PDA

View Full Version : Program Files (x86) not executing



Tobias Nightbringer
2009-03-22, 10:56
I am not exactly sure how to explain my problem. I'm not even sure if this has anything to do with being infected by a virus, but I have not found a permanent solution to my situation.

A week or so ago, I was not able to execute any programs that were stored in my Program Files (x86) folder nor did my anti-virus start up (at the time it was Avira). Double-clicking, right-click and run, etc, etc. did not work. I would see the 'loading' cursor for a brief moment, but then nothing. No errors, no sounds, nada. I eventually solved it (somewhat of an accident. Trial and error for the win) by doing a System Restore.

However, it cost me my Avira anti-virus program. I had to delete it and re-install it, but when I tried to re-install, I got a message that it was already installed on my computer (even though I deleted everything, registry files and all). After several unsuccessful attempts to re-install Avira (even though it said it was installed successfully), I installed AVG on March 21.

That worked--until I powered on my computer when I got home (which was the same day I installed AVG, just at the end of the day). Same exact situation. Couldn't execute any programs from Program Files (x86) folder. Did another System Restore and I am back to square one. I am not sure if this has to do with a virus or not, so I will just post my HJT log and hope that someone can answer my plea or direct me towards the right path.

Thank you for your time in advance.
-------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:53 AM, on 3/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Tobias\Downloads\HijackThis\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10741 bytes

katana
2009-03-26, 01:16
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

It looks from your log as if you have a 64bit machine, if this is correct then please note that most of the tools we would normally use will not function.
I will help you as much as I can, but I can't promise anything.



OTScanIt

Please download OTScanIt.exe (http://oldtimer.geekstogo.com/OTScanIt2.exe) by OldTimer and save it to your desktop.
Double click on OTScanIt.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
Under Drivers section, select Non-Microsoft.
Click on the Run Scan button at the top left hand corner.
OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

Tobias Nightbringer
2009-03-26, 02:38
Hello Katana, and thank you for assisting me! Unfortunately for some reason when I click on your link to download the OTScanIt.exe, the window that pops up is a 404-Not Found. Tried to Google OTScanIt.exe as well to see if I could download it elsewhere, but no such luck :( Any suggestions?

katana
2009-03-26, 03:02
I've changed the link, please try it again.

Tobias Nightbringer
2009-03-26, 03:09
Under the 'Drivers' section, my following options are:

None

Safe List

All

Do I select the option 'None'?

katana
2009-03-26, 03:13
Safe List

Tobias Nightbringer
2009-03-26, 03:16
Copy that. Running now. Will post the content in Notepad ASAP.

Tobias Nightbringer
2009-03-26, 03:18
[code]
OTScanIt2 logfile created on: 3/25/2009 6:16:09 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.9.0 Folder = C:\Users\Tobias\Downloads\OTScanIt\OTScanIt2
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.81% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.13 Gb Total Space | 142.39 Gb Free Space | 49.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIGHTFIRE
Current User Name: Tobias
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/29 04:22:41 | 00,611,664 | ---- | M] (Lavasoft)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/19 18:43:11 | 00,307,704 | ---- | M] (Mozilla Corporation)
hpqsrmon.exe -> %ProgramFiles%\HP\Digital Imaging\bin\HpqSRmon.exe -> [2008/06/02 00:55:22 | 00,080,896 | ---- | M] (Hewlett-Packard)
hpqtoaster.exe -> %ProgramFiles%\Hewlett-Packard\Shared\HpqToaster.exe -> [2007/05/16 11:43:06 | 00,677,432 | R--- | M] ()
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwamain.exe -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2007/09/13 09:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 18:54:40 | 00,178,712 | ---- | M] (Intel Corporation)
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2008/04/15 18:54:42 | 00,354,840 | ---- | M] (Intel Corporation)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/10 06:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
lightscribecontrolpanel.exe -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe -> [2007/08/23 17:36:30 | 00,455,968 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company)
otscanit2.exe -> %UserProfile%\Downloads\OTScanIt\OTScanIt2\OTScanIt2.exe -> [2009/03/22 18:23:22 | 00,491,520 | ---- | M] (OldTimer Tools)
pnkbstra.exe -> %SystemRoot%\SysWOW64\PnkBstrA.exe -> [2008/10/08 17:28:44 | 00,066,872 | ---- | M] ()
qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> [2007/09/19 14:31:34 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
qpcapsvc.exe -> %ProgramFiles%\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -> [2007/12/19 19:28:34 | 00,271,760 | ---- | M] ()
qpsched.exe -> %ProgramFiles%\HP\QuickPlay\Kernel\TV\QPSched.exe -> [2007/12/19 19:28:34 | 00,112,016 | ---- | M] ()
qpservice.exe -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> [2007/12/19 19:27:50 | 00,468,264 | ---- | M] (CyberLink Corp.)
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [2007/01/09 03:25:30 | 00,272,024 | ---- | M] ()
steam.exe -> %ProgramFiles%\Steam\Steam.exe -> [2008/10/08 02:45:05 | 01,410,296 | ---- | M] (Valve Corporation)
steamservice.exe -> %CommonProgramFiles%\Steam\SteamService.exe -> [2009/03/18 02:36:02 | 00,316,664 | ---- | M] (Valve Corporation)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited)
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
wifimsg.exe -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -> [2007/01/08 16:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)

