BSOD!! need help fast!

I don't know what happened, but I have reason to suspect a trojan is involved.
Was playing a game and all the sudden a BSoD flashed and my computer restarted. Then, during the windows boot up animation screen, BSoD again ad infinitum. Starting in "last good configuration" and in safe mode don't work either as it gets stuck and says "press esc to stop loading 'file x' " and never gets passed that. The furthest into the boot I've gotten is through Debug mode where I actually get to see my wallpaper, but there's a spash screen saying "loading your personal setting", and that never happens.
I'd really not like to purchase windows again and wipe to computer. I've got a lot of important college work on that hard drive and it would be such a bleep to try to copy it all out onto another disk. Is there any hope for repairing my installation? I have windows boot disks, but don't know enough to attempt a repair through there. the only command I've used is the one that rewrites the boot protocol, but that did nothing.
Please help!! I do so much work at this computer it's really horrible for it to go down. Especially so close to finals. grrr!

Edited by Budapest, 21 April 2010 - 04:55 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We Need to Diagnose Your BlueScreen

1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
2. Select "Disable Automatic Restart on System Failure", as shown here:
   
3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
   

==========

We need to create an OTL Report

• Please download OTLPE Network-ISO from this location:
  http://ottools.noahdfear.net/OTLPE_Network.iso
• Save it to the desktop of a functional computer.
  • Download BurnCDCC
    http://www.hiren.info/download/freeware/BurnCDCC.zip
  • Unzip and run BurnCDCC
  • Select "Browse" and choose the OTLPE ISO
  • Check "Read verify", "Finalize" and "Auto eject"
  • Choose 32x speed and press "Start"

After you have successfully burned the OTLPE ISO to disc you will need to transfer the disc to the CD drive of your sick computer and boot from it.

• Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
• If your PC is not booting from the CD, you need to change the boot order:
  • Restart your PC
  • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
  • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
  • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
  • The tab should now show your current boot order.
    If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
  • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your CD.
  • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
• Please be patient as "Windows" loads
• Your system should now display a REATOGO-X-PE desktop.
• Double click on the icon on your desktop.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start. Change the following settings
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  • Copy and Paste the following code into the textbox. Do not include the word "Code"
    
    Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.
    
    
    
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
  • Push
  • When finished, the file will be saved in drive C:\OTL.txt
  • Please post the contents of the C:\OTL.txt file in your next reply.
  • Copy this file to your USB drive if you do not have an internet connection.

==========

With your next post please provide:

* Stop error BSOD code
* OTL.txt

Kind regards,
~t

Thanks a ton for repsonding. Really appreciate your help. heres the code from the BSOD and the OTL.txt file.


IRQL_NOT_LESS_OR_EQUAL

0x0000000A (0x00000000,0x0000001C,0x00000001,0x804FB03C)

Hi,

Please copy and paste all logs directly into your reply. Do not attach logs unless I otherwise instruct you.

You have a critical system file that is patched with malware. Please proceed as I have outlined below. Please only access the internet to visits site I direct you to after I get you running again. Only use the computer as I have instructed. Turn off the computer otherwise until I give you the "all clear".

==========

Boot Reatogox again......

1. Please reopen on your desktop.
2. Copy and Paste the following code into the textbox. Do not include the word "Code"
   
   CODE
   :Files
   C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys /e
   C:\WINDOWS\system32\drivers\atapi.sys|c:\atapi.sys /replace
   
   :Commands
   [resethosts]
   [emptytemp]
   [Reboot]
3. Push
4. OTL may ask to reboot the machine. Please do so if asked.
5. Click .
6. A report will open. Copy and Paste that report in your next reply.

==========

You should be able to boot into normal mode now. If you are able then please do this next.........

We need to create an OTL Report

1. Please download OTL from one of the following mirrors:
   • This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
6. Copy and Paste the following code into the textbox. Do not include the word "Code"
   
   
   
   CODE
   netsvcs
   msconfig
   safebootminimal
   safebootnetwork
   activex
   drivers32
   %ALLUSERSPROFILE%\Application Data\*.
   %ALLUSERSPROFILE%\Application Data\*.exe /s
   %APPDATA%\*.
   %APPDATA%\*.exe /s
   %SYSTEMDRIVE%\*.exe
   /md5start
   userinit.exe
   eventlog.dll
   scecli.dll
   netlogon.dll
   cngaudit.dll
   sceclt.dll
   ntelogon.dll
   logevent.dll
   iaStor.sys
   nvstor.sys
   atapi.sys
   IdeChnDr.sys
   viasraid.sys
   AGP440.sys
   vaxscsi.sys
   nvatabus.sys
   viamraid.sys
   nvata.sys
   nvgts.sys
   iastorv.sys
   ViPrt.sys
   eNetHook.dll
   ahcix86.sys
   KR10N.sys
   nvstor32.sys
   ahcix86s.sys
   /md5stop
   %systemroot%\system32\drivers\*.sys /lockedfiles
   %systemroot%\System32\config\*.sav
   %systemroot%\*. /mp /s
   %systemroot%\system32\*.dll /lockedfiles
   CREATERESTOREPOINT
   
   
7. Push
8. A report will open. Copy and Paste that report in your next reply.
9. Two reports will open, copy and paste them in a reply here:
   • OTListIt.txt <-- Will be opened
   • Extra.txt <-- Will be minimized

==========

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* OTL fix log
* If able to boot normally then.....

**** Otl.txt
**** Extra.txt
**** Gmer log

* How is your computer running now? Describe current problems eg. popups...browser redirection..

Kind regards,
~t

extras.txt

OTL Extras logfile created on: 4/24/2010 10:20:25 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = M:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 95.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 238.84 Gb Total Space | 19.16 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
Drive D: | 59.25 Gb Total Space | 59.18 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.83% Space Free | Partition Type: FAT

Computer Name: ELCID
Current User Name: Tristan
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\ElectricSheep.scr" = C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep -- ()
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\pd\bin\pd.exe" = C:\Program Files\pd\bin\pd.exe:*:Enabled:pd -- ()
"C:\Program Files\Steam\steamapps\abgenix\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\abgenix\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- File not found
"C:\Documents and Settings\Tristan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Tristan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Tristan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Tristan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe" = C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe:*:Enabled:Penumbra: Requiem -- ()
"C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe" = C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe:*:Enabled:Penumbra: Black Plague -- ()
"C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe" = C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra Overture -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
"C:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Civ3Conquests.exe" = C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Civ3Conquests.exe:*:Enabled:Civ3Complete -- (© 2001-2004 Atari Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment)
"C:\Documents and Settings\Tristan\My Documents\BitTorrent Downloads\Assassins.Creed.2.MULTi9.Cracked.EMU-SPiRE\DRM-AC2\DRM\server.exe" = C:\Documents and Settings\Tristan\My Documents\BitTorrent Downloads\Assassins.Creed.2.MULTi9.Cracked.EMU-SPiRE\DRM-AC2\DRM\server.exe:*:Enabled:server -- ()
"C:\Program Files\Ubisoft\Assassin's Creed II\server.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:server -- ()
"C:\Documents and Settings\Tristan\My Documents\BitTorrent Downloads\Assassins.Creed.2.MULTi9.Cracked.EMU-SPiRE\DRM-AC2\DRM\mitm.exe" = C:\Documents and Settings\Tristan\My Documents\BitTorrent Downloads\Assassins.Creed.2.MULTi9.Cracked.EMU-SPiRE\DRM-AC2\DRM\mitm.exe:*:Enabled:mitm -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}" = PACE System Files
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36C33FBC-58EA-4D4C-A89A-A3BB9357EFD7}" = MobilePre
"{3884575F-4920-4917-8A7D-7D6C7F2A11D1}" = M-Audio MobilePre Driver 6.0.1 (x86)
"{3CA12A20-67E8-43F4-B692-ED04E92E42EC}" = MOTU USB MIDI Installer
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.44 by Dormine
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Digidesign Free Bomb Factory Plug-Ins 7.4
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c3fa01a5-fe82-4527-b2cd-48ba13a0b4c1}" = Nero 9 Trial
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{E1A39C8A-8D93-4583-8F23-C92DD8C8B3F0}" = M-Audio FastTrackUltra Driver 6.0.2 (x86)
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ARIA Engine_is1" = ARIA Engine v1.0.7.3
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.5
"CD Sheet Music V2" = CD Sheet Music V2
"CloneCD" = CloneCD
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"Dungeon Keeper II" = Dungeon Keeper 2
"DXTXTRA" = Microsoft DirectX Transform optional components
"ElectricSheep" = ElectricSheep 2.6.6
"Electricsheep Screensaver" = Electricsheep Screensaver 2.7b17
"Final Codecs" = Final Codecs 2008 New Year Edition
"Finale 2010" = Finale 2010
"FL Studio 6" = FL Studio 6
"Garritan Ambiance Installer" = Garritan Ambiance Installer
"Google Updater" = Google Updater
"HECI" = Intel® Management Engine Interface
"ie8" = Windows Internet Explorer 8
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InterActual Player" = InterActual Player
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Live 8.0.1" = Live 8.0.1
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOTU USB MIDI Uninstall" = MOTU MIDI
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Finale GPO 2.0" = Native Instruments Finale GPO 2.0
"NoteBurner_is1" = NoteBurner 2.11
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PCI Audio Driver" = PCI Audio Driver
"pd_is1" = Pd-0.40.3-extended-20080721
"PowerISO" = PowerISO
"Reaktor 5" = Reaktor 5
"Songbird 20080819" = Songbird 0.7.0 (20080819)
"Songbird-nightly-1477" = Songbird 1.7.0a (Build 1477)
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 220" = Half-Life 2
"Steam App 22120" = Penumbra: Black Plague
"Steam App 22140" = Penumbra: Requiem
"Steam App 22180" = Penumbra Overture
"Steam App 240" = Counter-Strike: Source
"Steam App 26810" = Braid Demo
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/29/2009 3:55:48 PM | Computer Name = ELCID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.fandome.com/cssjs/fandome80.js failed, 0000A413.

Error - 11/16/2009 9:19:39 PM | Computer Name = ELCID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://product.dcshoes.com/inc/datafile_pr...p.asp?mn=302207 failed,
0000A413.

Error - 4/25/2010 12:30:29 AM | Computer Name = ELCID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\wbdbasez.dll failed, 00000005.

Error - 4/25/2010 12:59:54 AM | Computer Name = ELCID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\wbdbasez.dll failed, 00000005.

[ Application Events ]
Error - 4/18/2010 4:10:48 PM | Computer Name = ELCID | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/18/2010 4:10:48 PM | Computer Name = ELCID | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/18/2010 4:10:48 PM | Computer Name = ELCID | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/18/2010 4:10:48 PM | Computer Name = ELCID | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/19/2010 8:47:42 PM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application showtime.exe, version 5.2.8.100, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3.

Error - 4/19/2010 10:03:11 PM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application winlc.exe, version 6.35.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00e717ee.

Error - 4/25/2010 12:22:11 AM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application winlc.exe, version 6.35.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00e707ee.

Error - 4/25/2010 1:00:42 AM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 4/25/2010 1:00:42 AM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 4/25/2010 1:02:05 AM | Computer Name = ELCID | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/25/2010 1:01:02 AM | Computer Name = ELCID | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 f80d700c.

Error - 4/25/2010 1:17:01 AM | Computer Name = ELCID | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/25/2010 1:17:02 AM | Computer Name = ELCID | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/25/2010 1:17:06 AM | Computer Name = ELCID | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\ElectricSheep.scr" = C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep -- ()
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\pd\bin\pd.exe" = C:\Program Files\pd\bin\pd.exe:*:Enabled:pd -- ()
"C:\Program Files\Steam\steamapps\abgenix\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\abgenix\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- File not found
"C:\Documents and Settings\Tristan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Tristan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Tristan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Tristan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe" = C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe:*:Enabled:Penumbra: Requiem -- ()
"C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe" = C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe:*:Enabled:Penumbra: Black Plague -- ()
"C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe" = C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra Overture -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
"C:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Civ3Conquests.exe" = C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Civ3Conquests.exe:*:Enabled:Civ3Complete -- (© 2001-2004 Atari Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment)
"C:\Documents and Settings\Tristan\My Documents\BitTorrent Downloads\Assassins.Creed.2.MULTi9.Cracked.EMU-SPiRE\DRM-AC2\DRM\server.exe" = C:\Documents and Settings\Tristan\My Documents\BitTorrent Downloads\Assassins.Creed.2.MULTi9.Cracked.EMU-SPiRE\DRM-AC2\DRM\server.exe:*:Enabled:server -- ()
"C:\Program Files\Ubisoft\Assassin's Creed II\server.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:server -- ()
"C:\Documents and Settings\Tristan\My Documents\BitTorrent Downloads\Assassins.Creed.2.MULTi9.Cracked.EMU-SPiRE\DRM-AC2\DRM\mitm.exe" = C:\Documents and Settings\Tristan\My Documents\BitTorrent Downloads\Assassins.Creed.2.MULTi9.Cracked.EMU-SPiRE\DRM-AC2\DRM\mitm.exe:*:Enabled:mitm -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}" = PACE System Files
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36C33FBC-58EA-4D4C-A89A-A3BB9357EFD7}" = MobilePre
"{3884575F-4920-4917-8A7D-7D6C7F2A11D1}" = M-Audio MobilePre Driver 6.0.1 (x86)
"{3CA12A20-67E8-43F4-B692-ED04E92E42EC}" = MOTU USB MIDI Installer
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.44 by Dormine
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Digidesign Free Bomb Factory Plug-Ins 7.4
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c3fa01a5-fe82-4527-b2cd-48ba13a0b4c1}" = Nero 9 Trial
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{E1A39C8A-8D93-4583-8F23-C92DD8C8B3F0}" = M-Audio FastTrackUltra Driver 6.0.2 (x86)
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ARIA Engine_is1" = ARIA Engine v1.0.7.3
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.5
"CD Sheet Music V2" = CD Sheet Music V2
"CloneCD" = CloneCD
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"Dungeon Keeper II" = Dungeon Keeper 2
"DXTXTRA" = Microsoft DirectX Transform optional components
"ElectricSheep" = ElectricSheep 2.6.6
"Electricsheep Screensaver" = Electricsheep Screensaver 2.7b17
"Final Codecs" = Final Codecs 2008 New Year Edition
"Finale 2010" = Finale 2010
"FL Studio 6" = FL Studio 6
"Garritan Ambiance Installer" = Garritan Ambiance Installer
"Google Updater" = Google Updater
"HECI" = Intel® Management Engine Interface
"ie8" = Windows Internet Explorer 8
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InterActual Player" = InterActual Player
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Live 8.0.1" = Live 8.0.1
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOTU USB MIDI Uninstall" = MOTU MIDI
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Finale GPO 2.0" = Native Instruments Finale GPO 2.0
"NoteBurner_is1" = NoteBurner 2.11
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PCI Audio Driver" = PCI Audio Driver
"pd_is1" = Pd-0.40.3-extended-20080721
"PowerISO" = PowerISO
"Reaktor 5" = Reaktor 5
"Songbird 20080819" = Songbird 0.7.0 (20080819)
"Songbird-nightly-1477" = Songbird 1.7.0a (Build 1477)
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 220" = Half-Life 2
"Steam App 22120" = Penumbra: Black Plague
"Steam App 22140" = Penumbra: Requiem
"Steam App 22180" = Penumbra Overture
"Steam App 240" = Counter-Strike: Source
"Steam App 26810" = Braid Demo
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/29/2009 3:55:48 PM | Computer Name = ELCID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.fandome.com/cssjs/fandome80.js failed, 0000A413.

