) "C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe" -> C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe [C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2] -> [2009/05/19 16:08:14 | 000,028,296 | ---- | M] (Ubisoft Entertainment) "C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe" -> C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe [C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor] -> [2009/01/28 17:35:08 | 001,171,456 | ---- | M] (Ubisoft Entertainment) "C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" -> C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe [C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater] -> [2008/10/02 13:34:14 | 000,619,144 | ---- | M] (Ubisoft) "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/10/21 02:35:07 | 000,289,072 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Ventrilo\Ventrilo.exe" -> C:\Program Files\Ventrilo\Ventrilo.exe [C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe] -> [2009/04/22 20:11:32 | 001,675,776 | ---- | M] (Flagship Industries, Inc.) "C:\WINDOWS\system32\PnkBstrA.exe" -> C:\WINDOWS\System32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] -> [2009/12/25 14:04:47 | 000,066,872 | ---- | M] () "C:\WINDOWS\system32\PnkBstrB.exe" -> C:\WINDOWS\System32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] -> [2009/12/25 14:04:58 | 000,107,832 | ---- | M] () < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{1fcc6a75-791d-11de-a65c-00217070f9e7} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fcc6a75-791d-11de-a65c-00217070f9e7}\Shell\AutoRun\command \{1fcc6a75-791d-11de-a65c-00217070f9e7}\Shell\AutoRun\command\\"" -> E:\WD_Windows_Tools\Setup.exe [E:\WD_Windows_Tools\Setup.exe] -> File not found \{4f9fa1e1-4961-11dd-bd3d-806d6172696f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f9fa1e1-4961-11dd-bd3d-806d6172696f}\Shell \{4f9fa1e1-4961-11dd-bd3d-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f9fa1e1-4961-11dd-bd3d-806d6172696f}\Shell\AutoRun \{4f9fa1e1-4961-11dd-bd3d-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f9fa1e1-4961-11dd-bd3d-806d6172696f}\Shell\AutoRun\command \{4f9fa1e1-4961-11dd-bd3d-806d6172696f}\Shell\AutoRun\command\\"" -> D:\autorun.exe [D:\autorun.exe] -> File not found \{4f9fa1e7-4961-11dd-bd3d-001f3b88f61d} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f9fa1e7-4961-11dd-bd3d-001f3b88f61d}\Shell \{4f9fa1e7-4961-11dd-bd3d-001f3b88f61d}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f9fa1e7-4961-11dd-bd3d-001f3b88f61d}\Shell\AutoRun \{4f9fa1e7-4961-11dd-bd3d-001f3b88f61d}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f9fa1e7-4961-11dd-bd3d-001f3b88f61d}\Shell\AutoRun\command \{4f9fa1e7-4961-11dd-bd3d-001f3b88f61d}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found \{8e44f1f2-19c3-11de-a650-00217070f9e7} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e44f1f2-19c3-11de-a650-00217070f9e7}\Shell \{8e44f1f2-19c3-11de-a650-00217070f9e7}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e44f1f2-19c3-11de-a650-00217070f9e7}\Shell\AutoRun \{8e44f1f2-19c3-11de-a650-00217070f9e7}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e44f1f2-19c3-11de-a650-00217070f9e7}\Shell\AutoRun\command \{8e44f1f2-19c3-11de-a650-00217070f9e7}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe] -> File not found \{bd28e766-5a1b-11de-a65a-00217070f9e7} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd28e766-5a1b-11de-a65a-00217070f9e7}\Shell\AutoRun\command \{bd28e766-5a1b-11de-a65a-00217070f9e7}\Shell\AutoRun\command\\"" -> [.