[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/29 04:22:41 | 00,611,664 | ---- | M] (Lavasoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> -> File not found
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 11:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 11:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] -> %SystemDrive%\Program Files\Comodo\Firewall\cmdagent.exe -> [2008/12/06 13:59:42 | 00,889,080 | ---- | M] ()
(Com4Qlb) Com4Qlb [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -> [2007/03/05 10:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\ehome\ehRecvr.exe -> [2008/01/20 19:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\ehome\ehsched.exe -> [2008/01/20 19:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> %SystemRoot%\ehome\ehstart.dll -> [2006/11/02 08:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 18:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\HP Games\My HP Game Console\GameConsoleService.exe -> [2008/05/05 15:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.)
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/06/16 09:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard)
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2008/04/15 18:54:42 | 00,354,840 | ---- | M] (Intel Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 18:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 18:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(PcaSvc) Program Compatibility Assistant Service [Win32_Shared | Auto | Running] -> %SystemRoot%\sysnative\pcasvc.dll -> [2008/01/20 19:47:55 | 00,079,360 | ---- | M] ()
(PerfHost) Performance Counter DLL Host [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SysWow64\perfhost.exe -> [2008/01/20 19:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/10/08 17:28:44 | 00,066,872 | ---- | M] ()
(QPCapSvc) QuickPlay Background Capture Service (QBCS) [Win32_Own | Auto | Running] -> %ProgramFiles%\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -> [2007/12/19 19:28:34 | 00,271,760 | ---- | M] ()
(QPSched) QuickPlay Task Scheduler (QTS) [Win32_Own | Auto | Running] -> %ProgramFiles%\HP\QuickPlay\Kernel\TV\QPSched.exe -> [2007/12/19 19:28:34 | 00,112,016 | ---- | M] ()
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [2007/01/09 03:25:30 | 00,272,024 | ---- | M] ()
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> -> File not found
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Steam\SteamService.exe -> [2009/03/18 02:36:02 | 00,316,664 | ---- | M] (Valve Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Running] -> %SystemDrive%\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 19:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\DRIVERS\bcmwl664.sys -> [2006/10/06 19:13:22 | 00,550,912 | ---- | M] ()
(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> %SystemRoot%\sysnative\DRIVERS\CmBatt.sys -> [2008/01/20 19:46:51 | 00,017,792 | ---- | M] ()
(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\drivers\HdAudio.sys -> [2006/11/01 22:28:10 | 00,273,920 | ---- | M] ()
(HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\sysnative\DRIVERS\HpqKbFiltr.sys -> [2007/06/18 17:13:12 | 00,018,432 | ---- | M] ()
(HpqRemHid) HP Remote Control HID Device [Kernel | On_Demand | Running] -> %SystemRoot%\sysnative\DRIVERS\HpqRemHid.sys -> [2007/07/11 10:30:34 | 00,009,088 | ---- | M] ()
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\DRIVERS\VSTAZL6.SYS -> [2008/01/20 19:46:57 | 00,286,720 | ---- | M] ()
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\DRIVERS\VSTDPV6.SYS -> [2008/01/20 19:46:57 | 01,523,712 | ---- | M] ()
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\sysnative\DRIVERS\iaStor.sys -> [2008/04/15 18:54:16 | 00,388,120 | ---- | M] ()
(NETw3v64) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\DRIVERS\NETw3v64.sys -> [2008/01/20 19:46:57 | 03,154,432 | ---- | M] ()
(NETw4v64) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\DRIVERS\NETw4v64.sys -> [2007/10/31 18:44:38 | 03,197,440 | ---- | M] ()
(NETw5v64) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\sysnative\DRIVERS\NETw5v64.sys -> [2008/11/17 16:50:30 | 04,751,360 | ---- | M] ()
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\drivers\npf.sys -> [2007/11/06 13:23:14 | 00,040,464 | ---- | M] ()
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\DRIVERS\nvm60x64.sys -> [2006/10/09 19:09:03 | 00,742,696 | ---- | M] ()
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> %SystemRoot%\sysnative\DRIVERS\rimmpx64.sys -> [2007/03/19 12:09:36 | 00,055,808 | ---- | M] ()
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> %SystemRoot%\sysnative\DRIVERS\rimspx64.sys -> [2007/02/27 16:10:38 | 00,053,760 | ---- | M] ()
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> %SystemRoot%\sysnative\DRIVERS\rixdpx64.sys -> [2007/03/26 19:48:24 | 00,055,808 | ---- | M] ()
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\sysnative\DRIVERS\Rtlh64.sys -> [2009/01/20 07:49:48 | 00,195,584 | ---- | M] ()
(sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\sysnative\DRIVERS\sdbus.sys -> [2008/01/20 19:46:55 | 00,111,104 | ---- | M] ()
(smserial) smserial [Kernel | On_Demand | Running] -> %SystemRoot%\sysnative\DRIVERS\smserial.sys -> [2007/01/17 06:48:30 | 01,455,616 | ---- | M] ()
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\sysnative\DRIVERS\SynTP.sys -> [2008/03/28 02:06:00 | 00,324,656 | ---- | M] ()
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\drivers\usbaudio.sys -> [2008/01/20 19:47:04 | 00,098,816 | ---- | M] ()
(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\sysnative\Drivers\usbvideo.sys -> [2008/01/20 19:47:27 | 00,168,704 | ---- | M] ()
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> %SystemRoot%\sysnative\DRIVERS\VSTCNXT6.SYS -> [2008/01/20 19:46:57 | 00,724,480 | ---- | M] ()

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> Reg Error: Invalid data type. ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> %SystemRoot%\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2009/01/14 23:07:53 | 06,069,248 | ---- | M] (Microsoft Corporation)
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/05/30 14:18:26 | 00,808,472 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Tobias\AppData\Roaming\Mozilla\FireFox\Profiles\xqhaek2b.default\prefs.js ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.0 ->
extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.2 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> %SystemRoot%\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/03/21 00:05:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/22 01:26:16 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009/03/22 01:26:15 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Tobias\AppData\Roaming\mozilla\Extensions -> [2008/10/03 12:19:01 | 00,000,000 | ---D | M]
-> C:\Users\Tobias\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/10/03 12:19:01 | 00,000,000 | ---D | M]
-> C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\xqhaek2b.default\extensions -> [2009/03/22 01:26:32 | 00,096,618 | ---- | M] ()
-> C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\xqhaek2b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2009/03/22 01:26:32 | 00,096,618 | ---- | M] ()
-> C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\xqhaek2b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/03/22 01:26:32 | 00,096,618 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009/02/19 18:43:32 | 09,742,840 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/02/19 18:43:32 | 09,742,840 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009/02/19 18:43:32 | 09,742,840 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -> [2009/02/19 18:43:32 | 09,742,840 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2009/02/19 18:43:32 | 09,742,840 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009/03/22 01:26:16 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/02/19 18:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/02/19 18:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009/03/22 01:26:15 | 00,000,000 | ---D | M]
np-mswmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
npdeploytk.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2008/11/10 06:43:30 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/02/19 18:43:35 | 00,065,528 | ---- | M] (mozilla.org)
npViewpoint.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npViewpoint.dll -> [2007/04/16 10:07:12 | 00,180,293 | ---- | M] ()
npViewpoint.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npViewpoint.xpt -> [2006/10/09 11:26:35 | 00,000,266 | ---- | M] ()
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 11:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 11:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009/03/22 01:26:16 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/02/19 12:33:08 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/02/19 12:33:08 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/02/19 12:33:08 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/02/19 12:33:08 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/02/19 12:33:08 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/02/19 12:33:08 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/02/19 12:33:08 | 00,000,792 | ---- | M] ()
< HOSTS File > (289702 bytes and 10023 lines) -> C:\Windows\System32\drivers\etc\Hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/05/30 14:18:26 | 00,808,472 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/10 06:43:31 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/10 06:43:16 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> [2007/08/31 12:32:24 | 00,177,504 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/05/30 14:18:26 | 00,808,472 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2007/05/11 04:06:32 | 00,040,048 | ---- | M] (Adobe Systems Incorporated)
"avgnt" -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> File not found
"HP Health Check Scheduler" -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/06/16 09:03:20 | 00,075,008 | ---- | M] (Hewlett-Packard)
"HP Software Update" -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"hpqSRMon" -> %ProgramFiles%\HP\Digital Imaging\bin\hpqSRMon.exe [C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe] -> [2008/06/02 00:55:22 | 00,080,896 | ---- | M] (Hewlett-Packard)
"hpWirelessAssistant" -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> [2007/09/13 09:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"QlbCtrl" -> [%ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] -> File not found
"QPService" -> %ProgramFiles%\HP\QuickPlay\QPService.exe ["C:\Program Files (x86)\HP\QuickPlay\QPService.exe"] -> [2007/12/19 19:27:50 | 00,468,264 | ---- | M] (CyberLink Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2008/11/10 06:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"UCam_Menu" -> %ProgramFiles%\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"] -> [2007/08/16 23:13:28 | 00,218,408 | ---- | M] (CyberLink Corp.)
"WAWifiMessage" -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe] -> [2007/01/08 16:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Aim6" -> [] -> File not found
"LightScribe Control Panel" -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe [C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden] -> [2007/08/23 17:36:30 | 00,455,968 | ---- | M] (Hewlett-Packard Company)
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"ForceActiveDesktopOn" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{58ECB495-38F0-49cb-A538-10282ABF65E7}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Smart Select] -> [2007/08/31 12:34:58 | 00,152,928 | ---- | M] (Hewlett-Packard Co.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5216 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5146 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{4AA6E3A5-6D8E-4FA0-93B1-860735EA4966} -> (Realtek RTL8168B/8111B Family PCI-E GBE NIC) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\Windows\SysWOW64\guard32.dll -> %SystemRoot%\SysWOW64\guard32.dll -> [2008/12/06 13:59:55 | 00,147,192 | ---- | M] ()
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\system32\explorer.exe -> [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> %SystemRoot%\SysWOW64\webcheck.dll [WebCheck] -> [2008/01/20 19:48:55 | 00,233,984 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> [2006/08/30 13:35:12 | 00,952,088 | ---- | M] (EarthLink, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