Error - 11/16/2009 9:19:39 PM | Computer Name = ELCID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://product.dcshoes.com/inc/datafile_pr...p.asp?mn=302207 failed,
0000A413.

Error - 4/25/2010 12:30:29 AM | Computer Name = ELCID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\wbdbasez.dll failed, 00000005.

Error - 4/25/2010 12:59:54 AM | Computer Name = ELCID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\wbdbasez.dll failed, 00000005.

[ Application Events ]
Error - 4/18/2010 4:10:48 PM | Computer Name = ELCID | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/18/2010 4:10:48 PM | Computer Name = ELCID | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/18/2010 4:10:48 PM | Computer Name = ELCID | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/18/2010 4:10:48 PM | Computer Name = ELCID | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/19/2010 8:47:42 PM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application showtime.exe, version 5.2.8.100, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3.

Error - 4/19/2010 10:03:11 PM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application winlc.exe, version 6.35.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00e717ee.

Error - 4/25/2010 12:22:11 AM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application winlc.exe, version 6.35.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00e707ee.

Error - 4/25/2010 1:00:42 AM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 4/25/2010 1:00:42 AM | Computer Name = ELCID | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module
unknown, version 0.0.0.0, fault address 0x24017c1e.

Error - 4/25/2010 1:02:05 AM | Computer Name = ELCID | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/25/2010 1:01:02 AM | Computer Name = ELCID | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 f80d700c.

Error - 4/25/2010 1:17:01 AM | Computer Name = ELCID | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/25/2010 1:17:02 AM | Computer Name = ELCID | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/25/2010 1:17:06 AM | Computer Name = ELCID | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/25/2010 1:17:49 AM | Computer Name = ELCID | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31


< End of report >

gmer.log




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 03:32:34
Windows 5.1.2600 Service Pack 3
Running: phrd3nre.exe; Driver: C:\DOCUME~1\Tristan\LOCALS~1\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT spaj.sys ZwCreateKey [0xBA78A0E0]
SSDT spaj.sys ZwEnumerateKey [0xBA7A7CA2]
SSDT spaj.sys ZwEnumerateValueKey [0xBA7A8030]
SSDT spaj.sys ZwOpenKey [0xBA78A0C0]
SSDT spaj.sys ZwQueryKey [0xBA7A8108]
SSDT spaj.sys ZwQueryValueKey [0xBA7A7F88]
SSDT spaj.sys ZwSetValueKey [0xBA7A819A]

INT 0x63 ? 84754BF8
INT 0x63 ? 84754BF8
INT 0x63 ? 84585BF8
INT 0x63 ? 84585BF8
INT 0x63 ? 84754BF8
INT 0x84 ? 84585BF8
INT 0x94 ? 84754BF8
INT 0x94 ? 84754BF8
INT 0x94 ? 84754BF8
INT 0x94 ? 84754BF8
INT 0x94 ? 84585BF8
INT 0x94 ? 84754BF8
INT 0xA4 ? 84585BF8
INT 0xB4 ? 84585BF8

---- Kernel code sections - GMER 1.0.15 ----

? spaj.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA5388AC 5 Bytes JMP 845851D8
.text aso49otp.SYS BA470384 1 Byte [20]
.text aso49otp.SYS BA470384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text aso49otp.SYS BA4703AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text aso49otp.SYS BA4703C4 3 Bytes [00, 00, 00]
.text aso49otp.SYS BA4703C9 1 Byte [00]
.text ...
.text win32k.sys!EngDeleteClip + 6B85 BF97E800 48 Bytes [FF, 55, 8B, EC, 8B, 45, 14, ...]
.text win32k.sys!EngDeleteClip + 6BB6 BF97E831 11 Bytes [76, 28, 85, F6, 75, 05, 83, ...] {JBE 0x2a; TEST ESI, ESI; JNZ 0xb; OR EAX, -0x1; JMP 0x5e}
.text win32k.sys!EngDeleteClip + 6BC2 BF97E83D 57 Bytes [86, 80, 00, 00, 00, 57, 8B, ...]
.text win32k.sys!EngDeleteClip + 6BFC BF97E877 133 Bytes [02, 83, C0, 08, 66, 83, E0, ...]
.text win32k.sys!EngDeleteClip + 6C82 BF97E8FD 14 Bytes [46, 60, 89, 45, AC, 8B, 46, ...] {INC ESI; PUSHA ; MOV [EBP-0x54], EAX; MOV EAX, [ESI+0x64]; AND EDX, 0x2; MOV [EBP-0x50], EAX}
.text ...
.text win32k.sys!HT_ComputeRGBGammaTable + 7E BF97F218 23 Bytes [08, FF, FF, 00, 00, 66, 83, ...]
.text win32k.sys!HT_ComputeRGBGammaTable + 96 BF97F230 20 Bytes [45, 0C, BE, 20, A1, 07, 00, ...]
.text win32k.sys!HT_ComputeRGBGammaTable + AB BF97F245 40 Bytes CALL BF8FBA9F \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation)
.text win32k.sys!HT_ComputeRGBGammaTable + D4 BF97F26E 61 Bytes [00, 00, 00, 03, C6, 99, 8B, ...]
.text win32k.sys!HT_ComputeRGBGammaTable + 112 BF97F2AC 51 Bytes [FC, FF, 4D, 0C, 75, 8C, 8B, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 847572D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [BA7B06D0] spaj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [BA7B4708] spaj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA78B046] spaj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA78B142] spaj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA78B0C4] spaj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA78B7CE] spaj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA78B6A4] spaj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 845852D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA796D7A] spaj.sys
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlInitUnicodeString] 000000A5
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!sprintf] 000000B3
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 000000BE
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoStartNextPacket] 000000A3
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!RtlCompareMemory] 00000060
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\aso49otp.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 847C21F8
Device \FileSystem\Fastfat \FatCdrom 843D1438
Device \Driver\usbuhci \Device\USBPDO-0 8463A1F8
Device \Driver\usbuhci \Device\USBPDO-1 8463A1F8
Device \Driver\usbuhci \Device\USBPDO-2 8463A1F8
Device \Driver\usbehci \Device\USBPDO-3 8462B1F8
Device \Driver\sptd \Device\1663558890 spaj.sys
Device \Driver\usbehci \Device\USBPDO-4 8462B1F8
Device \Driver\PCI_PNP8890 \Device\00000048 spaj.sys
Device \Driver\usbuhci \Device\USBPDO-5 8463A1F8
Device \Driver\usbuhci \Device\USBPDO-6 8463A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 847551F8
Device \Driver\usbuhci \Device\USBPDO-7 8463A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 847551F8
Device \Driver\Cdrom \Device\CdRom0 8458A500
Device \Driver\atapi \Device\Ide\IdePort0 [BA704B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [BA704B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [BA704B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [BA704B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [BA704B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [BA704B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [BA704B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [BA704B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1b [BA704B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8458A500
Device \Driver\Cdrom \Device\CdRom2 8458A500
Device \Driver\Cdrom \Device\CdRom3 8458A500
Device \Driver\Cdrom \Device\CdRom4 8458A500
Device \Driver\Cdrom \Device\CdRom5 8458A500
Device \Driver\USBSTOR \Device\00000079 845AE1F8
Device \Driver\usbuhci \Device\USBFDO-0 8463A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8463A1F8
Device \Driver\USBSTOR \Device\0000007b 845AE1F8
Device \Driver\usbuhci \Device\USBFDO-2 8463A1F8
Device \Driver\USBSTOR \Device\0000007c 845AE1F8
Device \Driver\usbehci \Device\USBFDO-3 8462B1F8
Device \Driver\USBSTOR \Device\0000007d 845AE1F8
Device \Driver\usbuhci \Device\USBFDO-4 8463A1F8
Device \Driver\Ftdisk \Device\FtControl 847551F8
Device \Driver\usbuhci \Device\USBFDO-5 8463A1F8
Device \Driver\usbuhci \Device\USBFDO-6 8463A1F8
Device \Driver\usbehci \Device\USBFDO-7 8462B1F8
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 847C41F8
Device \Driver\ntcdrdrv \Device\Scsi\ntcdrdrv1 847C31F8
Device \Driver\aso49otp \Device\Scsi\aso49otp1 846061F8
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 847C41F8
Device \Driver\ntcdrdrv \Device\Scsi\ntcdrdrv1Port7Path0Target0Lun0 847C31F8
Device \Driver\aso49otp \Device\Scsi\aso49otp1Port8Path0Target0Lun0 846061F8
Device \FileSystem\Fastfat \Fat 843D1438