\Encryption Tool\MaxtorEncryption.exe] -> File not found \{cdfb5d08-3ac2-11de-a659-00217070f9e7} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdfb5d08-3ac2-11de-a659-00217070f9e7}\Shell \{cdfb5d08-3ac2-11de-a659-00217070f9e7}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdfb5d08-3ac2-11de-a659-00217070f9e7}\Shell\AutoRun \{cdfb5d08-3ac2-11de-a659-00217070f9e7}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdfb5d08-3ac2-11de-a659-00217070f9e7}\Shell\AutoRun\command \{cdfb5d08-3ac2-11de-a659-00217070f9e7}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found \{e5444215-a172-11dd-bb6f-00217070f9e7} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5444215-a172-11dd-bb6f-00217070f9e7}\Shell \{e5444215-a172-11dd-bb6f-00217070f9e7}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5444215-a172-11dd-bb6f-00217070f9e7}\Shell\AutoRun \{e5444215-a172-11dd-bb6f-00217070f9e7}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5444215-a172-11dd-bb6f-00217070f9e7}\Shell\AutoRun\command \{e5444215-a172-11dd-bb6f-00217070f9e7}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found \{eee22075-39cd-11de-a659-00217070f9e7} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eee22075-39cd-11de-a659-00217070f9e7}\Shell\AutoRun\command \{eee22075-39cd-11de-a659-00217070f9e7}\Shell\AutoRun\command\\"" -> [.\Encryption Tool\MaxtorEncryption.exe] -> File not found \{f6253330-0c73-11df-af0e-e4d485da39cb} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6253330-0c73-11df-af0e-e4d485da39cb}\Shell \{f6253330-0c73-11df-af0e-e4d485da39cb}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6253330-0c73-11df-af0e-e4d485da39cb}\Shell\AutoRun \{f6253330-0c73-11df-af0e-e4d485da39cb}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> htmlfile [edit] -> Reg Error: Key error. htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> regfile [merge] -> Reg Error: Key error. scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> txtfile [edit] -> Reg Error: Key error. Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 12/25/2009 3:07:47 PM Computer Name = THE_REVELATOR | Source = MsiInstaller | ID = 1013 -> Description = Product: Microsoft .NET Framework 2.0 -- Setup cannot continue because this version of the .NET Framework is incompatible with a previously installed one. For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp Application [ Error ] 12/25/2009 5:23:06 PM Computer Name = THE_REVELATOR | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 -> Description = Application [ Error ] 12/25/2009 5:23:08 PM Computer Name = THE_REVELATOR | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 -> Description = Application [ Error ] 12/28/2009 3:14:32 PM Computer Name = THE_REVELATOR | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 12/30/2009 3:32:30 AM Computer Name = THE_REVELATOR | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 -> Description = Application [ Error ] 1/28/2010 10:15:52 PM Computer Name = THE_REVELATOR | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module rasdlg.dll, version 5.1.2600.5512, fault address 0x00039de9. Application [ Error ] 1/28/2010 10:15:59 PM Computer Name = THE_REVELATOR | Source = Application Error | ID = 1000 -> Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Application [ Error ] 1/29/2010 4:49:59 AM Computer Name = THE_REVELATOR | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 -> Description = Application [ Error ] 1/30/2010 1:24:35 AM Computer Name = THE_REVELATOR | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 1/30/2010 1:24:35 AM Computer Name = THE_REVELATOR | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 12/25/2009 3:07:47 PM Computer Name = THE_REVELATOR | Source = MsiInstaller | ID = 1013 -> Description = Product: Microsoft .NET Framework 2.0 -- Setup cannot continue because this version of the .NET Framework is incompatible with a previously installed one. For more information, see http://support.microsoft.com/support/kb/articles/q312/5/00.asp Application [ Error ] 12/25/2009 5:23:06 PM Computer Name = THE_REVELATOR | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 -> Description = Application [ Error ] 12/25/2009 5:23:08 PM Computer Name = THE_REVELATOR | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 -> Description = Application [ Error ] 12/28/2009 3:14:32 PM Computer Name = THE_REVELATOR | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 12/30/2009 3:32:30 AM Computer Name = THE_REVELATOR | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 -> Description = Application [ Error ] 1/28/2010 10:15:52 PM Computer Name = THE_REVELATOR | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module rasdlg.dll, version 5.1.2600.5512, fault address 0x00039de9. Application [ Error ] 1/28/2010 10:15:59 PM Computer Name = THE_REVELATOR | Source = Application Error | ID = 1000 -> Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Application [ Error ] 1/29/2010 4:49:59 AM Computer Name = THE_REVELATOR | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0 -> Description = Application [ Error ] 1/30/2010 1:24:35 AM Computer Name = THE_REVELATOR | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 1/30/2010 1:24:35 AM Computer Name = THE_REVELATOR | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. System [ Error ] 1/31/2010 4:17:31 PM Computer Name = THE_REVELATOR | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 System [ Error ] 1/31/2010 4:17:31 PM Computer Name = THE_REVELATOR | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip System [ Error ] 1/31/2010 4:50:19 PM Computer Name = THE_REVELATOR | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 1/31/2010 4:50:27 PM Computer Name = THE_REVELATOR | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} System [ Error ] 1/31/2010 5:16:35 PM Computer Name = THE_REVELATOR | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 2/2/2010 2:18:41 PM Computer Name = THE_REVELATOR | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: APPDRV avgio avipbb Fips ssmdrv System [ Error ] 2/2/2010 2:32:00 PM Computer Name = THE_REVELATOR | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 2/2/2010 3:58:47 PM Computer Name = THE_REVELATOR | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 2/4/2010 4:42:16 PM Computer Name = THE_REVELATOR | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. System [ Error ] 2/4/2010 5:56:15 PM Computer Name = THE_REVELATOR | Source = Service Control Manager | ID = 7011 -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service. [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Documents and Settings\Max\Desktop\OTS.exe -> [2010/02/04 19:12:53 | 000,632,320 | ---- | C] (OldTimer Tools) Feb4Inte -> C:\Documents and Settings\Max\Desktop\Feb4Inte -> [2010/02/04 15:50:33 | 000,000,000 | ---D | C] NTRU Cryptosystems -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems -> [2010/02/04 15:41:10 | 000,000,000 | ---D | M] TFC.exe -> C:\Documents and Settings\Max\Desktop\TFC.exe -> [2010/01/31 14:10:45 | 000,439,808 | ---- | C] (OldTimer Tools) OTL.exe -> C:\Documents and Settings\Max\Desktop\OTL.exe -> [2010/01/31 14:10:34 | 000,548,864 | ---- | C] (OldTimer Tools) avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2010/01/30 00:24:06 | 000,096,104 | ---- | C] (Avira GmbH) avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2010/01/30 00:24:06 | 000,056,816 | ---- | C] (Avira GmbH) avgntdd.sys -> C:\WINDOWS\System32\drivers\avgntdd.sys -> [2010/01/30 00:24:06 | 000,045,416 | ---- | C] (Avira GmbH) avgntmgr.sys -> C:\WINDOWS\System32\drivers\avgntmgr.sys -> [2010/01/30 00:24:06 | 000,022,360 | ---- | C] (Avira GmbH) ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2010/01/30 00:24:02 | 000,028,520 | ---- | C] (Avira GmbH) Avira -> C:\Program Files\Avira -> [2010/01/30 00:24:01 | 000,000,000 | ---D | C] Avira -> C:\Documents and Settings\All Users\Application Data\Avira -> [2010/01/30 00:24:01 | 000,000,000 | ---D | C] ERDNT -> C:\WINDOWS\ERDNT -> [2010/01/29 11:37:46 | 000,000,000 | ---D | C] ERUNT -> C:\Program Files\ERUNT -> [2010/01/29 11:36:41 | 000,000,000 | ---D | C] !!!Security -> C:\Documents and Settings\Max\Desktop\!!!Security -> [2010/01/29 10:36:39 | 000,000,000 | ---D | C] CSC -> C:\WINDOWS\CSC -> [2010/01/29 04:15:00 | 000,000,000 | -HSD | C] Help -> C:\Documents and Settings\Max\Local Settings\Application Data\Help -> [2010/01/28 21:13:52 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/28 20:43:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/28 