[Files/Folders - Created Within 30 Days]
NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TMContainer00000000000000000002.regtrans-ms -> %UserProfile%\NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TMContainer00000000000000000002.regtrans-ms -> [2009/03/22 01:23:01 | 00,524,288 | -HS- | C] ()
NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TMContainer00000000000000000001.regtrans-ms -> %UserProfile%\NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TMContainer00000000000000000001.regtrans-ms -> [2009/03/22 01:23:01 | 00,524,288 | -HS- | C] ()
NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TM.blf -> %UserProfile%\NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TM.blf -> [2009/03/22 01:23:01 | 00,065,536 | -HS- | C] ()
avg -> %SystemRoot%\System32\drivers\avg -> [2009/03/21 01:08:12 | 00,000,000 | ---D | C]
avg8 -> %AllUsersProfile%\avg8 -> [2009/03/21 01:06:39 | 00,000,000 | ---D | C]
AVG -> %ProgramFiles%\AVG -> [2009/03/21 01:06:39 | 00,000,000 | ---D | C]
infocardcpl.cpl -> %SystemRoot%\System32\infocardcpl.cpl -> [2009/03/21 00:01:39 | 00,037,384 | ---- | C] (Microsoft Corporation)
icardres.dll -> %SystemRoot%\System32\icardres.dll -> [2009/03/21 00:01:36 | 00,011,264 | ---- | C] (Microsoft Corporation)
PresentationNative_v0300.dll -> %SystemRoot%\System32\PresentationNative_v0300.dll -> [2009/03/21 00:01:35 | 00,781,344 | ---- | C] (Microsoft Corporation)
icardagt.exe -> %SystemRoot%\System32\icardagt.exe -> [2009/03/21 00:01:35 | 00,622,080 | ---- | C] (Microsoft Corporation)
infocardapi.dll -> %SystemRoot%\System32\infocardapi.dll -> [2009/03/21 00:01:35 | 00,097,800 | ---- | C] (Microsoft Corporation)
PresentationHostProxy.dll -> %SystemRoot%\System32\PresentationHostProxy.dll -> [2009/03/21 00:01:35 | 00,043,544 | ---- | C] (Microsoft Corporation)
PresentationCFFRasterizerNative_v0300.dll -> %SystemRoot%\System32\PresentationCFFRasterizerNative_v0300.dll -> [2009/03/21 00:01:30 | 00,105,016 | ---- | C] (Microsoft Corporation)
PresentationHost.exe -> %SystemRoot%\System32\PresentationHost.exe -> [2009/03/21 00:01:28 | 00,326,160 | ---- | C] (Microsoft Corporation)
netfxperf.dll -> %SystemRoot%\System32\netfxperf.dll -> [2009/03/20 23:54:59 | 00,041,984 | ---- | C] (Microsoft Corporation)
dfshim.dll -> %SystemRoot%\System32\dfshim.dll -> [2009/03/20 23:54:21 | 00,096,760 | ---- | C] (Microsoft Corporation)
mscoree.dll -> %SystemRoot%\System32\mscoree.dll -> [2009/03/20 23:54:13 | 00,282,112 | ---- | C] (Microsoft Corporation)
mscorier.dll -> %SystemRoot%\System32\mscorier.dll -> [2009/03/20 23:54:04 | 00,158,720 | ---- | C] (Microsoft Corporation)
mscories.dll -> %SystemRoot%\System32\mscories.dll -> [2009/03/20 23:54:02 | 00,083,968 | ---- | C] (Microsoft Corporation)
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [2009/03/18 11:25:16 | 02,295,944 | -H-- | C] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/03/18 11:04:41 | 42,933,20704 | -HS- | C] ()
NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TMContainer00000000000000000002.regtrans-ms -> %UserProfile%\NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TMContainer00000000000000000002.regtrans-ms -> [2009/03/18 02:14:17 | 00,524,288 | -HS- | C] ()
NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TMContainer00000000000000000001.regtrans-ms -> %UserProfile%\NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TMContainer00000000000000000001.regtrans-ms -> [2009/03/18 02:14:17 | 00,524,288 | -HS- | C] ()
NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TM.blf -> %UserProfile%\NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TM.blf -> [2009/03/18 02:14:17 | 00,065,536 | -HS- | C] ()
d3d9caps64.dat -> %UserProfile%\AppData\Local\d3d9caps64.dat -> [2009/03/18 00:42:06 | 00,000,732 | ---- | C] ()
schannel.dll -> %SystemRoot%\System32\schannel.dll -> [2009/03/17 13:39:09 | 00,268,288 | ---- | C] (Microsoft Corporation)