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 843C83B0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xA7 0x66 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7B 0xD3 0xEA 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6E 0xC1 0xEC 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xA7 0x66 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7B 0xD3 0xEA 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6E 0xC1 0xEC 0xF1 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9300316772ee6b307263ae49b36bee3ace8cd9e 27948 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b930090227bab1ece285928df9c72ba6b472bf15 3540 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b930416d9f9c1cd13c984f12f0614e839c63ecd1 30517 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b930a4e66b34ee80d20b66ba7fc0352ecba2cbff 8240 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b930f93431d76863437984fae9a97d83c3599b8e 3532 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9311d3496598550b338b45fbee0b242b98d12d0 22055 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b931389572b28a33dd9713094ca0ca819c4cd409 9592 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b936055c49839862a188729ecb4259b1074cb7f6 5199 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b936095b20ba0359b5e7d46bfb292e9f22e89621 5634 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93610da509c35ceb8a82a2d69cf1ed7d9563192 13731 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9362ab7f5bb51d498afc2979df3fced7b945d53 3924 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b936626a32c9ba8417037d0405f570176b6c7c67 7406 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b936694a6dae64638e896c0f3e4896c69086cafd 3213 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9368942ded8c9f079eaa2e6996e1d5461010524 30338 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9393fc89f77ddad1f77f0e2602cbcc3e6d359c5 8707 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9394492e2ef9938e13d93de3bac5bc3962ed892 10366 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b939493926a4b8d2c7b4e9ec078ed62d013f3e1f 2655 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9397a8f73278fdaefcd461cfce52168e8843080 9396 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b939e14f967995e39853acf3167ddc1e1bc83203 25970 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93a003d9ea08833c518ef0d656474b0d1c4f286 6106 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93a0525a1c60c32b197bbeef7f8ecc84c3609ae 4229 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93abe9017ac405d86e6dc67b2c6302e2c1ecc80 5563 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93abf8abc19c1b10b13b91941b64c7b0410b92d 11882 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93acac8d7eafbea1de641fd88878694f2c39e3a 10170 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93ade7660e68170bdc5674177d753ff97df0d60 18126 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93ae4e76f654aeb97577273ae4e52220be276ff 6940 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93381800154458ca06f0bd699c93fe4253b8c53 20321 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93389c81ce46f4acacc9f643472255db827203f 10632 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b933a367b7b81ae33ed7b373007cdc964e6f59d4 7199 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b933c4aff7b06eaf674ee47a0e2dbb84037b720a 11740 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b933caea6ff62649519b6d4997316ee1d6638f24 3345 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b934a36b89ddabd5de0c5ab47b5ce9329561e14c 5049 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b934fadaf41077369d3c24ba92923393ef89a0a2 9968 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9354906efb6cca88b4152409437750c4b300776 4765 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b935740ffe3841b8267b2849fa5f65364fd213b5 12486 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9357e3043878877588b0c12e1420386b69c5b8a 16084 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b935a0e452c3f73563bdcd3d57b97161b0154e93 9114 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93b017a788fce92a473bc66973e84e68cfaf076 4469 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93b01bf6e6647202e25cc99cd81f93fdae26560 5351 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93b20940a9af69238ed804e9f6e131706fa854f 5432 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93b467500d5daecbe738979e1b2a273577585b3 11410 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93ba80b90ea819a707dc82b6c9752b72367fa1e 12502 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93bed258733529fc287cb7e0bc5f0fd1795190f 16478 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93c073c650deaa88ec71fe0c123ab99dcf1ea76 13554 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93c8947a0783da80131b3416e8a3982157683b1 29616 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93cc679d23baf22910ebe20ea7bcbd6ae8fcf23 33482 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93cfd062e3d924a0306661dc59e4c215995bc74 11030 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93cff71d3a6ffdb12e2c8583c23eee2c561ffb6 4189 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93d2975076e6a70f919fa1a4bf34c35799dc375 4924 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9314f6f276109c3f01100667407373e9c48a676 4820 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93358d96e7b5fd04cc0f062477e92395367c612 3598 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b936f910a687adb9544dbe73cf24c6ebf5bb283d 6670 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b937b912455fa3572dc26f9fa99eae60190176ee 78926 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93af679d840da94168b06d20c8bde370e3dc536 14877 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93d329201311417355f779b80fa97e04df8733c 4342 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93d5935ebb03f93021c005700982943812f4de4 7186 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93db760dfcef4644ed012d2e9a92e2b72283d58 3523 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93dfd43391c907c3105c45f6ed6a2e0dd450360 30908 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93e4107531c57c789e262d9be9f53044eff5fd1 11310 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93e60bbdb46a19fa00c052dd6fbfc3a545af63d 8569 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93edf670433a7f1994e6203d47149896603b77f 4009 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93ef1e1817fc03a2f6141f96b4536ee6050ac45 3814 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93f13dcc74d840b07617cf7d290b3d16c04d437 6901 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93f14bfcf9eee36bc59595e5f9921cc769c1c05 11303 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93f8e45592c1b71bd0a131b9753df1f7d5a8e22 19018 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93fd383c43382944949f1f60d14bf55d137002f 14171 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93ff9fd305677dadf88270d8e1f4a25cf9bdc11 10532 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b937bc1cbeae114042bf974192f40e0242ebd62e 14771 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b937d8e052d0417d63c12c35f71ca1d7604dadcc 3751 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9387439065cd993bc99c65fab301c9bf29eb6b8 13321 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b93879b31744bfcff07830371cd1d515f27c2b42 13269 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b938816cbc7a02f04484a3a761f1581910671ed0 5017 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b938a7242309e2f332a7059921ab8a4d6c98025b 12442 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b938ade2db0a8292c4b88696dadbea55f0432fd3 6472 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b938d6a83bf7e2609e999efc64bfcecfd06f887d 10612 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b938eb6e867226c98698ef0fe21dc406d64f0da1 2698 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9390f01ae0765e41db8ff80c0f1dae441dc9eff 12300 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b939339d45d33c8a0fe82388e1f31d5be4d5cd19 1906 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b931877b7af55d89ceb3549e026ea05a88aef1ae 8474 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9319575f9772a1cd4d40faf963ce9638bf8ddc9 4333 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b931d76410c239428db7f8d59ff5769589091dad 8690 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b931e6779dc9d648f2eb3893201e7999e72430ab 9580 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9322a0541de100211322327ed159fe405b89265 3110 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b932ba7a29fd80c88c1fb579539515aa7cdb3ea8 3196 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b932f3e2eb149f833083a742af7015cd834f9c75 10000 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b932f74f66d02a38da62cc2b3add062d13c4c0f8 19862 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9371ff8c95bdc65f374b366044e34f0b57dd537 13732 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b937278dc9fe9c2321ed07543930027e44a7c6c8 10240 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9373e73bc30f90747168aa6112712cda640cb32 14600 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b937451d018aca2b5bae3d5e6b458bb40df0df70 5468 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b937773c0457063820212e0693e327592054001d 20961 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b937779156d2f326c65be8e9240ccc3b5f207219 7627 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\3\b9379a6aae91f76cf2940d15bd693ac0d9df2ec6 3355 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b940574fa11610eb8fc195946f6f5d3e448a8afe 6742 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9406105e7e50fff45f707d94806f73bbf79e2ae 14886 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9406d39e98f9fbf358ffebff2a0cb3f807845d7 9746 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b940768ef906ee8c6b89147d03d052612759459e 38372 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9407bb34d0ff285345fca3b23c59fca8b04801e 23813 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b940b43752563f1db0c13e59659915bac7bbdec6 28677 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b940e77db1ea54c46f333ae44646692eb73e7091 3172 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94138d6d606b6f12957aae0ca8421034d8d9e85 5997 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9415912f7131b2ca53cf3b8897f6cc373e2c3b0 1650 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b947493b5d9fb3bf65eca727ab168d798ca84c2b 9058 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9475815379a6a61cd1f8341c924b654cca631cb 11508 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9478a6cb7ed1ba9f45ba6e7a622149264a50061 3245 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9479a242503199331cb0f20d2bd68c2fbf87eda 13055 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b947cc8301abb17fa31926560edccac89d806971 20374 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b948134cdff9e3d1b7b349b82de161235684c313 10199 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9483a0aaa661b6bee21a9c57c1fd011b5fe2a73 5842 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9487b504da5aeb405972768ca5f48f56120eb85 10015 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9489a5dbc9ab605abf7fe2f8e7230439f3407fa 65237 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b948a0e19f9d3cf9a9b3284da4f957532d329cc2 19428 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b948a6188fe58475603098a750a9e8c0c7a8f05f 6537 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b949d3dda9d5db6d009955998fc881277cf10402 18960 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b949e1eb85b0b5d5acf285a107da4debf2ca3718 3823 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94a095102d711d8ade2161b6dd5b0f9643863aa 3448 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94a3eb90e03742ed048c79ce81956532b6ddfd3 3489 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94a8dfd6644c6f235f094c03e00f140bb80c824 11520 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94acbcc911711599689b8f043351ff818056442 3810 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94aee04fd02d045689d9e85833fe9227a440411 13155 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9434e5709f440b41f85171348cd725625782f85 3470 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94356131de7b36e90965d6eb659caac27d0d976 5535 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9435ad7d0dac24417d3fb4c2ef70aba08e2f0dd 15361 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9437ce1c2cc67733db2321ffbbe9ad5d3db6497 5321 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b943823e4870e2c11cdb220ae1db078d13e643f9 40086 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b943a22dc7a5eb241e73312b3f01a28f818d530e 12852 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b943d0d41f6ebb219b64e34e63befb3d2a791f77 32451 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b943e1fcedd5408651168d29e84f585502236f3c 9523 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b944360218c8de7f67553daa1af8169dcb0b930c 9780 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94464e4572a4d4e5d7056141949dbb4108c56ae 42957 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9448469567d6302ea74529e1369c2d98f0aeca0 17865 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94cb1f2a7e64151b96032a0b1101f7e74de946f 17985 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94cc98245e24ee7315d7b83cbbec01a6ab6d931 7619 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94cf115ff2e1bf883bf454750b8204de9204fc7 4800 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94d8702e786fdba7a0b1034ec8bcf56eaf60440 5612 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94d9ad3bde6acfa0977a18fd83b878cf06281d8 4890 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94e1a6f5851979cbf3965fcec4c645efa730caa 3077 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94e2226b9466ad033601f8c7bb78c608268b366 13144 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94e6e437574f32a09a308c184ea450ff4584f6a 45793 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94eb42c4fbda7b16697ecc4e40673bdab5418f6 29188 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94169bd01280c98d6f00db9caf42fb77fa0e50e 23973 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94344f40cf65355de6ee47506e006b1372f2b81 33302 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b944d34bccc200c4db60b6021bf196c603dca8e1 24265 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b948a8aaebce5267a20930b9bc89b6536a3155f4 2991 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94b16959064e5b83efb0ac2fd4d2bb7c8063385 4009 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94ca55cad15f52406eb3272720409e9b7c5f110 3974 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b948a950b575ed213d3a299ea10096d6ff42946a 3534 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b948d4a14ae740f7f8cd3740c56dbf32328339ea 6116 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9491c4654103f20d94a6deeccf4247eb791a207 10634 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94937d190ce1f362836a8a4a184b5846ada6dc1 6913 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94944616ca588cf27d13e1cd1fd47fac55e2dec 12432 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94952467964872a058dccc4b947f47ca512b845 4209 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9496d7f266b9c86adba931399943e338b87d876 3222 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9497496af4d4475a32afc3171b3ee2fe2b891d6 8399 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9498a4b2527e66fd3b08d6d19ca6144cc7f7ba8 32810 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94181249eacd17f81be306ce6914fb1b57d651c 29958 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b941bfc3ce5a270926adf688cc8a2a5dd9a2c893 6649 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b941c897829f77fa77829b414d37f8edbf90c236 6555 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94221d0a8a520a9a87ab096494d0d26b39eed52 17200 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b942276b84153ac0f1cac9841bfac28f0a88d851 5283 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9426f26c33031b4855cb331ebfa672a1328e9a4 5845 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9429f1979d31f3c1258c96111e7a72826ef22f2 12032 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b942ea283fd52f2e63a00bb5a338ad57dc3a6374 10050 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9430df8f6a57ce3d7a16c89a49b67206d9a5919 12438 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94313f25b0076d9feff27fb1be37f67c6d5f104 5238 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9452832a069dfa402845df245e7523ab045e747 11850 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9453609b78f8c5b7c6ab3252b9c92feddca9953 34828 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94556780db8a83fffe1e9d03c96fd25804e962c 5381 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b945d1a1bf28a869077db5370f021e5a7de14b17 31291 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b945f24b0a9f2254781ed572f76190b224e96623 4033 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9468900f0c9e1e50aec161df0626be3a0835f76 15012 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9468bd8d9a8d2a52990b0252cd566a247565992 3943 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b946940b46696895a3fdce1ec154c95890533cd5 24544 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b9470f612172aad1d13b4a4d028f29a2bc50d38d 11021 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94b293bda32163e301b6826bc93d36e7f67ea0b 19825 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94b584cc2dae95d0995513e97fca3f2b12fb380 15215 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94bd2205543862b86848923b52a684f9f0ca7c5 40348 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94c2b6e25dfa6bb006e59458fe381611101fdca 6540 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94c2f6333a91db820a7b09a114ce07431eaa64e 17269 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94c57399d63c0780e5930e48f4d899b1b91fe88 19823 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94c869103fbd21d97a8b1fc8d66506d34dcba7a 7114 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94ec03d69a4da7211e1092d150010778246c85b 17298 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94f18799c73b475b932c38a4729940c9c7b88d8 4224 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94f4a22c96345a3e69fcd5b94091e7e42f5b87d 14812 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94f52ba55e968b3213a456ddc28d89b9ec97888 10971 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94f574916b6d329d09e5966a86fe2c7953cc7d0 19984 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94f67236be092e3f2d9161638925fe38b1b3a4b 5299 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94fbe4a9dcbb50a51ab47138c7387dd45c97b58 4208 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\4\b94fe0f1a9bdb00bcf3a88e9bd58b2454a3afa14 10516 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b03951fc774be706333ed4b38d338c347c279d 2933 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b05328a44198f9c47dab2da0018fd3ae010439 8858 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b05f1a752892a27092574d6dc6294335142d25 36075 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b106c0de0cd70bce20e03c061d4a6fc0011794 78134 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b1577f56f7c77dbaf13dcf61a7526dc7adca94 5845 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b180a2bcb042cb10df2bda994f1e805f23bd15 40413 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b18b969d95eeee3a510635899bc1536b8ab5af 8185 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b25d51dd90414b5b91ba44d19969ee3b1df897 12487 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b2b4e50678188067ad57c310f7a6ad916efceb 24197 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b2c13663ddf2b7a94a207d1fe1cb5c2812d581 5128 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b2d969813aa5a81d389a94844923ee0479e0a9 15207 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b7535026086c88f1c1d0e77d4139a563385669 21033 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b77114a48da9ce0bace5e86fea2c52a16279b1 26202 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b782f05852dbda9a355a5c5f32767b1c2a7cc7 3949 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b7ade0b5a92667e0997f5d45cf6d182551408e 20879 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b7e0c5d1d948afe5885201b9e8e360d734d978 7979 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b8053554c8103c44ae53412ef5be1f3ec10bd7 81695 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b814bfec72f5be441a9f66e04fb3ffdee24a5a 21718 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b817c5d1bf8a306de6e6fd643da980d7b96133 12043 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b860e50617d7a5f42fd008753d42b57b5a6d20 14088 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bd9ddb6ccaeb485d7890cba419e78d64e7581a 10498 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bdb862b8847f4a06d8da93e7cd5b283b935e76 9827 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bdd0f41cd1a307a258ad4872085894fdf35fa1 6500 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9be24c6c9065bd8972023f84c4ca5ee2c68a4c2 2404 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9be92052911056a1bccd68da6a874e343156958 4762 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bec8079ba4c1ee33bba582fd3ec17f1063d13b 6677 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9beddee125a9fc3b64a961088e57554ba7f8416 3535 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bef664be79e238568db684bf215f81e1b56aa7 19921 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bf326f998f0d84b5df8214ec69251ca38804fc 6584 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bf9769da02d9eba14d7a6583276574f54c2d05 7294 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bfbcf00861bac3463b692cc75bec016c31e86b 90044 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bfec9122fb2c9bee089f1f3c8aa172ecc9bb58 16824 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b98b4ab4e50efbc7a21558bd13769dea716690 4527 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b9ca93fe6827bab5b29de9257813766bd06bb5 4959 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b9f8fcc2319e446364e03ab4c3aa83bca62ee1 11323 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9ba1ea4101887f20da5187427117dbc3747843c 14486 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9ba86e6b4c6079d95e903308b400df5b51c2b2a 15157 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9baea69e13bfa89f2d4e753e7443010a46f01a5 24394 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bb456eac8f43aa79afb1b3d90acb1047de21b1 7062 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bb6a4dc485dba99698a99cc4c2c783d1e33398 12496 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bb6b9260ba6f0ad2ac589b85eb9dee571a6c68 14268 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b4369dbffe9c24a31ca55b2f85f3f9a91516d2 3041 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b4372d013ed05ab142b553569df4b29849acf4 15512 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b4ae1a617dcbb2f85f2683aff0af8acafcfdcf 9129 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b4b1279cdba05cd3f836a8b3efac41f7e61cd6 12346 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b4b662a4db7c4840fe4ae223a5e9ab57639e98 27992 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b4f3d08c55ee3041f8526c4771ae16f9949df1 2794 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b4f44a71f3fef51afaded3fe279f756a452fea 6042 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b2e7cfb36e5657c7d329e7e03ccdc8ec1f8b79 4980 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b433392ee672780b8e0128021371ee4215f498 7280 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b5137eab94b60056cab79666c67be014adb441 19188 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b97a6651105a5c2c3c66096d0b926fc4cdcc3c 14810 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bb6d8a6daf40a332a5898f96264a5e1c516a8f 5782 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b8a5a352f9054b4c2888c03a393515991df22f 4547 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b8b58f95645fb3c2f33d058c7507f3256aeee8 16079 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b8c1e95760196338fca764ac1b34c97a2bb346 4312 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b8cb8bde0f0277c3811d0e6ab8f887604143e7 15295 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b8f44a070f20341fefdea070785dd134ed336d 13303 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b8f4ce3fe49d53ce3ac35b41a35bb426ed077f 16465 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b91abedc271a9b91048a6cf87203d46252b3f4 6286 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b958ad14b113b4f7811d1dcc23e9bbc2174cf7 4382 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b9659a58e426aa874d03c6c3192d20dcea3089 5420 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b3027e77c19e90d4c9def4b3c6f166ec1220f2 5456 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b30fff1c066c177fc09bf5a11924a2c5683a7d 7971 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b31f17820ace78cd40828f5acb4d403b4f72dc 34199 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b341cba7baecec3e32c85b9a65b87e726e07df 7639 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b38ae4129970e24e301cb2ca5ff264005ea472 5786 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b3919cd4e8b105a3396620b1eaf46b23a6b1d7 3418 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b3b29cbd1540b9c900163ce78996f2f61545d8 29697 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b3bc7faa1ce0d2eec78190247d4001854b506f 45422 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b409aec65b7df8c8cd37497b05001f8cac6635 12937 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b40b27b7c125a658d1f029a6f0fe11ab7986d3 9284 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bb6e66190465e2154bc837f5fecfdc957b8f90 4259 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bb8c1d1409b1363ce36c7436d0534ce71145ef 3631 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bb92b559087e25eb8ddab0e4d7d9d2fe68f181 12404 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bb9d13309c1f31e67b87c6e89ab941f74b3749 14017 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bbafa79a6857fb7fea42c4051f2796e3c7f91d 16127 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bc12b116e622cd04f08bc61b24624da5a17a10 23264 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bc340b76cd342f20642a0e786bbebcc7c93532 91232 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bc97592520eb23ddaae0522a7438567e308508 4351 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bcae807760f0d8c15df08888283641b7ecad9d 11168 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bcdbff9706679d21f6091a7a1d89d80c924f9e 10666 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bd2ef79d27014a1b829a7aecb18e7be12bbb0f 5504 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9bd7c309f4156deca8c91f6c5d2eae5cf5f8a4f 13545 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b53aa6981c845e0dd37948e020c2a306bbc93f 3494 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b53d76c318d1a6d7d28937dc1a3eab0f483fca 4564 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b552e8f7218691e09cb29a12102890c9d3c030 4689 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b5cfa8cf16ed78287ab485fce1bac0aac7f5e1 14211 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b5d42251f7f26969789d34d411d96b77ba36d5 4135 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b60d7359d500a758d10cbc354c9a616ae7d96e 3824 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b68a41f11612eb886113071557e7201fc6e3ca 7571 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\b\b9b72e7491b3b365c3924b97afabd0d105ac875f 7382 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c00ff0f3c1d634b15b16f23287e71cadefe9a0 9068 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c026a591647060dba95dee858173aa005424b4 4297 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c18361bcd0213937115e1f4b3c116efdc6f0d6 13287 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c1a0f578851bb2880c04c8cc7ec949aba3d912 17740 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c1a51e0f6492637691b2940d4e7f4048ae52f8 8548 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c2810ad7e1b6aac7f44ae87cb6a1ff77f5dd28 4141 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c2c7a24d478b6c539e41420070bf37dc1c22ba 6744 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c2f75b3931e3452ee9cacd48c36f8a889a1535 4458 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c2f84ce5afc3c9e7e3a2b20ad4261eb65a4486 4758 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c30473741fbcf1354ddae1ba16fb7524b9b09b 10343 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c30da3955c15abb0cb18a3886dbe6e34faef4a 15401 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c5bb5402acb81c13173a7cc707905214c69785 12513 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c5e1bbcc42955aef72c2d6c8aaf2d30be16fb0 19195 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c5e9f6e30aa4875c88ab8acd7b1bc6991bb8a6 12348 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c6317d16472237496a2a0de6287ef4b1f7030f 18553 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c63a89ad1fb70d67324d149e8e316e634ee85c 13415 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c65a733228fa9fcfca61b86d23d035bffc6d68 2973 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c66ed18dcbd7aa30d99f4c8ee6ee4e72154d0e 40547 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c7010e9a92685a8aeb8a7602fcd7c0b9c15ea8 4603 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c77974ed8686d6bddfde050d326a8e371a26e3 17939 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c79cceb771f454b9822f9eb236208fe31febf8 9161 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c7fcd147d8f010e4139a0fb98d00369251fb4a 12503 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c812d3a2063587c4e8fee66272c0104d8810e6 52182 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c815d0bd110c744035e37af27589ff343cf2d1 4607 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c81d3a31e55a60835b6bd0572744a209cca9f7 17751 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c85bfbe671d40ed5af11fbbf2e84542c590a15 42665 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cacacf1132061d41184e0e0b9b84d1e964208e 46492 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cadbb0525977f153b034d896d887a9a49ee783 3679 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cb212461a5236754f4eeaf2f516f3c4849cd9d 20262 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cb2cf156d2cbc1fecc46f8d2926b159cece07f 10231 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cb318ef82b974b42b358609b4d5fe2f809d3eb 4563 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cb4e435b78841496b973ba8a4d34adea604886 24814 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cb5879e44b36711f50fe4dbc6d6a634fe02d86 44536 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cb9b751b7fa86f8e137dccfbd030dab4357acd 4282 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cb9bcf8a869a2458a4e8f6ef8bdd2c3b13c4bb 15229 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cc22678ef68eec353fa1c29d3c8aabd230399a 3313 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cc59cf20dc86e2df52215eb66d2fd88ee76888 6335 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c42a821ad7dbbd7cc01942869a791809fd6439 13741 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c432df9c1d443f89500a1398163bac6addc888 5793 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c452a2b16765a8a946631fd692f607d636f9fa 29251 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c47c652e3374483bc2335adcfd419ddf3f8cc8 5950 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c4a1fadfd7f956e7e89b0b7222ff024527754b 3106 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c4ba3fc16a788d0034f08995629af7d8d6a10d 3603 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c4c9018d164eea6309f6fe75e59e142e555165 10603 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c4d858a5363fa1c47dfccc2d792e08dcbdb426 8322 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c58d1f15cfb183b490a939eda7f2ea04953b87 37799 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c59b328af62453127b7788ae931f2de767cd06 47630 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c5b35b4ba5d9eeefbdced03561ffd1badd009d 12030 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cc985c5a5dd21b616c4526dd8d0a739d2cb11b 26700 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9ccda138e2ea56a2c0b70cc5a74416f0267e1e7 49442 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9ccfb2a7bbfc708e9b067c5bbdf3a2c2782f9f2 7029 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cd50fb57454232d09b2967701de15725293dba 26866 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cd6eeb654c34ebdbbf0dd99e9403e4d8077efa 5144 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cdc9fe19e06e545d5108bc8f6d177645b3bd72 7717 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cde67ad3c17c477afc4ea00230ed916821b7a8 21969 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9ce87e53e1c69cfb89b6098cef4a8e01b048bcf 56943 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c424b688d576825b5e433c89b1c88a4148f709 6564 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cab1a7acace9f3bb71fbb9a2a19337a1c966ff 3154 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c87da76c16c21c9a887cd6723aa407efc0cb01 6667 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c88a574325c4d3d03dafa857b78fbdeffb8727 4504 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c8d7625546cc15a2bdb9e9931e2ac00320c6ab 16966 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c976754138290cc74d550c2774cd1f569005ec 11776 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c986a348edec61e902454ddbe2a2b21309a6d6 5982 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c9bc0c3cee62adb6a5d27545238583eb8c2d47 14063 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9ca1d365999d9931175c9e74d46ef9940595c32 13435 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9ca44d61eed6efb6aac6cb033ffa53fb586acd4 14145 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9ca4cc0b8dc5ebbf4c5ea8f4bdc2ea240b6bf6c 3091 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9ca602f5c45b3dd445aa9b8223766ee51cde32a 5003 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c32a15ee766097e9077419dc5a34777d540c81 9207 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c34a67f9361a0b1bd6fa829aac57185d226808 23342 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c3a620dde66c39f74ef6cf5749f2e6b740767c 5976 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c3df1dcf5b0d4f8bfe8cbb7c5f5c045af67c28 3984 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c3e771be37f49749386944cc7d1373697509e0 26327 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c41755b1b87b199ec453fd08811381e236f4a7 38129 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9c41984b9770dbbb97110cf04ba6d7687a548bd 26870 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9ceded11d8be3bc562282f1390e086c6ccfaf11 58746 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cf15b0017f6e979c6cd1f5e3855168708c3938 26078 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cf51e2b28afacc15157c523ac5c66f8c776dcc 4001 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cf6a36b7d9b80d02365311e59c6cf521e1bdb9 2813 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cf8cc67339cd6ddf503ec71de5a325d5b2ff5a 11829 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cfb3607898275e7ea66de207474dcecc7d09d1 8179 bytes
File C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\b9\c\b9cfef76be194231268a3a9b88b7923a5610d745 12210 bytes