20:43:16 | 000,019,160 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/01/28 20:43:16 | 000,000,000 | ---D | C] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2010/01/28 20:31:04 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2010/01/28 20:31:04 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2010/01/28 20:31:04 | 000,000,000 | ---D | M] Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2010/01/28 20:31:04 | 000,000,000 | ---D | M] Malwarebytes' Anti-Malware -> C:\Documents and Settings\Max\Desktop\Malwarebytes' Anti-Malware -> [2010/01/28 20:22:30 | 000,000,000 | ---D | C] found.000 -> C:\found.000 -> [2010/01/28 11:19:20 | 000,000,000 | -HSD | C] hal.dll -> C:\WINDOWS\System32\hal.dll -> [2010/01/28 09:57:00 | 000,105,344 | ---- | C] (Microsoft Corporation) Intel -> C:\Documents and Settings\NetworkService\Application Data\Intel -> [2008/12/06 20:46:43 | 000,000,000 | ---D | M] Intel -> C:\Documents and Settings\LocalService\Application Data\Intel -> [2008/12/06 20:46:43 | 000,000,000 | ---D | M] Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2008/10/16 17:20:33 | 000,000,000 | ---D | M] Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2008/10/16 17:20:33 | 000,000,000 | ---D | M] Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2000/08/14 22:18:02 | 000,000,000 | ---D | M] [Files/Folders - Modified Within 30 Days] nvModes.001 -> C:\WINDOWS\System32\nvModes.001 -> [2010/02/04 19:12:51 | 000,106,497 | ---- | M] () wrxtmnzu.job -> C:\WINDOWS\tasks\wrxtmnzu.job -> [2010/02/04 16:00:00 | 000,000,290 | ---- | M] () OTS.exe -> C:\Documents and Settings\Max\Desktop\OTS.exe -> [2010/02/04 15:48:02 | 000,632,320 | ---- | M] (OldTimer Tools) eumghx9k.exe -> C:\eumghx9k.exe -> [2010/02/04 15:43:14 | 000,293,376 | ---- | M] () nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2010/02/04 15:41:23 | 000,159,449 | ---- | M] () Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2010/02/04 15:41:19 | 000,000,868 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/02/04 15:41:15 | 000,002,206 | ---- | M] () KPEX.job -> C:\WINDOWS\tasks\KPEX.job -> [2010/02/04 15:40:51 | 000,000,298 | -HS- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/04 15:40:51 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/04 15:40:48 | 000,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/02/04 15:40:44 | 2145,353,728 | -HS- | M] () ntuser.ini -> C:\Documents and Settings\Max\ntuser.ini -> [2010/02/02 14:58:48 | 000,000,178 | -HS- | M] () ntuser.dat -> C:\Documents and Settings\Max\ntuser.dat -> [2010/02/02 14:58:47 | 005,767,168 | ---- | M] () avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2010/01/30 01:04:56 | 000,056,816 | ---- | M] (Avira GmbH) Avira AntiVir Control Center.lnk -> C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk -> [2010/01/30 00:24:18 | 000,001,707 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Max\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/01/29 16:04:49 | 000,031,456 | ---- | M] () ERUNT.lnk -> C:\Documents and Settings\Max\Desktop\ERUNT.lnk -> [2010/01/29 11:36:42 | 000,000,592 | ---- | M] () win.ini -> C:\WINDOWS\win.ini -> [2010/01/29 11:08:52 | 000,000,881 | ---- | M] () system.ini -> C:\WINDOWS\system.ini -> [2010/01/29 11:08:52 | 000,000,243 | ---- | M] () gmer.zip -> C:\Documents and Settings\Max\Desktop\gmer.zip -> [2010/01/29 10:18:28 | 000,284,915 | ---- | M] () TFC.exe -> C:\Documents and Settings\Max\Desktop\TFC.exe -> [2010/01/29 10:17:02 | 000,439,808 | ---- | M] (OldTimer Tools) OTL.exe -> C:\Documents and Settings\Max\Desktop\OTL.exe -> [2010/01/29 04:14:02 | 000,548,864 | ---- | M] (OldTimer Tools) hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/01/29 02:52:07 | 000,000,736 | ---- | M] () imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/01/29 01:24:13 | 000,004,566 | ---- | M] () PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/01/29 01:24:05 | 000,610,668 | ---- | M] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/01/29 