[Files/Folders - Modified Within 30 Days]
16 C:\Users\Tobias\AppData\Local\Temp\*.tmp files -> C:\Users\Tobias\AppData\Local\Temp\*.tmp ->
16 C:\Users\Tobias\AppData\Local\Temp\*.tmp files -> C:\Users\Tobias\AppData\Local\Temp\*.tmp ->
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/03/25 18:16:28 | 07,077,888 | -HS- | M] ()
dwpqqrfnE.dll -> %UserProfile%\AppData\Local\Temp\dwpqqrfnE.dll -> [2009/03/25 18:08:05 | 00,053,248 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Microsoft\Network\Downloader\qmgr1.dat -> [2009/03/25 16:06:14 | 04,194,304 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Microsoft\Network\Downloader\qmgr0.dat -> [2009/03/25 16:06:14 | 04,194,304 | ---- | M] ()
nvModes.001 -> %AllUsersProfile%\nvModes.001 -> [2009/03/25 16:03:41 | 00,042,526 | ---- | M] ()
hpqp.ini -> %SystemDrive%\Users\Public\Documents\hpqp.ini -> [2009/03/25 16:03:36 | 00,000,253 | ---- | M] ()
nvModes.dat -> %AllUsersProfile%\nvModes.dat -> [2009/03/25 16:03:33 | 00,042,526 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/03/25 16:03:15 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/03/25 16:03:02 | 00,067,584 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/03/25 16:02:57 | 42,933,20704 | -HS- | M] ()
NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TMContainer00000000000000000001.regtrans-ms -> %UserProfile%\NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TMContainer00000000000000000001.regtrans-ms -> [2009/03/25 12:55:57 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TM.blf -> %UserProfile%\NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TM.blf -> [2009/03/25 12:55:57 | 00,065,536 | -HS- | M] ()
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [2009/03/25 12:55:48 | 02,295,944 | -H-- | M] ()
PublishedRacMonSWITable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/03/25 00:59:56 | 00,013,916 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/03/25 00:59:56 | 00,008,004 | ---- | M] ()
PublishedRacMonIndex.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/03/25 00:59:56 | 00,001,584 | ---- | M] ()
PublishedRacMonOSFTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/03/25 00:59:56 | 00,001,104 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/03/25 00:59:56 | 00,000,000 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/03/25 00:59:56 | 00,000,000 | ---- | M] ()
NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TMContainer00000000000000000002.regtrans-ms -> %UserProfile%\NTUSER.DAT{1021b489-16b1-11de-881d-001e6843cdf2}.TMContainer00000000000000000002.regtrans-ms -> [2009/03/22 04:30:32 | 00,524,288 | -HS- | M] ()
d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [2009/03/22 03:24:57 | 00,000,680 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/03/22 01:14:37 | 00,744,188 | ---- | M] ()
ntuser.dat_previous -> %UserProfile%\ntuser.dat_previous -> [2009/03/22 01:11:07 | 07,077,888 | -HS- | M] ()
NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TMContainer00000000000000000001.regtrans-ms -> %UserProfile%\NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TMContainer00000000000000000001.regtrans-ms -> [2009/03/22 01:11:07 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TM.blf -> %UserProfile%\NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TM.blf -> [2009/03/22 01:11:07 | 00,065,536 | -HS- | M] ()
d3d9caps64.dat -> %UserProfile%\AppData\Local\d3d9caps64.dat -> [2009/03/18 02:47:53 | 00,000,732 | ---- | M] ()
NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TMContainer00000000000000000002.regtrans-ms -> %UserProfile%\NTUSER.DAT{67f52449-1399-11de-8466-001e6843cdf2}.TMContainer00000000000000000002.regtrans-ms -> [2009/03/18 02:29:02 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> %UserProfile%\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> [2009/03/18 02:12:47 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> %UserProfile%\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> [2009/03/18 02:12:47 | 00,065,536 | -HS- | M] ()
build.dat -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\build.dat -> [2009/03/11 15:55:33 | 00,017,962 | ---- | M] ()
build.dat -> %SystemRoot%\Temp\AVSETUP_49c5422e\build.dat -> [2009/03/11 15:55:33 | 00,017,962 | ---- | M] ()
build.dat -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\build.dat -> [2009/03/11 15:55:33 | 00,017,962 | ---- | M] ()
build.dat -> %SystemRoot%\Temp\AVSETUP_49c1380a\build.dat -> [2009/03/11 15:55:33 | 00,017,962 | ---- | M] ()
build.dat -> %SystemRoot%\Temp\AVSETUP_49c0c89f\build.dat -> [2009/03/11 15:55:33 | 00,017,962 | ---- | M] ()
rctext.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\rctext.dll -> [2009/03/11 15:55:12 | 00,087,297 | ---- | M] (Avira GmbH)
rctext.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\rctext.dll -> [2009/03/11 15:55:12 | 00,087,297 | ---- | M] (Avira GmbH)
rctext.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\rctext.dll -> [2009/03/11 15:55:12 | 00,087,297 | ---- | M] (Avira GmbH)
rctext.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\rctext.dll -> [2009/03/11 15:55:12 | 00,087,297 | ---- | M] (Avira GmbH)
rctext.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\rctext.dll -> [2009/03/11 15:55:12 | 00,087,297 | ---- | M] (Avira GmbH)
setup.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\setup.exe -> [2009/03/10 10:03:29 | 00,679,681 | ---- | M] (Avira GmbH)
setup.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\setup.exe -> [2009/03/10 10:03:29 | 00,679,681 | ---- | M] (Avira GmbH)
setup.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\setup.exe -> [2009/03/10 10:03:29 | 00,679,681 | ---- | M] (Avira GmbH)
setup.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\setup.exe -> [2009/03/10 10:03:29 | 00,679,681 | ---- | M] (Avira GmbH)
setup.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\setup.exe -> [2009/03/10 10:03:29 | 00,679,681 | ---- | M] (Avira GmbH)
opa12.dat -> %AllUsersProfile%\Microsoft\OFFICE\DATA\opa12.dat -> [2009/03/06 00:46:00 | 00,008,306 | ---- | M] ()
update.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\update.exe -> [2009/03/05 16:20:02 | 00,401,153 | ---- | M] (Avira GmbH)
update.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\update.exe -> [2009/03/05 16:20:02 | 00,401,153 | ---- | M] (Avira GmbH)
update.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\update.exe -> [2009/03/05 16:20:02 | 00,401,153 | ---- | M] (Avira GmbH)
update.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\update.exe -> [2009/03/05 16:20:02 | 00,401,153 | ---- | M] (Avira GmbH)
update.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\update.exe -> [2009/03/05 16:20:02 | 00,401,153 | ---- | M] (Avira GmbH)
sched.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\sched.exe -> [2009/03/05 16:17:24 | 00,108,289 | ---- | M] (Avira GmbH)
sched.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\sched.exe -> [2009/03/05 16:17:24 | 00,108,289 | ---- | M] (Avira GmbH)
sched.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\sched.exe -> [2009/03/05 16:17:24 | 00,108,289 | ---- | M] (Avira GmbH)
sched.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\sched.exe -> [2009/03/05 16:17:24 | 00,108,289 | ---- | M] (Avira GmbH)
sched.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\sched.exe -> [2009/03/05 16:17:24 | 00,108,289 | ---- | M] (Avira GmbH)
aepack.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aepack.dll -> [2009/03/04 13:06:10 | 00,397,686 | ---- | M] (Avira GmbH)