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 4/24/2010 10:20:25 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = M:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 95.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 238.84 Gb Total Space | 19.16 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
Drive D: | 59.25 Gb Total Space | 59.18 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.83% Space Free | Partition Type: FAT

Computer Name: ELCID
Current User Name: Tristan
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/07 20:40:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) [Auto | Stopped] -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/25 10:15:00 | 000,042,120 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra_DFU.sys -- (MADFUFTU)
DRV - [2009/09/25 10:14:54 | 000,135,816 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra.sys -- (MAUSBFASTTRACKULTRA)
DRV - [2009/09/02 15:29:06 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioMobilePre.sys -- (MAUSBMOBILEPRE)
DRV - [2008/11/04 13:35:24 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/27 11:04:07 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 00:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 05:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/17 00:09:52 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/05/16 11:42:02 | 000,013,440 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2007/03/13 13:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/04 19:17:54 | 000,022,024 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus)
DRV - [2007/01/04 19:17:46 | 000,048,648 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MotuUsb.sys -- (MotuUsb)
DRV - [2007/01/04 19:17:38 | 000,035,336 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motumidi.sys -- (MotuMidi)
DRV - [2005/12/29 18:07:50 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2002/11/29 04:38:16 | 000,016,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/11/28 07:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 03:43:49 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/01/28 18:43:14 | 000,370,382 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "mail.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 23:00:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 11:04:31 | 000,000,000 | ---D | M]

[2009/09/25 13:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions
[2008/08/25 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/04/19 17:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions
[2009/09/26 23:39:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/19 17:44:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 13:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/18 13:46:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/24 17:53:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSOffice] C:\WINDOWS\system32\MSOffice\update.exe ( .)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Final Codecs\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe (mIRC Co. Ltd.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MSOffice] C:\WINDOWS\system32\MSOffice\update.exe ( .)
O4 - HKCU..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe (mIRC Co. Ltd.)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Documents and Settings\Tristan\Local Settings\Temp\Qld.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
O4 - Startup: C:\Documents and Settings\Tristan\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell®)
O24 - Desktop WallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/16 17:24:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\AutoRun\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\open\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SWTFU_Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/25 14:34:08 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {4J2W12JN-24YC-1KEY-3W83-4A0007DEHM43} - C:\WINDOWS\system32\MSOffice\update.exe Restart
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/04/24 16:31:12 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/04/19 19:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT
[2010/04/19 17:42:29 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/04/19 17:42:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/04/19 17:42:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/04/19 17:42:28 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/04/19 17:42:28 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/04/19 17:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/04/18 13:47:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:47:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 13:18:25 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2010/04/18 13:18:24 | 000,282,624 | R--- | C] (Marvell Semiconductor, Inc) -- C:\WINDOWS\System32\drivers\WG311v3XP.sys
[2010/04/18 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/04/13 12:58:01 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/04/09 13:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\Aspyr
[2010/04/08 20:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Aspyr
[2010/04/08 19:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\Aspyr
[2010/04/02 10:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\famitracker
[2010/03/30 13:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 13:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Tristan\*.tmp files -> C:\Documents and Settings\Tristan\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/24 22:16:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/24 22:02:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 22:00:09 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/24 22:00:06 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 22:00:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 22:00:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/24 22:00:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/24 21:59:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 21:59:54 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
[2010/04/24 21:59:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 21:59:51 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004UA.job
[2010/04/24 21:35:11 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Tristan\NTUSER.DAT
[2010/04/24 21:32:06 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/24 21:32:06 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 21:32:06 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 21:30:53 | 000,028,544 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 21:24:54 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/24 21:23:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tristan\ntuser.ini
[2010/04/24 21:22:17 | 000,156,672 | ---- | M] () -- C:\WINDOWS\Qdypaa.exe
[2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () -- C:\WINDOWS\System32\wbdbasez.dll
[2010/04/19 18:45:00 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 17:28:28 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\default.rss
[2010/04/19 17:28:01 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 13:26:49 | 000,479,336 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 11:04:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/19 03:02:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/19 00:03:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 20:40:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004Core.job
[2010/04/18 14:39:12 | 000,112,144 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:58 | 000,076,880 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/18 13:46:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 13:46:48 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/18 13:46:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:40:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/18 13:18:15 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/18 13:18:15 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/13 12:59:39 | 000,001,381 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:53:44 | 006,013,987 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/07 09:22:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 13:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 20:27:37 | 000,098,738 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/31 02:57:00 | 002,644,140 | -H-- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\IconCache.db
[2010/03/30 13:52:08 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/26 18:43:07 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[1 C:\Documents and Settings\Tristan\*.tmp files -> C:\Documents and Settings\Tristan\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 21:22:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\Qdypaa.exe
[2010/04/24 21:22:22 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/24 21:22:18 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 21:22:16 | 000,368,128 | RHS- | C] () -- C:\WINDOWS\System32\wbdbasez.dll
[2010/04/24 21:22:16 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
[2010/04/19 18:45:00 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 18:44:10 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\chrtmp
[2010/04/19 13:26:49 | 000,479,336 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 00:03:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 14:39:10 | 000,112,144 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:56 | 000,076,880 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/18 13:18:15 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/18 13:18:15 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/13 12:59:39 | 000,001,381 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:58:46 | 006,013,987 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/12 17:46:16 | 000,084,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/02 20:27:37 | 000,098,738 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/30 13:52:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/05 14:41:35 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/30 23:48:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/06/05 00:01:06 | 009,214,464 | ---- | C] () -- C:\WINDOWS\avcodec-52.dll
[2009/06/05 00:01:06 | 000,745,984 | ---- | C] () -- C:\WINDOWS\avformat-52.dll
[2009/06/05 00:01:06 | 000,218,624 | ---- | C] () -- C:\WINDOWS\swscale-0.dll
[2009/06/05 00:01:06 | 000,070,144 | ---- | C] () -- C:\WINDOWS\avutil-50.dll
[2009/05/26 11:49:06 | 000,000,005 | ---- | C] () -- C:\WINDOWS\ppGameDrive.ini
[2009/05/10 09:18:42 | 000,060,416 | ---- | C] () -- C:\WINDOWS\zlib1.dll
[2009/05/10 09:17:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\libpng13.dll
[2009/05/09 12:57:14 | 000,122,368 | ---- | C] () -- C:\WINDOWS\lua5.1.dll
[2009/05/07 19:58:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/09 15:36:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/22 20:30:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/01/01 00:13:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008/11/04 13:35:38 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/04 13:35:37 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/04 13:35:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/04 13:35:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/11/04 13:35:28 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/11 19:13:43 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/12 20:36:07 | 000,000,107 | ---- | C] () -- C:\WINDOWS\CMSurround.ini
[2008/09/12 20:26:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/12 20:25:59 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/09/12 20:25:29 | 000,015,448 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008/09/12 20:25:23 | 000,000,388 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/09/02 13:04:39 | 001,275,026 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2008/09/02 13:04:39 | 001,153,640 | ---- | C] () -- C:\WINDOWS\System32\libvorbisenc-2.dll
[2008/09/02 13:04:39 | 001,024,153 | ---- | C] () -- C:\WINDOWS\System32\libfftw3-3.dll
[2008/09/02 13:04:39 | 001,010,421 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/09/02 13:04:39 | 000,183,050 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2008/09/02 13:04:39 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/02 13:04:39 | 000,051,790 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2008/09/02 13:04:39 | 000,048,995 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2008/08/27 11:04:07 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/12/28 22:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/28 22:13:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/11/29 08:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/28 03:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 03:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/09/15 07:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\Unrar.dll
[2005/04/21 11:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2004/09/16 17:26:22 | 000,000,055 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2004/02/20 13:36:34 | 000,416,256 | ---- | C] () -- C:\WINDOWS\exchndl.dll
[2002/05/14 21:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