01:24:05 | 000,508,406 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/01/29 01:24:05 | 000,092,118 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/01/28 20:43:20 | 000,000,696 | ---- | M] () rkill.com -> C:\Documents and Settings\Max\Desktop\rkill.com -> [2010/01/25 15:54:34 | 000,263,168 | ---- | M] () mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [Files - No Company Name] eumghx9k.exe -> C:\eumghx9k.exe -> [2010/02/04 16:30:47 | 000,293,376 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2010/02/04 15:40:44 | 2145,353,728 | -HS- | C] () Avira AntiVir Control Center.lnk -> C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk -> [2010/01/30 00:24:18 | 000,001,707 | ---- | C] () gmer.exe -> C:\Documents and Settings\Max\Desktop\gmer.exe -> [2010/01/29 17:09:28 | 000,293,376 | ---- | C] () gmer.zip -> C:\Documents and Settings\Max\Desktop\gmer.zip -> [2010/01/29 17:09:18 | 000,284,915 | ---- | C] () ERUNT.lnk -> C:\Documents and Settings\Max\Desktop\ERUNT.lnk -> [2010/01/29 11:36:42 | 000,000,592 | ---- | C] () rkill.com -> C:\Documents and Settings\Max\Desktop\rkill.com -> [2010/01/28 21:04:38 | 000,263,168 | ---- | C] () avira_antivir_personal_en.exe -> C:\Documents and Settings\Max\Desktop\avira_antivir_personal_en.exe -> [2010/01/28 20:46:23 | 030,909,992 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/01/28 20:43:20 | 000,000,696 | ---- | C] () CmdLineExt03.dll -> C:\WINDOWS\System32\CmdLineExt03.dll -> [2009/12/07 02:29:19 | 000,043,520 | ---- | C] () xfcodec.dll -> C:\WINDOWS\System32\xfcodec.dll -> [2009/09/25 17:20:28 | 000,041,872 | ---- | C] () WAR2R.INI -> C:\WINDOWS\WAR2R.INI -> [2009/07/16 11:25:27 | 000,000,026 | ---- | C] () iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [2009/07/15 20:34:57 | 000,056,320 | ---- | C] () SimPark.ini -> C:\WINDOWS\SimPark.ini -> [2009/07/15 19:39:32 | 000,000,219 | ---- | C] () {789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2009/07/06 19:25:21 | 000,000,262 | ---- | C] () sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2009/02/05 16:25:15 | 000,685,816 | ---- | C] () SIntfNT.dll -> C:\WINDOWS\System32\SIntfNT.dll -> [2008/12/14 21:40:42 | 000,021,840 | ---- | C] () SIntf32.dll -> C:\WINDOWS\System32\SIntf32.dll -> [2008/12/14 21:40:42 | 000,017,212 | ---- | C] () SIntf16.dll -> C:\WINDOWS\System32\SIntf16.dll -> [2008/12/14 21:40:42 | 000,012,067 | ---- | C] () SIMANT.DLL -> C:\WINDOWS\System32\SIMANT.DLL -> [2008/11/18 16:45:04 | 000,107,520 | ---- | C] () VERMONT1.DLL -> C:\WINDOWS\System32\VERMONT1.DLL -> [2008/11/18 16:45:04 | 000,027,136 | ---- | C] () VRX1.DLL -> C:\WINDOWS\System32\VRX1.DLL -> [2008/11/18 16:45:04 | 000,012,416 | ---- | C] () psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2008/11/13 17:30:37 | 000,354,816 | ---- | C] () atksgt.sys -> C:\WINDOWS\System32\drivers\atksgt.sys -> [2008/10/17 18:11:48 | 000,271,360 | ---- | C] () lirsgt.sys -> C:\WINDOWS\System32\drivers\lirsgt.sys -> [2008/10/17 18:11:48 | 000,018,048 | ---- | C] () PnkBstrK.sys -> C:\WINDOWS\System32\drivers\PnkBstrK.sys -> [2008/10/16 13:37:22 | 000,022,328 | ---- | C] () dump_wmimmc(3).sys -> C:\WINDOWS\System32\drivers\dump_wmimmc(3).sys -> [2008/07/15 18:34:21 | 000,000,000 | ---- | C] () dump_wmimmc(2).sys -> C:\WINDOWS\System32\drivers\dump_wmimmc(2).sys -> [2008/07/13 04:40:55 | 000,000,000 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2008/06/24 18:34:09 | 000,000,061 | ---- | C] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2008/06/24 18:30:37 | 000,000,234 | ---- | C] () splitter.sys -> C:\WINDOWS\System32\drivers\splitter.sys -> [2008/06/24 18:27:33 | 000,006,272 | ---- | C] () GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/06/24 18:24:38 | 000,031,456 | ---- | C] () pbadrvdll.dll -> C:\WINDOWS\System32\pbadrvdll.dll -> [2008/06/24 18:19:22 | 000,080,368 | ---- | C] () bioapi_mds300.dll -> C:\WINDOWS\System32\bioapi_mds300.dll -> [2008/06/24 18:16:47 | 000,143,360 | ---- | C] () bioapi100.dll -> C:\WINDOWS\System32\bioapi100.dll -> [2008/06/24 18:16:47 | 000,106,496 | ---- | C] () nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2008/06/24 17:50:38 | 001,703,936 | ---- | C] () nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2008/06/24 17:50:38 | 001,019,904 | ---- | C] () nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2008/06/24 17:50:37 | 000,466,944 | ---- | C] () nview.dll -> C:\WINDOWS\System32\nview.dll -> [2008/06/24 17:50:36 | 001,482,752 | ---- | C] () OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2008/06/24 17:49:07 | 000,001,120 | ---- | C] () vbzlib1.dll -> C:\WINDOWS\System32\vbzlib1.dll -> [2007/10/17 09:17:52 | 000,073,728 | ---- | C] () AmRes_ru.dll -> C:\WINDOWS\System32\AmRes_ru.dll -> [2007/09/13 14:42:30 | 000,499,712 | ---- | C] () AmRes_pt-BR.dll -> C:\WINDOWS\System32\AmRes_pt-BR.dll -> [2007/09/13 14:42:30 | 000,471,040 | ---- | C] () AmRes_it.dll -> C:\WINDOWS\System32\AmRes_it.dll -> [2007/09/13 14:42:28 | 000,487,424 | ---- | C] () AmRes_fr.dll -> C:\WINDOWS\System32\AmRes_fr.dll -> [2007/09/13 14:42:28 | 000,487,424 | ---- | C] () AmRes_ko.dll -> C:\WINDOWS\System32\AmRes_ko.dll -> [2007/09/13 14:42:28 | 000,462,848 | ---- | C] () AmRes_ja.dll -> C:\WINDOWS\System32\AmRes_ja.dll -> [2007/09/13 14:42:28 | 000,458,752 | ---- | C] () AmRes_es.dll -> C:\WINDOWS\System32\AmRes_es.dll -> [2007/09/13 14:42:26 | 000,487,424 | ---- | C] () AmRes_de.dll -> C:\WINDOWS\System32\AmRes_de.dll -> [2007/09/13 14:42:26 | 000,487,424 | ---- | C] () AmRes_en.dll -> C:\WINDOWS\System32\AmRes_en.dll -> [2007/09/13 14:42:26 | 000,466,944 | ---- | C] () AmRes_zh-CHT.dll -> C:\WINDOWS\System32\AmRes_zh-CHT.dll -> [2007/09/13 14:42:26 | 000,434,176 | ---- | C] () AmRes_zh-CHS.dll -> C:\WINDOWS\System32\AmRes_zh-CHS.dll -> [2007/09/13 14:36:24 | 000,438,272 | ---- | C] () Internationalization_pt.dll -> C:\WINDOWS\System32\Internationalization_pt.dll -> [2007/09/12 15:05:08 | 000,102,400 | ---- | C] () Internationalization_zh-CHT.dll -> C:\WINDOWS\System32\Internationalization_zh-CHT.dll -> [2007/09/12 15:04:46 | 000,086,016 | ---- | C] () Internationalization_ko.dll -> C:\WINDOWS\System32\Internationalization_ko.dll -> [2007/09/12 15:04:26 | 000,090,112 | ---- | C] () Internationalization_es.dll -> C:\WINDOWS\System32\Internationalization_es.dll -> [2007/09/12 15:04:06 | 000,102,400 | ---- | C] () Internationalization_ru.dll -> C:\WINDOWS\System32\Internationalization_ru.dll -> [2007/09/12 15:03:44 | 000,098,304 | ---- | C] () Internationalization_ja.dll -> C:\WINDOWS\System32\Internationalization_ja.dll -> [2007/09/12 15:03:24 | 000,090,112 | ---- | C] () Internationalization_it.dll -> C:\WINDOWS\System32\Internationalization_it.dll -> [2007/09/12 15:03:04 | 000,102,400 | ---- | C] () Internationalization_de.dll -> C:\WINDOWS\System32\Internationalization_de.dll -> [2007/09/12 15:02:44 | 000,102,400 | ---- | C] () Internationalization_fr.dll -> C:\WINDOWS\System32\Internationalization_fr.dll -> [2007/09/12 15:02:22 | 000,102,400 | ---- | C] () Internationalization_zh-CHS.dll -> C:\WINDOWS\System32\Internationalization_zh-CHS.dll -> [2007/09/12 15:02:02 | 000,086,016 | ---- | C] () wxvault.dll -> C:\WINDOWS\System32\wxvault.dll -> [2007/09/10 09:53:26 | 000,262,144 | ---- | C] () DemoLicense.dll -> C:\WINDOWS\System32\DemoLicense.dll -> [2007/06/15 10:19:20 | 000,835,584 | ---- | C] () xltZlib.dll -> C:\WINDOWS\System32\xltZlib.dll -> [2006/08/14 11:02:10 | 000,072,192 | ---- | C] () id3vx_ocx.dll -> C:\WINDOWS\System32\id3vx_ocx.dll -> [2006/06/29 16:19:26 | 000,135,168 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 000,030,808 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 000,026,489 | ---- | C] () AgCPanelTraditionalChinese.dll -> C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll -> [2006/06/12 14:43:22 | 000,045,056 | ---- | C] () AgCPanelSwedish.dll -> C:\WINDOWS\System32\AgCPanelSwedish.dll -> [2006/06/12 14:43:22 | 000,045,056 | ---- | C] () AgCPanelSpanish.dll -> C:\WINDOWS\System32\AgCPanelSpanish.dll -> [2006/06/12 