aepack.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aepack.dll -> [2009/03/04 13:06:10 | 00,397,686 | ---- | M] (Avira GmbH)
aepack.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aepack.dll -> [2009/03/04 13:06:10 | 00,397,686 | ---- | M] (Avira GmbH)
aepack.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aepack.dll -> [2009/03/04 13:06:10 | 00,397,686 | ---- | M] (Avira GmbH)
aepack.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aepack.dll -> [2009/03/04 13:06:10 | 00,397,686 | ---- | M] (Avira GmbH)
aegen.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aegen.dll -> [2009/03/04 13:06:10 | 00,336,244 | ---- | M] (Avira GmbH)
aegen.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aegen.dll -> [2009/03/04 13:06:10 | 00,336,244 | ---- | M] (Avira GmbH)
aegen.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aegen.dll -> [2009/03/04 13:06:10 | 00,336,244 | ---- | M] (Avira GmbH)
aegen.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aegen.dll -> [2009/03/04 13:06:10 | 00,336,244 | ---- | M] (Avira GmbH)
aegen.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aegen.dll -> [2009/03/04 13:06:10 | 00,336,244 | ---- | M] (Avira GmbH)
aeset.dat -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aeset.dat -> [2009/03/04 13:06:10 | 00,002,158 | ---- | M] ()
aeset.dat -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aeset.dat -> [2009/03/04 13:06:10 | 00,002,158 | ---- | M] ()
aeset.dat -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aeset.dat -> [2009/03/04 13:06:10 | 00,002,158 | ---- | M] ()
aeset.dat -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aeset.dat -> [2009/03/04 13:06:10 | 00,002,158 | ---- | M] ()
aeset.dat -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aeset.dat -> [2009/03/04 13:06:10 | 00,002,158 | ---- | M] ()
update.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\update.dll -> [2009/03/02 13:57:04 | 00,326,913 | ---- | M] (Avira GmbH)
update.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\update.dll -> [2009/03/02 13:57:04 | 00,326,913 | ---- | M] (Avira GmbH)
update.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\update.dll -> [2009/03/02 13:57:04 | 00,326,913 | ---- | M] (Avira GmbH)
update.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\update.dll -> [2009/03/02 13:57:04 | 00,326,913 | ---- | M] (Avira GmbH)
update.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\update.dll -> [2009/03/02 13:57:04 | 00,326,913 | ---- | M] (Avira GmbH)
ccgen.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccgen.dll -> [2009/03/02 13:53:02 | 00,450,305 | ---- | M] (Avira GmbH)
ccgen.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccgen.dll -> [2009/03/02 13:53:02 | 00,450,305 | ---- | M] (Avira GmbH)
ccgen.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccgen.dll -> [2009/03/02 13:53:02 | 00,450,305 | ---- | M] (Avira GmbH)
ccgen.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccgen.dll -> [2009/03/02 13:53:02 | 00,450,305 | ---- | M] (Avira GmbH)
ccgen.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccgen.dll -> [2009/03/02 13:53:02 | 00,450,305 | ---- | M] (Avira GmbH)
avconfig.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avconfig.dll -> [2009/03/02 13:49:11 | 00,444,161 | ---- | M] (Avira GmbH)
avconfig.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avconfig.dll -> [2009/03/02 13:49:11 | 00,444,161 | ---- | M] (Avira GmbH)
avconfig.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avconfig.dll -> [2009/03/02 13:49:11 | 00,444,161 | ---- | M] (Avira GmbH)
avconfig.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avconfig.dll -> [2009/03/02 13:49:11 | 00,444,161 | ---- | M] (Avira GmbH)
avconfig.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avconfig.dll -> [2009/03/02 13:49:11 | 00,444,161 | ---- | M] (Avira GmbH)
ccquamgr.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccquamgr.dll -> [2009/03/02 12:11:52 | 00,341,249 | ---- | M] (Avira GmbH)
ccquamgr.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccquamgr.dll -> [2009/03/02 12:11:52 | 00,341,249 | ---- | M] (Avira GmbH)
ccquamgr.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccquamgr.dll -> [2009/03/02 12:11:52 | 00,341,249 | ---- | M] (Avira GmbH)
ccquamgr.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccquamgr.dll -> [2009/03/02 12:11:52 | 00,341,249 | ---- | M] (Avira GmbH)
ccquamgr.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccquamgr.dll -> [2009/03/02 12:11:52 | 00,341,249 | ---- | M] (Avira GmbH)
avguard.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avguard.exe -> [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH)
avguard.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avguard.exe -> [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH)
avguard.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avguard.exe -> [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH)
avguard.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avguard.exe -> [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH)
avguard.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avguard.exe -> [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH)
avgnt.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avgnt.exe -> [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH)
avgnt.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avgnt.exe -> [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH)
avgnt.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avgnt.exe -> [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH)
avgnt.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avgnt.exe -> [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH)
avgnt.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avgnt.exe -> [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH)
avgsetup.exe -> %UserProfile%\AppData\Local\Temp\7zSA331.tmp\avgsetup.exe -> [2009/03/02 06:42:07 | 03,130,136 | ---- | M] (AVG Technologies CZ, s.r.o.)
rchelp.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\rchelp.dll -> [2009/02/27 11:33:33 | 00,046,337 | ---- | M] (Avira GmbH)
rchelp.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\rchelp.dll -> [2009/02/27 11:33:33 | 00,046,337 | ---- | M] (Avira GmbH)
rchelp.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\rchelp.dll -> [2009/02/27 11:33:33 | 00,046,337 | ---- | M] (Avira GmbH)
rchelp.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\rchelp.dll -> [2009/02/27 11:33:33 | 00,046,337 | ---- | M] (Avira GmbH)
rchelp.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\rchelp.dll -> [2009/02/27 11:33:33 | 00,046,337 | ---- | M] (Avira GmbH)
updaterc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\updaterc.dll -> [2009/02/27 10:59:22 | 00,078,593 | ---- | M] (Avira GmbH)
updaterc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\updaterc.dll -> [2009/02/27 10:59:22 | 00,078,593 | ---- | M] (Avira GmbH)
updaterc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\updaterc.dll -> [2009/02/27 10:59:22 | 00,078,593 | ---- | M] (Avira GmbH)
updaterc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\updaterc.dll -> [2009/02/27 10:59:22 | 00,078,593 | ---- | M] (Avira GmbH)
updaterc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\updaterc.dll -> [2009/02/27 10:59:22 | 00,078,593 | ---- | M] (Avira GmbH)
avconfigrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avconfigrc.dll -> [2009/02/27 10:59:18 | 00,011,009 | ---- | M] (Avira GmbH)
avconfigrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avconfigrc.dll -> [2009/02/27 10:59:18 | 00,011,009 | ---- | M] (Avira GmbH)
avconfigrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avconfigrc.dll -> [2009/02/27 10:59:18 | 00,011,009 | ---- | M] (Avira GmbH)
avconfigrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avconfigrc.dll -> [2009/02/27 10:59:18 | 00,011,009 | ---- | M] (Avira GmbH)
avconfigrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avconfigrc.dll -> [2009/02/27 10:59:18 | 00,011,009 | ---- | M] (Avira GmbH)
factrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\factrc.dll -> [2009/02/27 10:59:15 | 00,020,737 | ---- | M] (Avira GmbH)
factrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\factrc.dll -> [2009/02/27 10:59:15 | 00,020,737 | ---- | M] (Avira GmbH)
factrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\factrc.dll -> [2009/02/27 10:59:15 | 00,020,737 | ---- | M] (Avira GmbH)
factrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\factrc.dll -> [2009/02/27 10:59:15 | 00,020,737 | ---- | M] (Avira GmbH)
factrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\factrc.dll -> [2009/02/27 10:59:15 | 00,020,737 | ---- | M] (Avira GmbH)
updguirc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\updguirc.dll -> [2009/02/27 10:59:02 | 00,008,961 | ---- | M] (Avira GmbH)
updguirc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\updguirc.dll -> [2009/02/27 10:59:02 | 00,008,961 | ---- | M] (Avira GmbH)
updguirc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\updguirc.dll -> [2009/02/27 10:59:02 | 00,008,961 | ---- | M] (Avira GmbH)
updguirc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\updguirc.dll -> [2009/02/27 10:59:02 | 00,008,961 | ---- | M] (Avira GmbH)
updguirc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\updguirc.dll -> [2009/02/27 10:59:02 | 00,008,961 | ---- | M] (Avira GmbH)
setup.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\setup.dll -> [2009/02/27 10:59:00 | 00,060,930 | ---- | M] (Avira GmbH)
setup.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\setup.dll -> [2009/02/27 10:59:00 | 00,060,930 | ---- | M] (Avira GmbH)
setup.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\setup.dll -> [2009/02/27 10:59:00 | 00,060,930 | ---- | M] (Avira GmbH)
setup.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\setup.dll -> [2009/02/27 10:59:00 | 00,060,930 | ---- | M] (Avira GmbH)
setup.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\setup.dll -> [2009/02/27 10:59:00 | 00,060,930 | ---- | M] (Avira GmbH)
schedr.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\schedr.dll -> [2009/02/27 10:58:59 | 00,006,913 | ---- | M] (Avira GmbH)
schedr.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\schedr.dll -> [2009/02/27 10:58:59 | 00,006,913 | ---- | M] (Avira GmbH)
schedr.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\schedr.dll -> [2009/02/27 10:58:59 | 00,006,913 | ---- | M] (Avira GmbH)
schedr.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\schedr.dll -> [2009/02/27 10:58:59 | 00,006,913 | ---- | M] (Avira GmbH)
schedr.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\schedr.dll -> [2009/02/27 10:58:59 | 00,006,913 | ---- | M] (Avira GmbH)
lukeres.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\lukeres.dll -> [2009/02/27 10:58:52 | 00,012,033 | ---- | M] (Avira GmbH)
lukeres.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\lukeres.dll -> [2009/02/27 10:58:52 | 00,012,033 | ---- | M] (Avira GmbH)
lukeres.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\lukeres.dll -> [2009/02/27 10:58:52 | 00,012,033 | ---- | M] (Avira GmbH)
lukeres.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\lukeres.dll -> [2009/02/27 10:58:52 | 00,012,033 | ---- | M] (Avira GmbH)
lukeres.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\lukeres.dll -> [2009/02/27 10:58:52 | 00,012,033 | ---- | M] (Avira GmbH)
licmgr.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\licmgr.dll -> [2009/02/27 10:58:51 | 00,009,473 | ---- | M] (Avira GmbH)
licmgr.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\licmgr.dll -> [2009/02/27 10:58:51 | 00,009,473 | ---- | M] (Avira GmbH)
licmgr.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\licmgr.dll -> [2009/02/27 10:58:51 | 00,009,473 | ---- | M] (Avira GmbH)
licmgr.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\licmgr.dll -> [2009/02/27 10:58:51 | 00,009,473 | ---- | M] (Avira GmbH)
licmgr.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\licmgr.dll -> [2009/02/27 10:58:51 | 00,009,473 | ---- | M] (Avira GmbH)
guardmsg.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\guardmsg.dll -> [2009/02/27 10:58:49 | 00,029,441 | ---- | M] (Avira GmbH)
guardmsg.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\guardmsg.dll -> [2009/02/27 10:58:49 | 00,029,441 | ---- | M] (Avira GmbH)
guardmsg.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\guardmsg.dll -> [2009/02/27 10:58:49 | 00,029,441 | ---- | M] (Avira GmbH)
guardmsg.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\guardmsg.dll -> [2009/02/27 10:58:49 | 00,029,441 | ---- | M] (Avira GmbH)
guardmsg.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\guardmsg.dll -> [2009/02/27 10:58:49 | 00,029,441 | ---- | M] (Avira GmbH)
ccupdrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccupdrc.dll -> [2009/02/27 10:58:44 | 00,012,545 | ---- | M] (Avira GmbH)
ccupdrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccupdrc.dll -> [2009/02/27 10:58:44 | 00,012,545 | ---- | M] (Avira GmbH)
ccupdrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccupdrc.dll -> [2009/02/27 10:58:44 | 00,012,545 | ---- | M] (Avira GmbH)
ccupdrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccupdrc.dll -> [2009/02/27 10:58:44 | 00,012,545 | ---- | M] (Avira GmbH)
ccupdrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccupdrc.dll -> [2009/02/27 10:58:44 | 00,012,545 | ---- | M] (Avira GmbH)
ccscherc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccscherc.dll -> [2009/02/27 10:58:42 | 00,018,177 | ---- | M] (Avira GmbH)
ccscherc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccscherc.dll -> [2009/02/27 10:58:42 | 00,018,177 | ---- | M] (Avira GmbH)
ccscherc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccscherc.dll -> [2009/02/27 10:58:42 | 00,018,177 | ---- | M] (Avira GmbH)
ccscherc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccscherc.dll -> [2009/02/27 10:58:42 | 00,018,177 | ---- | M] (Avira GmbH)
ccscherc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccscherc.dll -> [2009/02/27 10:58:42 | 00,018,177 | ---- | M] (Avira GmbH)
ccscanrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccscanrc.dll -> [2009/02/27 10:58:41 | 00,023,809 | ---- | M] (Avira GmbH)
ccscanrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccscanrc.dll -> [2009/02/27 10:58:41 | 00,023,809 | ---- | M] (Avira GmbH)
ccscanrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccscanrc.dll -> [2009/02/27 10:58:41 | 00,023,809 | ---- | M] (Avira GmbH)
ccscanrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccscanrc.dll -> [2009/02/27 10:58:41 | 00,023,809 | ---- | M] (Avira GmbH)
ccscanrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccscanrc.dll -> [2009/02/27 10:58:41 | 00,023,809 | ---- | M] (Avira GmbH)
ccreporc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccreporc.dll -> [2009/02/27 10:58:39 | 00,011,009 | ---- | M] (Avira GmbH)
ccreporc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccreporc.dll -> [2009/02/27 10:58:39 | 00,011,009 | ---- | M] (Avira GmbH)
ccreporc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccreporc.dll