========== LOP Check ==========

[2009/01/06 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/01/05 14:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2009/06/29 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2009/09/20 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/09/01 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/08/25 23:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2004/09/16 17:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/04/05 10:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 13:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ableton
[2009/04/27 11:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock
[2010/04/16 02:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock2
[2010/04/19 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BitTorrent
[2008/08/27 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BSplayer PRO
[2008/09/16 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Canneverbe_Limited
[2008/08/27 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DAEMON Tools
[2010/04/04 21:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DisplayFusion
[2010/04/24 22:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DNA
[2008/12/02 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\GARMIN
[2009/09/24 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Garritan
[2010/04/24 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Gmote
[2008/12/15 00:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\gtk-2.0
[2008/08/25 22:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InterTrust
[2008/12/12 21:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\LimeWire
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\PACE Anti-Piracy
[2009/05/26 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\ScummVM
[2008/08/25 23:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Songbird2
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ubisoft
[2010/01/05 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Vso
[2008/10/13 19:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves
[2008/10/13 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Audio
[2010/02/06 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Preferences
[2010/04/24 21:59:54 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\TFIMEGGKEN.job
[2010/04/24 22:00:06 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 22:00:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/01/06 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/02/06 18:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/08/30 10:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/08/30 10:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/11 12:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/01/05 14:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2009/06/29 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2009/09/20 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/04/24 21:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/02/15 22:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/04/13 13:00:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/26 13:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/08/24 10:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/23 14:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/02/06 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/06/09 12:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/09/01 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/02/18 17:46:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SecuROM
[2008/08/25 23:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2010/01/27 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/08/23 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2004/09/16 17:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/08/26 23:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/05 10:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 13:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010/03/30 13:40:12 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
[2010/02/06 18:01:04 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

< %APPDATA%\*. >
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ableton
[2010/02/12 12:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Adobe
[2009/09/11 12:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Apple Computer
[2009/03/11 12:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\AVS4YOU
[2009/04/27 11:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock
[2010/04/16 02:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock2
[2010/04/19 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BitTorrent
[2008/08/27 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BSplayer PRO
[2008/09/16 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Canneverbe_Limited
[2008/08/27 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DAEMON Tools
[2010/04/04 21:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DisplayFusion
[2008/09/16 17:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DivX
[2010/04/24 22:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DNA
[2009/11/03 22:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\dvdcss
[2008/12/02 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\GARMIN
[2009/09/24 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Garritan
[2010/04/24 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Gmote
[2008/09/16 20:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Google
[2008/12/15 00:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\gtk-2.0
[2008/10/07 11:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Help
[2008/08/25 22:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Identities
[2010/01/05 14:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InstallShield
[2008/08/25 22:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InterTrust
[2008/12/12 21:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\LimeWire
[2008/08/25 22:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Macromedia
[2009/05/01 22:16:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Tristan\Application Data\Microsoft
[2010/02/14 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla
[2009/02/26 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Nero
[2010/04/24 22:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\OpenOffice.org2
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\PACE Anti-Piracy
[2008/10/08 11:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Real
[2009/05/26 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\ScummVM
[2008/08/27 16:10:37 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Tristan\Application Data\SecuROM
[2008/08/25 23:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Songbird2
[2008/09/05 14:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Sun
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ubisoft
[2009/05/07 20:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ventrilo
[2010/01/05 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Vso
[2008/10/13 19:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves
[2008/10/13 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Audio
[2010/02/06 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Preferences
[2008/08/25 23:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\WinRAR
[2010/01/05 13:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Xfire

< %APPDATA%\*.exe /s >
[2010/01/05 14:41:19 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\ezpinst.exe
[2009/02/13 15:13:23 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2009/02/13 15:13:23 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2009/02/13 15:13:23 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 05:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/08/27 11:04:07 | 000,715,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/08/25 14:38:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/25 14:38:26 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/25 14:38:26 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wbdbasez.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
@Alternate Data Stream - 1237 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ZA4UU6YugcZeS7T24L17Xgj
@Alternate Data Stream - 1211 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5i2eKQfP0wxSK4fi8b4T

< End of report >

========== Processes (SafeList) ==========

PRC - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe
PRC - [2010/04/03 23:00:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe
MOD - [2008/04/14 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/07 20:40:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) [Auto | Stopped] -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/25 10:15:00 | 000,042,120 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra_DFU.sys -- (MADFUFTU)
DRV - [2009/09/25 10:14:54 | 000,135,816 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra.sys -- (MAUSBFASTTRACKULTRA)
DRV - [2009/09/02 15:29:06 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioMobilePre.sys -- (MAUSBMOBILEPRE)
DRV - [2008/11/04 13:35:24 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/27 11:04:07 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 00:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 05:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/17 00:09:52 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/05/16 11:42:02 | 000,013,440 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2007/03/13 13:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/04 19:17:54 | 000,022,024 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus)
DRV - [2007/01/04 19:17:46 | 000,048,648 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MotuUsb.sys -- (MotuUsb)
DRV - [2007/01/04 19:17:38 | 000,035,336 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motumidi.sys -- (MotuMidi)
DRV - [2005/12/29 18:07:50 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2002/11/29 04:38:16 | 000,016,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/11/28 07:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 03:43:49 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/01/28 18:43:14 | 000,370,382 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "mail.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 23:00:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 11:04:31 | 000,000,000 | ---D | M]

[2009/09/25 13:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions
[2008/08/25 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/04/19 17:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions
[2009/09/26 23:39:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/19 17:44:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 13:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/18 13:46:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/24 17:53:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSOffice] C:\WINDOWS\system32\MSOffice\update.exe ( .)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Final Codecs\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe (mIRC Co. Ltd.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MSOffice] C:\WINDOWS\system32\MSOffice\update.exe ( .)
O4 - HKCU..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe (mIRC Co. Ltd.)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Documents and Settings\Tristan\Local Settings\Temp\Qld.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
O4 - Startup: C:\Documents and Settings\Tristan\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell®)
O24 - Desktop WallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/16 17:24:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\AutoRun\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\open\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SWTFU_Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/24 16:31:12 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/04/19 19:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT
[2010/04/19 17:42:29 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/04/19 17:42:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/04/19 17:42:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/04/19 17:42:28 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/04/19 17:42:28 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/04/19 17:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/04/18 13:47:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:47:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 13:18:25 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2010/04/18 13:18:24 | 000,282,624 | R--- | C] (Marvell Semiconductor, Inc) -- C:\WINDOWS\System32\drivers\WG311v3XP.sys
[2010/04/18 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/04/13 12:58:01 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/04/09 13:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\Aspyr
[2010/04/08 20:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Aspyr
[2010/04/08 19:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\Aspyr
[2010/04/02 10:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\famitracker
[2010/03/30 13:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 13:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Tristan\*.tmp files -> C:\Documents and Settings\Tristan\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/24 22:16:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/24 22:02:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 22:00:09 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/24 22:00:06 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 22:00:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 22:00:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/24 22:00:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/24 21:59:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 21:59:54 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
[2010/04/24 21:59:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 21:59:51 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004UA.job
[2010/04/24 21:35:11 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Tristan\NTUSER.DAT
[2010/04/24 21:32:06 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/24 21:32:06 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 21:32:06 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 21:30:53 | 000,028,544 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 21:24:54 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/24 21:23:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tristan\ntuser.ini
[2010/04/24 21:22:17 | 000,156,672 | ---- | M] () -- C:\WINDOWS\Qdypaa.exe
[2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () -- C:\WINDOWS\System32\wbdbasez.dll
[2010/04/19 18:45:00 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 17:28:28 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\default.rss
[2010/04/19 17:28:01 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 13:26:49 | 000,479,336 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 11:04:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/19 03:02:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/19 00:03:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 20:40:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004Core.job
[2010/04/18 14:39:12 | 000,112,144 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:58 | 000,076,880 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/18 13:46:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 13:46:48 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/18 13:46:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:40:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/18 13:18:15 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/18 13:18:15 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/13 12:59:39 | 000,001,381 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:53:44 | 006,013,987 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/07 09:22:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 13:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 20:27:37 | 000,098,738 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/31 02:57:00 | 002,644,140 | -H-- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\IconCache.db
[2010/03/30 13:52:08 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/26 18:43:07 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[1 C:\Documents and Settings\Tristan\*.tmp files -> C:\Documents and Settings\Tristan\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 21:22:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\Qdypaa.exe
[2010/04/24 21:22:22 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/24 21:22:18 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 21:22:16 | 000,368,128 | RHS- | C] () -- C:\WINDOWS\System32\wbdbasez.dll
[2010/04/24 21:22:16 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
[2010/04/19 18:45:00 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 18:44:10 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\chrtmp
[2010/04/19 13:26:49 | 000,479,336 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 00:03:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 14:39:10 | 000,112,144 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:56 | 000,076,880 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/18 13:18:15 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/18 13:18:15 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/13 12:59:39 | 000,001,381 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:58:46 | 006,013,987 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/12 17:46:16 | 000,084,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/02 20:27:37 | 000,098,738 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/30 13:52:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/05 14:41:35 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/30 23:48:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/06/05 00:01:06 | 009,214,464 | ---- | C] () -- C:\WINDOWS\avcodec-52.dll
[2009/06/05 00:01:06 | 000,745,984 | ---- | C] () -- C:\WINDOWS\avformat-52.dll
[2009/06/05 00:01:06 | 000,218,624 | ---- | C] () -- C:\WINDOWS\swscale-0.dll
[2009/06/05 00:01:06 | 000,070,144 | ---- | C] () -- C:\WINDOWS\avutil-50.dll
[2009/05/26 11:49:06 | 000,000,005 | ---- | C] () -- C:\WINDOWS\ppGameDrive.ini
[2009/05/10 09:18:42 | 000,060,416 | ---- | C] () -- C:\WINDOWS\zlib1.dll
[2009/05/10 09:17:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\libpng13.dll
[2009/05/09 12:57:14 | 000,122,368 | ---- | C] () -- C:\WINDOWS\lua5.1.dll
[2009/05/07 19:58:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/09 15:36:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/22 20:30:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/01/01 00:13:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008/11/04 13:35:38 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/04 13:35:37 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/04 13:35:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/04 13:35:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/11/04 13:35:28 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/11 19:13:43 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/12 20:36:07 | 000,000,107 | ---- | C] () -- C:\WINDOWS\CMSurround.ini
[2008/09/12 20:26:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/12 20:25:59 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/09/12 20:25:29 | 000,015,448 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008/09/12 20:25:23 | 000,000,388 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/09/02 13:04:39 | 001,275,026 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2008/09/02 13:04:39 | 001,153,640 | ---- | C] () -- C:\WINDOWS\System32\libvorbisenc-2.dll
[2008/09/02 13:04:39 | 001,024,153 | ---- | C] () -- C:\WINDOWS\System32\libfftw3-3.dll
[2008/09/02 13:04:39 | 001,010,421 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/09/02 13:04:39 | 000,183,050 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2008/09/02 13:04:39 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/02 13:04:39 | 000,051,790 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2008/09/02 13:04:39 | 000,048,995 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2008/08/27 11:04:07 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/12/28 22:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/28 22:13:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/11/29 08:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/28 03:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 03:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/09/15 07:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\Unrar.dll
[2005/04/21 11:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2004/09/16 17:26:22 | 000,000,055 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2004/02/20 13:36:34 | 000,416,256 | ---- | C] () -- C:\WINDOWS\exchndl.dll
[2002/05/14 21:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