14:43:22 | 000,045,056 | ---- | C] () AgCPanelSimplifiedChinese.dll -> C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll -> [2006/06/12 14:43:22 | 000,045,056 | ---- | C] () AgCPanelPortugese.dll -> C:\WINDOWS\System32\AgCPanelPortugese.dll -> [2006/06/12 14:43:22 | 000,045,056 | ---- | C] () AgCPanelKorean.dll -> C:\WINDOWS\System32\AgCPanelKorean.dll -> [2006/06/12 14:43:22 | 000,045,056 | ---- | C] () AgCPanelJapanese.dll -> C:\WINDOWS\System32\AgCPanelJapanese.dll -> [2006/06/12 14:43:22 | 000,045,056 | ---- | C] () AgCPanelGerman.dll -> C:\WINDOWS\System32\AgCPanelGerman.dll -> [2006/06/12 14:43:22 | 000,045,056 | ---- | C] () AgCPanelFrench.dll -> C:\WINDOWS\System32\AgCPanelFrench.dll -> [2006/06/12 14:43:22 | 000,045,056 | ---- | C] () tsp.dll -> C:\WINDOWS\tsp.dll -> [2006/06/12 08:01:16 | 000,348,160 | ---- | C] () GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 000,029,779 | ---- | C] () GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 000,026,040 | ---- | C] () vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2005/12/31 13:19:08 | 001,097,728 | ---- | C] () ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2005/12/31 13:13:14 | 000,024,576 | ---- | C] () lmgr10.dll -> C:\WINDOWS\System32\lmgr10.dll -> [2004/09/10 13:34:00 | 000,917,504 | ---- | C] () ADsSecurity.dll -> C:\WINDOWS\System32\ADsSecurity.dll -> [2004/09/10 13:34:00 | 000,057,344 | ---- | C] () orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/11 17:24:19 | 000,000,791 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/11 17:11:31 | 000,001,793 | ---- | C] () rdpwd.sys -> C:\WINDOWS\System32\drivers\rdpwd.sys -> [2004/08/11 17:11:27 | 000,139,656 | ---- | C] () rdpdr.sys -> C:\WINDOWS\System32\drivers\rdpdr.sys -> [2004/08/11 17:11:24 | 000,196,224 | ---- | C] () rasl2tp.sys -> C:\WINDOWS\System32\drivers\rasl2tp.sys -> [2004/08/11 17:00:29 | 000,051,328 | ---- | C] () raspptp.sys -> C:\WINDOWS\System32\drivers\raspptp.sys -> [2004/08/11 17:00:29 | 000,048,384 | ---- | C] () raspppoe.sys -> C:\WINDOWS\System32\drivers\raspppoe.sys -> [2004/08/11 17:00:29 | 000,041,472 | ---- | C] () raspti.sys -> C:\WINDOWS\System32\drivers\raspti.sys -> [2004/08/11 17:00:29 | 000,016,512 | ---- | C] () ptilink.sys -> C:\WINDOWS\System32\drivers\ptilink.sys -> [2004/08/11 17:00:28 | 000,017,792 | ---- | C] () nwlnkfwd.sys -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys -> [2004/08/11 17:00:25 | 000,032,512 | ---- | C] () nwlnkflt.sys -> C:\WINDOWS\System32\drivers\nwlnkflt.sys -> [2004/08/11 17:00:25 | 000,012,416 | ---- | C] () lame_enc.dll -> C:\WINDOWS\System32\lame_enc.dll -> [2003/05/07 00:11:58 | 000,233,472 | ---- | C] () MP2enc.dll -> C:\WINDOWS\System32\MP2enc.dll -> [2002/01/14 20:36:28 | 000,172,032 | ---- | C] () SIERRA.INI -> C:\WINDOWS\SIERRA.INI -> [2000/08/25 15:40:56 | 000,000,547 | ---- | C] () [File - Lop Check] Electronic Arts -> C:\Documents and Settings\All Users\Application Data\Electronic Arts -> [2009/01/15 19:53:33 | 000,000,000 | ---D | M] MailFrontier -> C:\Documents and Settings\All Users\Application Data\MailFrontier -> [2008/07/03 20:26:25 | 000,000,000 | ---D | M] Maxtor -> C:\Documents and Settings\All Users\Application Data\Maxtor -> [2009/06/16 15:42:07 | 000,000,000 | ---D | M] Musicnotes -> C:\Documents and Settings\All Users\Application Data\Musicnotes -> [2009/05/06 21:10:18 | 000,000,000 | ---D | M] muvee Technologies -> C:\Documents and Settings\All Users\Application Data\muvee Technologies -> [2008/12/28 07:29:04 | 000,000,000 | ---D | M] NTRU Cryptosystems -> C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems -> [2008/06/24 18:16:20 | 000,000,000 | ---D | M] PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [2008/11/20 22:39:21 | 000,000,000 | ---D | M] PMB Files -> C:\Documents and Settings\All Users\Application Data\PMB Files -> [2009/04/22 15:41:39 | 000,000,000 | ---D | M] PopCap -> C:\Documents and Settings\All Users\Application Data\PopCap -> [2009/02/13 15:41:24 | 000,000,000 | ---D | M] TrackMania -> C:\Documents and Settings\All Users\Application Data\TrackMania -> [2009/02/18 20:37:34 | 000,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2009/06/15 18:26:39 | 000,000,000 | ---D | M] Wave Systems Corp -> C:\Documents and Settings\All Users\Application Data\Wave Systems Corp -> [2008/06/24 18:23:59 | 000,000,000 | ---D | M] {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/11/26 20:27:37 | 000,000,000 | ---D | M] Wave Systems Corp -> C:\Documents and Settings\Default User\Application Data\Wave Systems Corp -> [2008/06/24 18:22:53 | 000,000,000 | ---D | M] acccore -> C:\Documents and Settings\Max\Application Data\acccore -> [2008/07/10 22:38:46 | 000,000,000 | ---D | M] Command & Conquer 3 Tiberium Wars -> C:\Documents and Settings\Max\Application Data\Command & Conquer 3 Tiberium Wars -> [2009/12/30 19:39:02 | 000,000,000 | ---D | M] EVEMon -> C:\Documents and Settings\Max\Application Data\EVEMon -> [2009/12/22 16:13:08 | 000,000,000 | ---D | M] InfraRecorder -> C:\Documents and Settings\Max\Application Data\InfraRecorder -> [2008/11/20 21:13:08 | 000,000,000 | ---D | M] Mount&Blade -> C:\Documents and Settings\Max\Application Data\Mount&Blade -> [2009/02/26 03:22:00 | 000,000,000 | ---D | M] muvee Technologies -> C:\Documents and Settings\Max\Application Data\muvee Technologies -> [2008/12/28 07:53:15 | 000,000,000 | ---D | M] Red Alert 3 Demo -> C:\Documents and Settings\Max\Application Data\Red Alert 3 Demo -> [2009/02/26 02:29:20 | 000,000,000 | ---D | M] SecondLife -> C:\Documents and Settings\Max\Application Data\SecondLife -> [2009/06/20 23:14:09 | 000,000,000 | ---D | M] uTorrent -> C:\Documents and Settings\Max\Application Data\uTorrent -> [2010/01/28 15:15:13 | 000,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\Max\Application Data\Viewpoint -> [2008/07/27 00:07:46 | 000,000,000 | ---D | M] Wave Systems Corp -> C:\Documents and Settings\Max\Application Data\Wave Systems Corp -> [2009/11/14 16:06:13 | 000,000,000 | ---D | M] KPEX.job -> C:\WINDOWS\Tasks\KPEX.job -> [2010/02/04 15:40:51 | 000,000,298 | -HS- | M] () wrxtmnzu.job -> C:\WINDOWS\Tasks\wrxtmnzu.job -> [2010/02/04 16:00:00 | 000,000,290 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > eumghx9k.exe -> C:\eumghx9k.exe -> [2010/02/04 15:43:14 | 000,293,376 | ---- | M] () install.exe -> C:\install.exe -> [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) < MD5 Scans Start> < %systemdrive%\AGP440.SYS /md5 /s > AGP440.sys : .cab file -> C:\i386\sp2.cab:AGP440.sys -> [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys -> [2008/07/03 20:49:56 | 023,852,652 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2008/07/03 20:49:56 | 023,852,652 | ---- | M] () agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\i386\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ServicePackFiles\i386\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\system32\drivers\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys -> [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS /md5 /s > atapi.sys : .cab file -> C:\i386\sp2.cab:atapi.sys -> [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys -> [2008/07/03 20:49:56 | 023,852,652 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2008/07/03 20:49:56 | 023,852,652 | ---- | M] () atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\i386\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\drivers\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) < %systemdrive%\EVENTLOG.DLL /md5 /s > eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\i386\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) < %systemdrive%\NETLOGON.DLL /md5 /s > netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\i386\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) < %systemdrive%\SCECLI.DLL /md5 /s > scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\i386\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < c:\$recycle.bin\*.* /s > Restore point Set: OTS Restore Point (0) < End of report > [/code]