Tobias Nightbringer
2009-03-26, 03:20
-> [2009/02/27 10:58:39 | 00,011,009 | ---- | M] (Avira GmbH)
ccreporc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccreporc.dll -> [2009/02/27 10:58:39 | 00,011,009 | ---- | M] (Avira GmbH)
ccreporc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccreporc.dll -> [2009/02/27 10:58:39 | 00,011,009 | ---- | M] (Avira GmbH)
ccquarc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccquarc.dll -> [2009/02/27 10:58:38 | 00,016,641 | ---- | M] (Avira GmbH)
ccquarc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccquarc.dll -> [2009/02/27 10:58:38 | 00,016,641 | ---- | M] (Avira GmbH)
ccquarc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccquarc.dll -> [2009/02/27 10:58:38 | 00,016,641 | ---- | M] (Avira GmbH)
ccquarc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccquarc.dll -> [2009/02/27 10:58:38 | 00,016,641 | ---- | M] (Avira GmbH)
ccquarc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccquarc.dll -> [2009/02/27 10:58:38 | 00,016,641 | ---- | M] (Avira GmbH)
ccmainrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccmainrc.dll -> [2009/02/27 10:58:34 | 00,020,225 | ---- | M] (Avira GmbH)
ccmainrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccmainrc.dll -> [2009/02/27 10:58:34 | 00,020,225 | ---- | M] (Avira GmbH)
ccmainrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccmainrc.dll -> [2009/02/27 10:58:34 | 00,020,225 | ---- | M] (Avira GmbH)
ccmainrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccmainrc.dll -> [2009/02/27 10:58:34 | 00,020,225 | ---- | M] (Avira GmbH)
ccmainrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccmainrc.dll -> [2009/02/27 10:58:34 | 00,020,225 | ---- | M] (Avira GmbH)
cclicrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\cclicrc.dll -> [2009/02/27 10:58:33 | 00,004,865 | ---- | M] (Avira GmbH)
cclicrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\cclicrc.dll -> [2009/02/27 10:58:33 | 00,004,865 | ---- | M] (Avira GmbH)
cclicrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\cclicrc.dll -> [2009/02/27 10:58:33 | 00,004,865 | ---- | M] (Avira GmbH)
cclicrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\cclicrc.dll -> [2009/02/27 10:58:33 | 00,004,865 | ---- | M] (Avira GmbH)
cclicrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\cclicrc.dll -> [2009/02/27 10:58:33 | 00,004,865 | ---- | M] (Avira GmbH)
ccgrdrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccgrdrc.dll -> [2009/02/27 10:58:31 | 00,020,225 | ---- | M] (Avira GmbH)
ccgrdrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccgrdrc.dll -> [2009/02/27 10:58:31 | 00,020,225 | ---- | M] (Avira GmbH)
ccgrdrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccgrdrc.dll -> [2009/02/27 10:58:31 | 00,020,225 | ---- | M] (Avira GmbH)
ccgrdrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccgrdrc.dll -> [2009/02/27 10:58:31 | 00,020,225 | ---- | M] (Avira GmbH)
ccgrdrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccgrdrc.dll -> [2009/02/27 10:58:31 | 00,020,225 | ---- | M] (Avira GmbH)
ccgenrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccgenrc.dll -> [2009/02/27 10:58:29 | 00,026,881 | ---- | M] (Avira GmbH)
ccgenrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccgenrc.dll -> [2009/02/27 10:58:29 | 00,026,881 | ---- | M] (Avira GmbH)
ccgenrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccgenrc.dll -> [2009/02/27 10:58:29 | 00,026,881 | ---- | M] (Avira GmbH)
ccgenrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccgenrc.dll -> [2009/02/27 10:58:29 | 00,026,881 | ---- | M] (Avira GmbH)
ccgenrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccgenrc.dll -> [2009/02/27 10:58:29 | 00,026,881 | ---- | M] (Avira GmbH)
ccevrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccevrc.dll -> [2009/02/27 10:58:26 | 00,011,521 | ---- | M] (Avira GmbH)
ccevrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccevrc.dll -> [2009/02/27 10:58:26 | 00,011,521 | ---- | M] (Avira GmbH)
ccevrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccevrc.dll -> [2009/02/27 10:58:26 | 00,011,521 | ---- | M] (Avira GmbH)
ccevrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccevrc.dll -> [2009/02/27 10:58:26 | 00,011,521 | ---- | M] (Avira GmbH)
ccevrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccevrc.dll -> [2009/02/27 10:58:26 | 00,011,521 | ---- | M] (Avira GmbH)
avscan.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avscan.dll -> [2009/02/27 10:58:24 | 00,040,705 | ---- | M] (Avira GmbH)
avscan.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avscan.dll -> [2009/02/27 10:58:24 | 00,040,705 | ---- | M] (Avira GmbH)
avscan.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avscan.dll -> [2009/02/27 10:58:24 | 00,040,705 | ---- | M] (Avira GmbH)
avscan.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avscan.dll -> [2009/02/27 10:58:24 | 00,040,705 | ---- | M] (Avira GmbH)
avscan.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avscan.dll -> [2009/02/27 10:58:24 | 00,040,705 | ---- | M] (Avira GmbH)
avnotify.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avnotify.dll -> [2009/02/27 10:58:22 | 00,007,425 | ---- | M] (Avira GmbH)
avnotify.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avnotify.dll -> [2009/02/27 10:58:22 | 00,007,425 | ---- | M] (Avira GmbH)
avnotify.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avnotify.dll -> [2009/02/27 10:58:22 | 00,007,425 | ---- | M] (Avira GmbH)
avnotify.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avnotify.dll -> [2009/02/27 10:58:22 | 00,007,425 | ---- | M] (Avira GmbH)
avnotify.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avnotify.dll -> [2009/02/27 10:58:22 | 00,007,425 | ---- | M] (Avira GmbH)
aescript.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aescript.dll -> [2009/02/26 20:01:56 | 00,352,634 | ---- | M] (Avira GmbH)
aescript.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aescript.dll -> [2009/02/26 20:01:56 | 00,352,634 | ---- | M] (Avira GmbH)
aescript.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aescript.dll -> [2009/02/26 20:01:56 | 00,352,634 | ---- | M] (Avira GmbH)
aescript.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aescript.dll -> [2009/02/26 20:01:56 | 00,352,634 | ---- | M] (Avira GmbH)
aescript.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aescript.dll -> [2009/02/26 20:01:56 | 00,352,634 | ---- | M] (Avira GmbH)
aeoffice.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aeoffice.dll -> [2009/02/26 20:01:56 | 00,196,987 | ---- | M] (Avira GmbH)
aeoffice.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aeoffice.dll -> [2009/02/26 20:01:56 | 00,196,987 | ---- | M] (Avira GmbH)
aeoffice.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aeoffice.dll -> [2009/02/26 20:01:56 | 00,196,987 | ---- | M] (Avira GmbH)
aeoffice.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aeoffice.dll -> [2009/02/26 20:01:56 | 00,196,987 | ---- | M] (Avira GmbH)
aeoffice.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aeoffice.dll -> [2009/02/26 20:01:56 | 00,196,987 | ---- | M] (Avira GmbH)
aehelp.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aehelp.dll -> [2009/02/26 20:01:56 | 00,119,158 | ---- | M] (Avira GmbH)
aehelp.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aehelp.dll -> [2009/02/26 20:01:56 | 00,119,158 | ---- | M] (Avira GmbH)
aehelp.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aehelp.dll -> [2009/02/26 20:01:56 | 00,119,158 | ---- | M] (Avira GmbH)
aehelp.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aehelp.dll -> [2009/02/26 20:01:56 | 00,119,158 | ---- | M] (Avira GmbH)
aehelp.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aehelp.dll -> [2009/02/26 20:01:56 | 00,119,158 | ---- | M] (Avira GmbH)
aeheur.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aeheur.dll -> [2009/02/25 15:49:16 | 01,618,295 | ---- | M] (Avira GmbH)
aeheur.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aeheur.dll -> [2009/02/25 15:49:16 | 01,618,295 | ---- | M] (Avira GmbH)
aeheur.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aeheur.dll -> [2009/02/25 15:49:16 | 01,618,295 | ---- | M] (Avira GmbH)
aeheur.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aeheur.dll -> [2009/02/25 15:49:16 | 01,618,295 | ---- | M] (Avira GmbH)
aeheur.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aeheur.dll -> [2009/02/25 15:49:16 | 01,618,295 | ---- | M] (Avira GmbH)
avevtrc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\avevtrc.dll -> [2009/02/24 14:10:29 | 00,011,009 | ---- | M] (Avira GmbH)
avevtrc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\avevtrc.dll -> [2009/02/24 14:10:29 | 00,011,009 | ---- | M] (Avira GmbH)
avevtrc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\avevtrc.dll -> [2009/02/24 14:10:29 | 00,011,009 | ---- | M] (Avira GmbH)
avevtrc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\avevtrc.dll -> [2009/02/24 14:10:29 | 00,011,009 | ---- | M] (Avira GmbH)
avevtrc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\avevtrc.dll -> [2009/02/24 14:10:29 | 00,011,009 | ---- | M] (Avira GmbH)
updgui.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\updgui.dll -> [2009/02/24 12:16:36 | 00,117,505 | ---- | M] (Avira GmbH)
updgui.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\updgui.dll -> [2009/02/24 12:16:36 | 00,117,505 | ---- | M] (Avira GmbH)
updgui.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\updgui.dll -> [2009/02/24 12:16:36 | 00,117,505 | ---- | M] (Avira GmbH)
updgui.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\updgui.dll -> [2009/02/24 12:16:36 | 00,117,505 | ---- | M] (Avira GmbH)
updgui.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\updgui.dll -> [2009/02/24 12:16:36 | 00,117,505 | ---- | M] (Avira GmbH)
avscan.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avscan.exe -> [2009/02/24 12:13:26 | 00,464,641 | ---- | M] (Avira GmbH)
avscan.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avscan.exe -> [2009/02/24 12:13:26 | 00,464,641 | ---- | M] (Avira GmbH)
avscan.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avscan.exe -> [2009/02/24 12:13:26 | 00,464,641 | ---- | M] (Avira GmbH)
avscan.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avscan.exe -> [2009/02/24 12:13:26 | 00,464,641 | ---- | M] (Avira GmbH)
avscan.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avscan.exe -> [2009/02/24 12:13:26 | 00,464,641 | ---- | M] (Avira GmbH)
luke.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\luke.dll -> [2009/02/20 11:35:49 | 00,209,665 | ---- | M] (Avira GmbH)