========== LOP Check ==========

[2009/01/06 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/01/05 14:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2009/06/29 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2009/09/20 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/09/01 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/08/25 23:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2004/09/16 17:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/04/05 10:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 13:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ableton
[2009/04/27 11:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock
[2010/04/16 02:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock2
[2010/04/19 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BitTorrent
[2008/08/27 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BSplayer PRO
[2008/09/16 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Canneverbe_Limited
[2008/08/27 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DAEMON Tools
[2010/04/04 21:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DisplayFusion
[2010/04/24 22:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DNA
[2008/12/02 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\GARMIN
[2009/09/24 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Garritan
[2010/04/24 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Gmote
[2008/12/15 00:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\gtk-2.0
[2008/08/25 22:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InterTrust
[2008/12/12 21:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\LimeWire
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\PACE Anti-Piracy
[2009/05/26 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\ScummVM
[2008/08/25 23:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Songbird2
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ubisoft
[2010/01/05 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Vso
[2008/10/13 19:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves
[2008/10/13 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Audio
[2010/02/06 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Preferences
[2010/04/24 21:59:54 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\TFIMEGGKEN.job
[2010/04/24 22:00:06 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 22:00:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/01/06 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/02/06 18:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/08/30 10:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/08/30 10:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/11 12:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/01/05 14:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2009/06/29 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2009/09/20 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/04/24 21:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/02/15 22:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/04/13 13:00:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/26 13:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/08/24 10:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/23 14:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/02/06 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/06/09 12:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/09/01 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/02/18 17:46:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SecuROM
[2008/08/25 23:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2010/01/27 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/08/23 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2004/09/16 17:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/08/26 23:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/05 10:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 13:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010/03/30 13:40:12 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
[2010/02/06 18:01:04 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

< %APPDATA%\*. >
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ableton
[2010/02/12 12:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Adobe
[2009/09/11 12:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Apple Computer
[2009/03/11 12:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\AVS4YOU
[2009/04/27 11:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock
[2010/04/16 02:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock2
[2010/04/19 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BitTorrent
[2008/08/27 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BSplayer PRO
[2008/09/16 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Canneverbe_Limited
[2008/08/27 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DAEMON Tools
[2010/04/04 21:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DisplayFusion
[2008/09/16 17:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DivX
[2010/04/24 22:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DNA
[2009/11/03 22:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\dvdcss
[2008/12/02 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\GARMIN
[2009/09/24 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Garritan
[2010/04/24 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Gmote
[2008/09/16 20:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Google
[2008/12/15 00:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\gtk-2.0
[2008/10/07 11:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Help
[2008/08/25 22:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Identities
[2010/01/05 14:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InstallShield
[2008/08/25 22:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InterTrust
[2008/12/12 21:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\LimeWire
[2008/08/25 22:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Macromedia
[2009/05/01 22:16:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Tristan\Application Data\Microsoft
[2010/02/14 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla
[2009/02/26 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Nero
[2010/04/24 22:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\OpenOffice.org2
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\PACE Anti-Piracy
[2008/10/08 11:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Real
[2009/05/26 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\ScummVM
[2008/08/27 16:10:37 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Tristan\Application Data\SecuROM
[2008/08/25 23:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Songbird2
[2008/09/05 14:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Sun
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ubisoft
[2009/05/07 20:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ventrilo
[2010/01/05 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Vso
[2008/10/13 19:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves
[2008/10/13 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Audio
[2010/02/06 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Preferences
[2008/08/25 23:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\WinRAR
[2010/01/05 13:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Xfire

< %APPDATA%\*.exe /s >
[2010/01/05 14:41:19 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\ezpinst.exe
[2009/02/13 15:13:23 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2009/02/13 15:13:23 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2009/02/13 15:13:23 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 05:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05OTL logfile created on: 4/24/2010 10:20:25 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = M:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 95.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 238.84 Gb Total Space | 19.16 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
Drive D: | 59.25 Gb Total Space | 59.18 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.83% Space Free | Partition Type: FAT

Computer Name: ELCID
Current User Name: Tristan
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/07 20:40:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) [Auto | Stopped] -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/25 10:15:00 | 000,042,120 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra_DFU.sys -- (MADFUFTU)
DRV - [2009/09/25 10:14:54 | 000,135,816 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra.sys -- (MAUSBFASTTRACKULTRA)
DRV - [2009/09/02 15:29:06 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioMobilePre.sys -- (MAUSBMOBILEPRE)
DRV - [2008/11/04 13:35:24 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/27 11:04:07 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 00:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 05:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/17 00:09:52 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/05/16 11:42:02 | 000,013,440 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2007/03/13 13:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/04 19:17:54 | 000,022,024 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus)
DRV - [2007/01/04 19:17:46 | 000,048,648 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MotuUsb.sys -- (MotuUsb)
DRV - [2007/01/04 19:17:38 | 000,035,336 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motumidi.sys -- (MotuMidi)
DRV - [2005/12/29 18:07:50 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2002/11/29 04:38:16 | 000,016,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/11/28 07:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 03:43:49 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/01/28 18:43:14 | 000,370,382 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "mail.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 23:00:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 11:04:31 | 000,000,000 | ---D | M]

[2009/09/25 13:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions
[2008/08/25 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/04/19 17:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions
[2009/09/26 23:39:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/19 17:44:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 13:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/18 13:46:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/24 17:53:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSOffice] C:\WINDOWS\system32\MSOffice\update.exe ( .)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Final Codecs\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe (mIRC Co. Ltd.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MSOffice] C:\WINDOWS\system32\MSOffice\update.exe ( .)
O4 - HKCU..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe (mIRC Co. Ltd.)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Documents and Settings\Tristan\Local Settings\Temp\Qld.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
O4 - Startup: C:\Documents and Settings\Tristan\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell®)
O24 - Desktop WallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/16 17:24:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\AutoRun\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\open\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SWTFU_Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/25 14:34:08 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {4J2W12JN-24YC-1KEY-3W83-4A0007DEHM43} - C:\WINDOWS\system32\MSOffice\update.exe Restart
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/04/24 16:31:12 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/04/19 19:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT
[2010/04/19 17:42:29 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/04/19 17:42:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/04/19 17:42:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/04/19 17:42:28 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/04/19 17:42:28 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/04/19 17:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/04/18 13:47:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:47:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 13:18:25 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2010/04/18 13:18:24 | 000,282,624 | R--- | C] (Marvell Semiconductor, Inc) -- C:\WINDOWS\System32\drivers\WG311v3XP.sys
[2010/04/18 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/04/13 12:58:01 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/04/09 13:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\Aspyr
[2010/04/08 20:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Aspyr
[2010/04/08 19:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\Aspyr
[2010/04/02 10:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\famitracker
[2010/03/30 13:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 13:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Tristan\*.tmp files -> C:\Documents and Settings\Tristan\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/24 22:16:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/24 22:02:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 22:00:09 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/24 22:00:06 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 22:00:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 22:00:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/24 22:00:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/24 21:59:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 21:59:54 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
[2010/04/24 21:59:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 21:59:51 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004UA.job
[2010/04/24 21:35:11 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Tristan\NTUSER.DAT
[2010/04/24 21:32:06 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/24 21:32:06 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 21:32:06 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 21:30:53 | 000,028,544 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 21:24:54 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/24 21:23:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tristan\ntuser.ini
[2010/04/24 21:22:17 | 000,156,672 | ---- | M] () -- C:\WINDOWS\Qdypaa.exe
[2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () -- C:\WINDOWS\System32\wbdbasez.dll
[2010/04/19 18:45:00 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 17:28:28 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\default.rss
[2010/04/19 17:28:01 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 13:26:49 | 000,479,336 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 11:04:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/19 03:02:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/19 00:03:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 20:40:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004Core.job
[2010/04/18 14:39:12 | 000,112,144 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:58 | 000,076,880 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/18 13:46:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 13:46:48 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/18 13:46:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:40:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/18 13:18:15 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/18 13:18:15 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/13 12:59:39 | 000,001,381 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:53:44 | 006,013,987 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/07 09:22:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 13:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 20:27:37 | 000,098,738 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/31 02:57:00 | 002,644,140 | -H-- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\IconCache.db
[2010/03/30 13:52:08 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/26 18:43:07 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[1 C:\Documents and Settings\Tristan\*.tmp files -> C:\Documents and Settings\Tristan\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 21:22:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\Qdypaa.exe
[2010/04/24 21:22:22 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/24 21:22:18 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 21:22:16 | 000,368,128 | RHS- | C] () -- C:\WINDOWS\System32\wbdbasez.dll
[2010/04/24 21:22:16 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
[2010/04/19 18:45:00 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 18:44:10 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\chrtmp
[2010/04/19 13:26:49 | 000,479,336 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 00:03:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 14:39:10 | 000,112,144 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:56 | 000,076,880 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/18 13:18:15 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/18 13:18:15 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/13 12:59:39 | 000,001,381 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:58:46 | 006,013,987 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/12 17:46:16 | 000,084,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/02 20:27:37 | 000,098,738 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/30 13:52:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/05 14:41:35 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/30 23:48:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/06/05 00:01:06 | 009,214,464 | ---- | C] () -- C:\WINDOWS\avcodec-52.dll
[2009/06/05 00:01:06 | 000,745,984 | ---- | C] () -- C:\WINDOWS\avformat-52.dll
[2009/06/05 00:01:06 | 000,218,624 | ---- | C] () -- C:\WINDOWS\swscale-0.dll
[2009/06/05 00:01:06 | 000,070,144 | ---- | C] () -- C:\WINDOWS\avutil-50.dll
[2009/05/26 11:49:06 | 000,000,005 | ---- | C] () -- C:\WINDOWS\ppGameDrive.ini
[2009/05/10 09:18:42 | 000,060,416 | ---- | C] () -- C:\WINDOWS\zlib1.dll
[2009/05/10 09:17:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\libpng13.dll
[2009/05/09 12:57:14 | 000,122,368 | ---- | C] () -- C:\WINDOWS\lua5.1.dll
[2009/05/07 19:58:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/09 15:36:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/22 20:30:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/01/01 00:13:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008/11/04 13:35:38 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/04 13:35:37 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/04 13:35:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/04 13:35:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/11/04 13:35:28 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/11 19:13:43 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/12 20:36:07 | 000,000,107 | ---- | C] () -- C:\WINDOWS\CMSurround.ini
[2008/09/12 20:26:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/12 20:25:59 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/09/12 20:25:29 | 000,015,448 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008/09/12 20:25:23 | 000,000,388 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/09/02 13:04:39 | 001,275,026 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2008/09/02 13:04:39 | 001,153,640 | ---- | C] () -- C:\WINDOWS\System32\libvorbisenc-2.dll
[2008/09/02 13:04:39 | 001,024,153 | ---- | C] () -- C:\WINDOWS\System32\libfftw3-3.dll
[2008/09/02 13:04:39 | 001,010,421 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/09/02 13:04:39 | 000,183,050 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2008/09/02 13:04:39 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/02 13:04:39 | 000,051,790 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2008/09/02 13:04:39 | 000,048,995 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2008/08/27 11:04:07 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/12/28 22:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/28 22:13:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/11/29 08:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/28 03:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 03:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/09/15 07:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\Unrar.dll
[2005/04/21 11:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2004/09/16 17:26:22 | 000,000,055 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2004/02/20 13:36:34 | 000,416,256 | ---- | C] () -- C:\WINDOWS\exchndl.dll
[2002/05/14 21:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

========== LOP Check ==========

[2009/01/06 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/01/05 14:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2009/06/29 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2009/09/20 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/09/01 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/08/25 23:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2004/09/16 17:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/04/05 10:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 13:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ableton
[2009/04/27 11:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock
[2010/04/16 02:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock2
[2010/04/19 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BitTorrent
[2008/08/27 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BSplayer PRO
[2008/09/16 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Canneverbe_Limited
[2008/08/27 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DAEMON Tools
[2010/04/04 21:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DisplayFusion
[2010/04/24 22:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DNA
[2008/12/02 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\GARMIN
[2009/09/24 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Garritan
[2010/04/24 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Gmote
[2008/12/15 00:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\gtk-2.0
[2008/08/25 22:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InterTrust
[2008/12/12 21:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\LimeWire
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\PACE Anti-Piracy
[2009/05/26 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\ScummVM
[2008/08/25 23:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Songbird2
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ubisoft
[2010/01/05 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Vso
[2008/10/13 19:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves
[2008/10/13 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Audio
[2010/02/06 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Preferences
[2010/04/24 21:59:54 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\TFIMEGGKEN.job
[2010/04/24 22:00:06 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 22:00:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/01/06 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/02/06 18:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/08/30 10:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/08/30 10:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/11 12:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/01/05 14:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2009/06/29 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2009/09/20 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/04/24 21:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/02/15 22:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/04/13 13:00:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/26 13:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/08/24 10:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/23 14:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/02/06 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/06/09 12:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/09/01 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/02/18 17:46:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SecuROM
[2008/08/25 23:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2010/01/27 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/08/23 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2004/09/16 17:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/08/26 23:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/05 10:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 13:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010/03/30 13:40:12 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
[2010/02/06 18:01:04 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

< %APPDATA%\*. >
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ableton
[2010/02/12 12:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Adobe
[2009/09/11 12:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Apple Computer
[2009/03/11 12:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\AVS4YOU
[2009/04/27 11:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock
[2010/04/16 02:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock2
[2010/04/19 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BitTorrent
[2008/08/27 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BSplayer PRO
[2008/09/16 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Canneverbe_Limited
[2008/08/27 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DAEMON Tools
[2010/04/04 21:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DisplayFusion
[2008/09/16 17:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DivX
[2010/04/24 22:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DNA
[2009/11/03 22:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\dvdcss
[2008/12/02 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\GARMIN
[2009/09/24 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Garritan
[2010/04/24 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Gmote
[2008/09/16 20:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Google
[2008/12/15 00:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\gtk-2.0
[2008/10/07 11:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Help
[2008/08/25 22:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Identities
[2010/01/05 14:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InstallShield
[2008/08/25 22:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InterTrust
[2008/12/12 21:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\LimeWire
[2008/08/25 22:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Macromedia
[2009/05/01 22:16:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Tristan\Application Data\Microsoft
[2010/02/14 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla
[2009/02/26 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Nero
[2010/04/24 22:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\OpenOffice.org2
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\PACE Anti-Piracy
[2008/10/08 11:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Real
[2009/05/26 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\ScummVM
[2008/08/27 16:10:37 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Tristan\Application Data\SecuROM
[2008/08/25 23:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Songbird2
[2008/09/05 14:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Sun
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ubisoft
[2009/05/07 20:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ventrilo
[2010/01/05 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Vso
[2008/10/13 19:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves
[2008/10/13 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Audio
[2010/02/06 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Preferences
[2008/08/25 23:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\WinRAR
[2010/01/05 13:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Xfire

< %APPDATA%\*.exe /s >
[2010/01/05 14:41:19 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\ezpinst.exe
[2009/02/13 15:13:23 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2009/02/13 15:13:23 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2009/02/13 15:13:23 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 05:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/08/27 11:04:07 | 000,715,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/08/25 14:38:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/25 14:38:26 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/25 14:38:26 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wbdbasez.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
@Alternate Data Stream - 1237 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ZA4UU6YugcZeS7T24L17Xgj
@Alternate Data Stream - 1211 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5i2eKQfP0wxSK4fi8b4T

< End of report >

========== Processes (SafeList) ==========

PRC - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe
PRC - [2010/04/03 23:00:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe
MOD - [2008/04/14 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/07 20:40:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) [Auto | Stopped] -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/25 10:15:00 | 000,042,120 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra_DFU.sys -- (MADFUFTU)
DRV - [2009/09/25 10:14:54 | 000,135,816 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra.sys -- (MAUSBFASTTRACKULTRA)
DRV - [2009/09/02 15:29:06 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioMobilePre.sys -- (MAUSBMOBILEPRE)
DRV - [2008/11/04 13:35:24 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/27 11:04:07 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 00:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 05:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/17 00:09:52 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/05/16 11:42:02 | 000,013,440 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2007/03/13 13:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/04 19:17:54 | 000,022,024 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus)
DRV - [2007/01/04 19:17:46 | 000,048,648 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MotuUsb.sys -- (MotuUsb)
DRV - [2007/01/04 19:17:38 | 000,035,336 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motumidi.sys -- (MotuMidi)
DRV - [2005/12/29 18:07:50 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2002/11/29 04:38:16 | 000,016,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/11/28 07:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 03:43:49 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/01/28 18:43:14 | 000,370,382 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "mail.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 23:00:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 11:04:31 | 000,000,000 | ---D | M]

[2009/09/25 13:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions
[2008/08/25 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/04/19 17:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions
[2009/09/26 23:39:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/19 17:44:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 13:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/18 13:46:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/24 17:53:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSOffice] C:\WINDOWS\system32\MSOffice\update.exe ( .)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Final Codecs\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe (mIRC Co. Ltd.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MSOffice] C:\WINDOWS\system32\MSOffice\update.exe ( .)
O4 - HKCU..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe (mIRC Co. Ltd.)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Documents and Settings\Tristan\Local Settings\Temp\Qld.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
O4 - Startup: C:\Documents and Settings\Tristan\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell®)
O24 - Desktop WallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/16 17:24:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\AutoRun\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\open\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SWTFU_Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/24 16:31:12 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/04/19 19:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT
[2010/04/19 17:42:29 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/04/19 17:42:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/04/19 17:42:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/04/19 17:42:28 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/04/19 17:42:28 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/04/19 17:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/04/18 13:47:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:47:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 13:18:25 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2010/04/18 13:18:24 | 000,282,624 | R--- | C] (Marvell Semiconductor, Inc) -- C:\WINDOWS\System32\drivers\WG311v3XP.sys
[2010/04/18 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/04/13 12:58:01 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/04/09 13:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\Aspyr
[2010/04/08 20:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Aspyr
[2010/04/08 19:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\Aspyr
[2010/04/02 10:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\famitracker
[2010/03/30 13:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 13:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Documents and Settings\Tristan\*.tmp files -> C:\Documents and Settings\Tristan\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/24 22:16:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/24 22:02:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 22:00:09 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/24 22:00:06 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 22:00:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 22:00:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/24 22:00:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/24 21:59:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 21:59:54 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
[2010/04/24 21:59:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 21:59:51 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004UA.job
[2010/04/24 21:35:11 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Tristan\NTUSER.DAT
[2010/04/24 21:32:06 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/24 21:32:06 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 21:32:06 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 21:30:53 | 000,028,544 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 21:24:54 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/24 21:23:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tristan\ntuser.ini
[2010/04/24 21:22:17 | 000,156,672 | ---- | M] () -- C:\WINDOWS\Qdypaa.exe
[2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () -- C:\WINDOWS\System32\wbdbasez.dll
[2010/04/19 18:45:00 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 17:28:28 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\default.rss
[2010/04/19 17:28:01 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 13:26:49 | 000,479,336 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 11:04:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/19 03:02:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/19 00:03:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 20:40:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004Core.job
[2010/04/18 14:39:12 | 000,112,144 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:58 | 000,076,880 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/18 13:46:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 13:46:48 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/18 13:46:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:40:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/18 13:18:15 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/18 13:18:15 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/13 12:59:39 | 000,001,381 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:53:44 | 006,013,987 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/07 09:22:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 13:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 20:27:37 | 000,098,738 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/31 02:57:00 | 002,644,140 | -H-- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\IconCache.db
[2010/03/30 13:52:08 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/26 18:43:07 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[1 C:\Documents and Settings\Tristan\*.tmp files -> C:\Documents and Settings\Tristan\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 21:22:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\Qdypaa.exe
[2010/04/24 21:22:22 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/24 21:22:18 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 21:22:16 | 000,368,128 | RHS- | C] () -- C:\WINDOWS\System32\wbdbasez.dll
[2010/04/24 21:22:16 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
[2010/04/19 18:45:00 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 18:44:10 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\chrtmp
[2010/04/19 13:26:49 | 000,479,336 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 00:03:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 14:39:10 | 000,112,144 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:56 | 000,076,880 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/18 13:18:15 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/18 13:18:15 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/13 12:59:39 | 000,001,381 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:58:46 | 006,013,987 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/12 17:46:16 | 000,084,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/02 20:27:37 | 000,098,738 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/30 13:52:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/05 14:41:35 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/30 23:48:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/06/05 00:01:06 | 009,214,464 | ---- | C] () -- C:\WINDOWS\avcodec-52.dll
[2009/06/05 00:01:06 | 000,745,984 | ---- | C] () -- C:\WINDOWS\avformat-52.dll
[2009/06/05 00:01:06 | 000,218,624 | ---- | C] () -- C:\WINDOWS\swscale-0.dll
[2009/06/05 00:01:06 | 000,070,144 | ---- | C] () -- C:\WINDOWS\avutil-50.dll
[2009/05/26 11:49:06 | 000,000,005 | ---- | C] () -- C:\WINDOWS\ppGameDrive.ini
[2009/05/10 09:18:42 | 000,060,416 | ---- | C] () -- C:\WINDOWS\zlib1.dll
[2009/05/10 09:17:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\libpng13.dll
[2009/05/09 12:57:14 | 000,122,368 | ---- | C] () -- C:\WINDOWS\lua5.1.dll
[2009/05/07 19:58:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/09 15:36:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/22 20:30:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/01/01 00:13:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008/11/04 13:35:38 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/04 13:35:37 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/04 13:35:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/04 13:35:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/11/04 13:35:28 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/11 19:13:43 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/12 20:36:07 | 000,000,107 | ---- | C] () -- C:\WINDOWS\CMSurround.ini
[2008/09/12 20:26:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/12 20:25:59 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/09/12 20:25:29 | 000,015,448 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008/09/12 20:25:23 | 000,000,388 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/09/02 13:04:39 | 001,275,026 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2008/09/02 13:04:39 | 001,153,640 | ---- | C] () -- C:\WINDOWS\System32\libvorbisenc-2.dll
[2008/09/02 13:04:39 | 001,024,153 | ---- | C] () -- C:\WINDOWS\System32\libfftw3-3.dll
[2008/09/02 13:04:39 | 001,010,421 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/09/02 13:04:39 | 000,183,050 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2008/09/02 13:04:39 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/02 13:04:39 | 000,051,790 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2008/09/02 13:04:39 | 000,048,995 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2008/08/27 11:04:07 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/12/28 22:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/28 22:13:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/11/29 08:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/28 03:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 03:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/09/15 07:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\Unrar.dll
[2005/04/21 11:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2004/09/16 17:26:22 | 000,000,055 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2004/02/20 13:36:34 | 000,416,256 | ---- | C] () -- C:\WINDOWS\exchndl.dll
[2002/05/14 21:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

========== LOP Check ==========

[2009/01/06 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/01/05 14:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2009/06/29 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2009/09/20 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/09/01 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/08/25 23:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2004/09/16 17:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/04/05 10:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 13:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ableton
[2009/04/27 11:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock
[2010/04/16 02:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock2
[2010/04/19 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BitTorrent
[2008/08/27 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BSplayer PRO
[2008/09/16 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Canneverbe_Limited
[2008/08/27 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DAEMON Tools
[2010/04/04 21:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DisplayFusion
[2010/04/24 22:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DNA
[2008/12/02 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\GARMIN
[2009/09/24 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Garritan
[2010/04/24 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Gmote
[2008/12/15 00:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\gtk-2.0
[2008/08/25 22:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InterTrust
[2008/12/12 21:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\LimeWire
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\PACE Anti-Piracy
[2009/05/26 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\ScummVM
[2008/08/25 23:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Songbird2
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ubisoft
[2010/01/05 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Vso
[2008/10/13 19:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves
[2008/10/13 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Audio
[2010/02/06 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Preferences
[2010/04/24 21:59:54 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\TFIMEGGKEN.job
[2010/04/24 22:00:06 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/24 22:00:05 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/01/06 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/02/06 18:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/08/30 10:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/08/30 10:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/11 12:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/01/05 14:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2009/06/29 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2009/09/20 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/04/24 21:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/02/15 22:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/04/13 13:00:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/26 13:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/08/24 10:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/23 14:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/02/06 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/06/09 12:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/09/01 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/02/18 17:46:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SecuROM
[2008/08/25 23:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2010/01/27 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/08/23 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2004/09/16 17:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/08/26 23:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/05 10:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 13:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010/03/30 13:40:12 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
[2010/02/06 18:01:04 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

< %APPDATA%\*. >
[2009/12/16 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ableton
[2010/02/12 12:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Adobe
[2009/09/11 12:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Apple Computer
[2009/03/11 12:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\AVS4YOU
[2009/04/27 11:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock
[2010/04/16 02:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Bioshock2
[2010/04/19 19:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BitTorrent
[2008/08/27 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\BSplayer PRO
[2008/09/16 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Canneverbe_Limited
[2008/08/27 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DAEMON Tools
[2010/04/04 21:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DisplayFusion
[2008/09/16 17:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DivX
[2010/04/24 22:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\DNA
[2009/11/03 22:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\dvdcss
[2008/12/02 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\GARMIN
[2009/09/24 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Garritan
[2010/04/24 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Gmote
[2008/09/16 20:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Google
[2008/12/15 00:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\gtk-2.0
[2008/10/07 11:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Help
[2008/08/25 22:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Identities
[2010/01/05 14:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InstallShield
[2008/08/25 22:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\InterTrust
[2008/12/12 21:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\LimeWire
[2008/08/25 22:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Macromedia
[2009/05/01 22:16:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Tristan\Application Data\Microsoft
[2010/02/14 18:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla
[2009/02/26 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Nero
[2010/04/24 22:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\OpenOffice.org2
[2008/10/11 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\PACE Anti-Piracy
[2008/10/08 11:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Real
[2009/05/26 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\ScummVM
[2008/08/27 16:10:37 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Tristan\Application Data\SecuROM
[2008/08/25 23:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Songbird2
[2008/09/05 14:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Sun
[2010/04/19 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ubisoft
[2009/05/07 20:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Ventrilo
[2010/01/05 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Vso
[2008/10/13 19:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves
[2008/10/13 19:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Audio
[2010/02/06 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Waves Preferences
[2008/08/25 23:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\WinRAR
[2010/01/05 13:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Xfire

< %APPDATA%\*.exe /s >
[2010/01/05 14:41:19 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\ezpinst.exe
[2009/02/13 15:13:23 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2009/02/13 15:13:23 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2009/02/13 15:13:23 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Tristan\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 05:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/08/27 11:04:07 | 000,715,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/08/25 14:38:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/25 14:38:26 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/25 14:38:26 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wbdbasez.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
@Alternate Data Stream - 1237 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ZA4UU6YugcZeS7T24L17Xgj
@Alternate Data Stream - 1211 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5i2eKQfP0wxSK4fi8b4T

< End of report >
:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/08/27 11:04:07 | 000,715,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/08/25 14:38:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/25 14:38:26 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/25 14:38:26 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wbdbasez.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
@Alternate Data Stream - 1237 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ZA4UU6YugcZeS7T24L17Xgj
@Alternate Data Stream - 1211 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5i2eKQfP0wxSK4fi8b4T

< End of report >

the computer booted up into normal mode, but I got a few error messages upon startup, and some of the scans didn't work as described (logs weren't created, one caused a random reboot) so I tried everything in safe mode and it worked out. I didn't open a browser, and I had the internet disabled, but no rogue pages popped up.

Well done.

Glad your able to boot again.

==========

P2P Warning

Your log indicates that you have Bitorrent, BTDNA, & Limewire installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall Bitorrent, BTDNA, & Limewire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


==========

Please do this next.................

In safe mode with networking please....

We need to run an OTL Fix

1. Please reopen on your desktop.
2. Copy and Paste the following code into the textbox. Do not include the word "Code"
   
   CODE
   :OTL
   O4 - HKCU..\Run: [MSOffice] C:\WINDOWS\system32\MSOffice\update.exe ( .)
   O4 - HKCU..\Run: [YVIBBBHA8C] C:\Documents and Settings\Tristan\Local Settings\Temp\Qld.exe ()
   O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
   O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\MSOffice\update.exe ( .)
   O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\AutoRun\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
   O33 - MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\Shell\open\command - "" = ._.Trashes -- [2010/04/23 16:21:36 | 000,004,096 | -H-- | M] ()
   O33 - MountPoints2\G\Shell - "" = AutoRun
   O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
   O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SWTFU_Autorun.exe -- File not found
   [1 C:\Documents and Settings\Tristan\*.tmp files -> C:\Documents and Settings\Tristan\*.tmp -> ]
   [2010/04/24 21:59:54 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
   [2010/04/24 21:22:17 | 000,156,672 | ---- | M] () -- C:\WINDOWS\Qdypaa.exe
   [2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () -- C:\WINDOWS\System32\wbdbasez.dll
   [2010/04/24 21:22:22 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
   [2010/04/24 21:22:18 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
   [2010/04/24 21:22:16 | 000,368,128 | RHS- | C] () -- C:\WINDOWS\System32\wbdbasez.dll
   [2010/04/24 21:22:16 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\TFIMEGGKEN.job
   [2010/04/24 21:22:16 | 000,368,128 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wbdbasez.dll
   @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
   @Alternate Data Stream - 1237 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ZA4UU6YugcZeS7T24L17Xgj
   @Alternate Data Stream - 1211 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5i2eKQfP0wxSK4fi8b4T
   
   :Commands
   [emptytemp]
   [emptyflash]
   [Reboot]
3. Push
4. OTL may ask to reboot the machine. Please do so if asked.
5. Click .
6. A report will open. Copy and Paste that report in your next reply.

==========

Now boot into normal mode and do this please....

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

Please re-run OTL in normal modeL and post a log

==========

With your next post please provide:

* OTL fix log
* MBAM log
* OTL.txt
* How is your computer running now?

Kind regards,
~t

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSOffice deleted successfully.
C:\WINDOWS\System32\MSOffice\update.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C deleted successfully.
C:\Documents and Settings\Tristan\Local Settings\Temp\Qld.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
File C:\WINDOWS\system32\MSOffice\update.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
File C:\WINDOWS\system32\MSOffice\update.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\ not found.
._.Trashes moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d64ce2a-c8e0-11dd-9cb0-001cc02a0116}\ not found.
.Trashes\501 folder moved successfully.
.Trashes folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\SWTFU_Autorun.exe not found.
C:\Documents and Settings\Tristan\(null)id.tmp deleted successfully.
C:\WINDOWS\tasks\TFIMEGGKEN.job moved successfully.
C:\WINDOWS\Qdypaa.exe moved successfully.
C:\WINDOWS\system32\wbdbasez.dll moved successfully.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
File C:\WINDOWS\System32\wbdbasez.dll not found.
File C:\WINDOWS\tasks\TFIMEGGKEN.job not found.
File C:\WINDOWS\system32\wbdbasez.dll not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:66E02052 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:ZA4UU6YugcZeS7T24L17Xgj deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:5i2eKQfP0wxSK4fi8b4T deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Tristan
->Temp folder emptied: 2915121 bytes
->Temporary Internet Files folder emptied: 3493896 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3016975 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 927 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 114688 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1295804036 bytes

Total Files Cleaned = 1,245.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: test

User: Tristan
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.2.0 log created on 04252010_135616

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/25/2010 11:40:51 AM
mbam-log-2010-04-25 (11-40-51).txt

Scan type: Quick scan
Objects scanned: 110379
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4j2w12jn-24yc-1key-3w83-4a0007dehm43} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\spool\prtprocs\w32x86\0000373b.tmp (Trojan.Dropper.Gen) -> Delete on reboot.
C:\Documents and Settings\Tristan\Application Data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

OTL logfile created on: 4/25/2010 11:48:10 AM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = M:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 238.84 Gb Total Space | 19.63 Gb Free Space | 8.22% Space Free | Partition Type: NTFS
Drive D: | 59.25 Gb Total Space | 59.18 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 19.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.39% Space Free | Partition Type: FAT

Computer Name: ELCID
Current User Name: Tristan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe
PRC - [2010/04/03 23:00:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 05:57:06 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/11/24 16:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/13 11:25:36 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/02 15:29:22 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2008/12/05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/06 13:41:14 | 000,358,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2008/11/06 13:39:46 | 002,816,520 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2008/11/06 13:22:12 | 000,473,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
PRC - [2008/11/06 13:21:42 | 001,548,296 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2008/11/06 13:21:32 | 000,526,856 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2008/11/06 13:21:24 | 000,523,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2008/11/06 13:21:14 | 000,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2008/07/07 00:34:59 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/29 02:43:41 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2007/11/21 17:51:20 | 001,507,328 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
PRC - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
PRC - [2002/12/02 07:17:37 | 000,073,728 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
PRC - [2002/01/28 01:16:50 | 001,228,800 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/24 17:26:06 | 000,562,688 | ---- | M] (OldTimer Tools) -- M:\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/07 20:40:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005/06/15 14:00:40 | 000,049,152 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/25 10:15:00 | 000,042,120 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra_DFU.sys -- (MADFUFTU)
DRV - [2009/09/25 10:14:54 | 000,135,816 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackUltra.sys -- (MAUSBFASTTRACKULTRA)
DRV - [2009/09/02 15:29:06 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioMobilePre.sys -- (MAUSBMOBILEPRE)
DRV - [2008/11/04 13:35:24 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/27 11:04:07 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 00:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 05:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/17 00:09:52 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/05/16 11:42:02 | 000,013,440 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2007/03/13 13:05:30 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/04 19:17:54 | 000,022,024 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus)
DRV - [2007/01/04 19:17:46 | 000,048,648 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MotuUsb.sys -- (MotuUsb)
DRV - [2007/01/04 19:17:38 | 000,035,336 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motumidi.sys -- (MotuMidi)
DRV - [2005/12/29 18:07:50 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2002/11/29 04:38:16 | 000,016,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/11/28 07:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 03:43:49 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/01/28 18:43:14 | 000,370,382 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "mail.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 23:00:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 11:04:31 | 000,000,000 | ---D | M]

[2009/09/25 13:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions
[2008/08/25 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/04/24 22:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions
[2009/09/26 23:39:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\q69jrfqo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/24 22:39:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/18 13:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/18 13:46:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/24 17:53:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSOffice] C:\WINDOWS\System32\MSOffice\update.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Final Codecs\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [StartServiceMCPPTMHT] C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT\StartService.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
O4 - Startup: C:\Documents and Settings\Tristan\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell®)
O24 - Desktop WallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tristan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/16 17:24:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 17:43:07 | 000,358,248 | R--- | M] (NETGEAR Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 01:27:40 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/09/07 19:05:17 | 000,000,049 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SWTFU_Autorun.exe -- [2009/10/03 23:39:15 | 000,161,016 | R--- | M] (Aspyr Media, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/25 14:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/25 14:24:31 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2010/04/25 14:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/04/25 14:12:57 | 000,282,624 | R--- | C] (Marvell Semiconductor, Inc) -- C:\WINDOWS\System32\drivers\WG311v3XP.sys
[2010/04/25 14:00:16 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tristan\Desktop\mbam-setup-1.45.exe
[2010/04/25 11:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Application Data\Malwarebytes
[2010/04/25 11:34:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/25 11:34:40 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 11:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/25 11:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/24 16:31:12 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/04/19 19:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\MCPPTMHT
[2010/04/19 17:42:29 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/04/19 17:42:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/04/19 17:42:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/04/19 17:42:28 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/04/19 17:42:28 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/04/19 17:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/04/18 13:47:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:47:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:47:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/13 12:58:01 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/04/09 13:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\Aspyr
[2010/04/08 20:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Aspyr
[2010/04/08 19:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\Local Settings\Application Data\Aspyr
[2010/04/02 10:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tristan\My Documents\famitracker
[2010/03/30 13:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 13:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 13:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 30 Days ==========

[2010/04/25 14:31:51 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/25 14:31:51 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/25 14:31:51 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/25 14:28:00 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/25 14:27:59 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/25 14:27:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 14:27:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/25 14:27:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/25 14:25:49 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Tristan\NTUSER.DAT
[2010/04/25 14:24:26 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/25 14:24:26 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/25 14:13:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tristan\ntuser.ini
[2010/04/25 14:02:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 11:40:39 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004UA.job
[2010/04/25 10:46:46 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tristan\Desktop\mbam-setup-1.45.exe
[2010/04/24 21:59:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 21:30:53 | 000,028,544 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 21:24:54 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/19 18:45:00 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 17:28:28 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Tristan\Application Data\default.rss
[2010/04/19 17:28:01 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 13:26:49 | 000,479,336 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 11:04:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/19 03:02:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/19 00:03:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 20:40:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1682526488-1801674531-1004Core.job
[2010/04/18 14:39:12 | 000,112,144 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:58 | 000,076,880 | ---- | M] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/18 13:46:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/18 13:46:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/18 13:46:48 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/18 13:46:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/18 13:40:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/13 12:59:39 | 000,001,381 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:53:44 | 006,013,987 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/07 09:22:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 13:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 20:27:37 | 000,098,738 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | M] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/31 02:57:00 | 002,644,140 | -H-- | M] () -- C:\Documents and Settings\Tristan\Local Settings\Application Data\IconCache.db
[2010/03/30 13:52:08 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 18:43:07 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

========== Files Created - No Company Name ==========

[2010/04/25 14:24:26 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/25 14:24:26 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2010/04/19 18:45:00 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Assassin's Creed II.lnk
[2010/04/19 18:44:12 | 000,035,381 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\SQLite3.dll
[2010/04/19 18:44:10 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Tristan\Application Data\chrtmp
[2010/04/19 13:26:49 | 000,479,336 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\2010-04-13 13.23.59.jpg
[2010/04/19 00:03:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/18 14:39:10 | 000,112,144 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism4.pdf
[2010/04/18 14:37:56 | 000,076,880 | ---- | C] () -- C:\Documents and Settings\Tristan\Desktop\aphorism3.pdf
[2010/04/13 12:59:39 | 000,001,381 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/04/13 12:58:46 | 006,013,987 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\WUSB54GS_20050428.exe
[2010/04/12 17:46:16 | 000,166,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/02 20:27:37 | 000,098,738 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav.asd
[2010/04/02 20:26:52 | 007,410,608 | ---- | C] () -- C:\Documents and Settings\Tristan\My Documents\eightbit.wav
[2010/03/30 13:52:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/05 14:41:35 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/30 23:48:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/06/05 00:01:06 | 009,214,464 | ---- | C] () -- C:\WINDOWS\avcodec-52.dll
[2009/06/05 00:01:06 | 000,745,984 | ---- | C] () -- C:\WINDOWS\avformat-52.dll
[2009/06/05 00:01:06 | 000,218,624 | ---- | C] () -- C:\WINDOWS\swscale-0.dll
[2009/06/05 00:01:06 | 000,070,144 | ---- | C] () -- C:\WINDOWS\avutil-50.dll
[2009/05/26 11:49:06 | 000,000,005 | ---- | C] () -- C:\WINDOWS\ppGameDrive.ini
[2009/05/10 09:18:42 | 000,060,416 | ---- | C] () -- C:\WINDOWS\zlib1.dll
[2009/05/10 09:17:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\libpng13.dll
[2009/05/09 12:57:14 | 000,122,368 | ---- | C] () -- C:\WINDOWS\lua5.1.dll
[2009/05/07 19:58:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/09 15:36:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/22 20:30:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/01/01 00:13:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008/11/04 13:35:38 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/04 13:35:37 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/04 13:35:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/04 13:35:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/11/04 13:35:28 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/11 19:13:43 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/12 20:36:07 | 000,000,107 | ---- | C] () -- C:\WINDOWS\CMSurround.ini
[2008/09/12 20:26:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/12 20:25:59 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/09/12 20:25:29 | 000,015,448 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008/09/12 20:25:23 | 000,000,388 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/09/02 13:04:39 | 001,275,026 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2008/09/02 13:04:39 | 001,153,640 | ---- | C] () -- C:\WINDOWS\System32\libvorbisenc-2.dll
[2008/09/02 13:04:39 | 001,024,153 | ---- | C] () -- C:\WINDOWS\System32\libfftw3-3.dll
[2008/09/02 13:04:39 | 001,010,421 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/09/02 13:04:39 | 000,183,050 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2008/09/02 13:04:39 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/02 13:04:39 | 000,051,790 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2008/09/02 13:04:39 | 000,048,995 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2008/08/27 11:04:07 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/12/28 22:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/28 22:13:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/11/29 08:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/28 03:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 03:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/09/15 07:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\Unrar.dll
[2005/04/21 11:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2004/09/16 17:26:22 | 000,000,055 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2004/02/20 13:36:34 | 000,416,256 | ---- | C] () -- C:\WINDOWS\exchndl.dll
[2002/05/14 21:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

< End of report >

The machine seems to be running pretty smoothly now, thanks so much. the only thing that's unusual is upon boot up I get a message that says "0x7c91e346 referenced 0x00e21a74, the memory could not be 'read' ". It comes up twice in a row.

Much better...

The error message is related to a rogue file that we removed that the OS is looking for.

Please do this....

Re-run MBAM and post a log

==========

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push

==========

Still getting the error message?

Any further troubles?

Thanks,
~ t

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/25/2010 5:00:57 PM
mbam-log-2010-04-25 (17-00-57).txt

Scan type: Quick scan
Objects scanned: 111463
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I assume your currently scanning with ESET. That one can take a while.