luke.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\luke.dll -> [2009/02/20 11:35:49 | 00,209,665 | ---- | M] (Avira GmbH)
luke.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\luke.dll -> [2009/02/20 11:35:49 | 00,209,665 | ---- | M] (Avira GmbH)
luke.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\luke.dll -> [2009/02/20 11:35:49 | 00,209,665 | ---- | M] (Avira GmbH)
luke.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\luke.dll -> [2009/02/20 11:35:49 | 00,209,665 | ---- | M] (Avira GmbH)
ccsched.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccsched.dll -> [2009/02/20 11:34:41 | 00,303,361 | ---- | M] (Avira GmbH)
ccsched.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccsched.dll -> [2009/02/20 11:34:41 | 00,303,361 | ---- | M] (Avira GmbH)
ccsched.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccsched.dll -> [2009/02/20 11:34:41 | 00,303,361 | ---- | M] (Avira GmbH)
ccsched.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccsched.dll -> [2009/02/20 11:34:41 | 00,303,361 | ---- | M] (Avira GmbH)
ccsched.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccsched.dll -> [2009/02/20 11:34:41 | 00,303,361 | ---- | M] (Avira GmbH)
ccprofil.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccprofil.dll -> [2009/02/20 11:33:26 | 00,386,817 | ---- | M] (Avira GmbH)
ccprofil.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccprofil.dll -> [2009/02/20 11:33:26 | 00,386,817 | ---- | M] (Avira GmbH)
ccprofil.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccprofil.dll -> [2009/02/20 11:33:26 | 00,386,817 | ---- | M] (Avira GmbH)
ccprofil.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccprofil.dll -> [2009/02/20 11:33:26 | 00,386,817 | ---- | M] (Avira GmbH)
ccprofil.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccprofil.dll -> [2009/02/20 11:33:26 | 00,386,817 | ---- | M] (Avira GmbH)
avconfig.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avconfig.exe -> [2009/02/20 11:25:14 | 00,271,617 | ---- | M] (Avira GmbH)
avconfig.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avconfig.exe -> [2009/02/20 11:25:14 | 00,271,617 | ---- | M] (Avira GmbH)
avconfig.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avconfig.exe -> [2009/02/20 11:25:14 | 00,271,617 | ---- | M] (Avira GmbH)
avconfig.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avconfig.exe -> [2009/02/20 11:25:14 | 00,271,617 | ---- | M] (Avira GmbH)
avconfig.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avconfig.exe -> [2009/02/20 11:25:14 | 00,271,617 | ---- | M] (Avira GmbH)
aecore.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aecore.dll -> [2009/02/17 14:22:44 | 00,176,501 | ---- | M] (Avira GmbH)
aecore.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aecore.dll -> [2009/02/17 14:22:44 | 00,176,501 | ---- | M] (Avira GmbH)
aecore.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aecore.dll -> [2009/02/17 14:22:44 | 00,176,501 | ---- | M] (Avira GmbH)
aecore.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aecore.dll -> [2009/02/17 14:22:44 | 00,176,501 | ---- | M] (Avira GmbH)
aecore.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aecore.dll -> [2009/02/17 14:22:44 | 00,176,501 | ---- | M] (Avira GmbH)
drm_dialogs.dll -> %UserProfile%\AppData\Local\Temp\drm_dialogs.dll -> [2009/02/16 01:39:36 | 00,065,536 | ---- | M] (Sony DADC Austria AG)
drm_dyndata_7370012.dll -> %UserProfile%\AppData\Local\Temp\drm_dyndata_7370012.dll -> [2009/02/16 01:39:30 | 00,208,896 | ---- | M] (Sony DADC Austria AG)
updext.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\updext.dll -> [2009/02/13 15:01:24 | 00,079,105 | ---- | M] (Avira GmbH)
updext.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\updext.dll -> [2009/02/13 15:01:24 | 00,079,105 | ---- | M] (Avira GmbH)
updext.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\updext.dll -> [2009/02/13 15:01:24 | 00,079,105 | ---- | M] (Avira GmbH)
updext.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\updext.dll -> [2009/02/13 15:01:24 | 00,079,105 | ---- | M] (Avira GmbH)
updext.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\updext.dll -> [2009/02/13 15:01:24 | 00,079,105 | ---- | M] (Avira GmbH)
ccev.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccev.dll -> [2009/02/13 12:11:26 | 00,314,625 | ---- | M] (Avira GmbH)
ccev.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccev.dll -> [2009/02/13 12:11:26 | 00,314,625 | ---- | M] (Avira GmbH)
ccev.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccev.dll -> [2009/02/13 12:11:26 | 00,314,625 | ---- | M] (Avira GmbH)
ccev.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccev.dll -> [2009/02/13 12:11:26 | 00,314,625 | ---- | M] (Avira GmbH)
ccev.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccev.dll -> [2009/02/13 12:11:26 | 00,314,625 | ---- | M] (Avira GmbH)
avwsc.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avwsc.exe -> [2009/02/13 11:54:45 | 00,116,008 | ---- | M] (Avira GmbH)
avwsc.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avwsc.exe -> [2009/02/13 11:54:45 | 00,116,008 | ---- | M] (Avira GmbH)
avwsc.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avwsc.exe -> [2009/02/13 11:54:45 | 00,116,008 | ---- | M] (Avira GmbH)
avwsc.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avwsc.exe -> [2009/02/13 11:54:45 | 00,116,008 | ---- | M] (Avira GmbH)
avwsc.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avwsc.exe -> [2009/02/13 11:54:45 | 00,116,008 | ---- | M] (Avira GmbH)
wsctool.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\wsctool.exe -> [2009/02/13 11:44:31 | 00,080,728 | ---- | M] (Avira GmbH)
wsctool.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\wsctool.exe -> [2009/02/13 11:44:31 | 00,080,728 | ---- | M] (Avira GmbH)
wsctool.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\wsctool.exe -> [2009/02/13 11:44:31 | 00,080,728 | ---- | M] (Avira GmbH)
wsctool.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\wsctool.exe -> [2009/02/13 11:44:31 | 00,080,728 | ---- | M] (Avira GmbH)
wsctool.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\wsctool.exe -> [2009/02/13 11:44:31 | 00,080,728 | ---- | M] (Avira GmbH)
avadmin.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avadmin.exe -> [2009/02/13 11:43:29 | 00,118,616 | ---- | M] (Avira GmbH)
avadmin.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avadmin.exe -> [2009/02/13 11:43:29 | 00,118,616 | ---- | M] (Avira GmbH)
avadmin.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avadmin.exe -> [2009/02/13 11:43:29 | 00,118,616 | ---- | M] (Avira GmbH)
avadmin.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avadmin.exe -> [2009/02/13 11:43:29 | 00,118,616 | ---- | M] (Avira GmbH)
avadmin.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avadmin.exe -> [2009/02/13 11:43:29 | 00,118,616 | ---- | M] (Avira GmbH)
shlext64.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\shlext64.dll -> [2009/02/13 11:36:19 | 00,359,768 | ---- | M] (Avira GmbH)
shlext64.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\shlext64.dll -> [2009/02/13 11:36:19 | 00,359,768 | ---- | M] (Avira GmbH)
shlext64.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\shlext64.dll -> [2009/02/13 11:36:19 | 00,359,768 | ---- | M] (Avira GmbH)
shlext64.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\shlext64.dll -> [2009/02/13 11:36:19 | 00,359,768 | ---- | M] (Avira GmbH)
shlext64.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\shlext64.dll -> [2009/02/13 11:36:19 | 00,359,768 | ---- | M] (Avira GmbH)
avwmi.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avwmi.dll -> [2009/02/12 12:47:37 | 00,212,225 | ---- | M] (Avira GmbH)
avwmi.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avwmi.dll -> [2009/02/12 12:47:37 | 00,212,225 | ---- | M] (Avira GmbH)
avwmi.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avwmi.dll -> [2009/02/12 12:47:37 | 00,212,225 | ---- | M] (Avira GmbH)
avwmi.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avwmi.dll -> [2009/02/12 12:47:37 | 00,212,225 | ---- | M] (Avira GmbH)
avwmi.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avwmi.dll -> [2009/02/12 12:47:37 | 00,212,225 | ---- | M] (Avira GmbH)
cfglib.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\cfglib.dll -> [2009/02/12 11:48:50 | 00,059,649 | ---- | M] (Avira GmbH)
cfglib.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\cfglib.dll -> [2009/02/12 11:48:50 | 00,059,649 | ---- | M] (Avira GmbH)
cfglib.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\cfglib.dll -> [2009/02/12 11:48:50 | 00,059,649 | ---- | M] (Avira GmbH)
cfglib.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\cfglib.dll -> [2009/02/12 11:48:50 | 00,059,649 | ---- | M] (Avira GmbH)
cfglib.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\cfglib.dll -> [2009/02/12 11:48:50 | 00,059,649 | ---- | M] (Avira GmbH)
aescn.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aescn.dll -> [2009/02/12 11:44:25 | 00,127,347 | ---- | M] (Avira GmbH)
aescn.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aescn.dll -> [2009/02/12 11:44:25 | 00,127,347 | ---- | M] (Avira GmbH)
aescn.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aescn.dll -> [2009/02/12 11:44:25 | 00,127,347 | ---- | M] (Avira GmbH)
aescn.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aescn.dll -> [2009/02/12 11:44:25 | 00,127,347 | ---- | M] (Avira GmbH)
aescn.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aescn.dll -> [2009/02/12 11:44:25 | 00,127,347 | ---- | M] (Avira GmbH)
fact.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\fact.exe -> [2009/02/11 10:38:28 | 00,293,633 | ---- | M] (Avira GmbH)
fact.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\fact.exe -> [2009/02/11 10:38:28 | 00,293,633 | ---- | M] (Avira GmbH)
fact.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\fact.exe -> [2009/02/11 10:38:28 | 00,293,633 | ---- | M] (Avira GmbH)
fact.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\fact.exe -> [2009/02/11 10:38:28 | 00,293,633 | ---- | M] (Avira GmbH)
fact.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\fact.exe -> [2009/02/11 10:38:28 | 00,293,633 | ---- | M] (Avira GmbH)
prodinfo.dat -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\prodinfo.dat -> [2009/02/10 10:41:57 | 00,000,538 | ---- | M] ()
prodinfo.dat -> %SystemRoot%\Temp\AVSETUP_49c5422e\prodinfo.dat -> [2009/02/10 10:41:57 | 00,000,538 | ---- | M] ()
prodinfo.dat -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\prodinfo.dat -> [2009/02/10 10:41:57 | 00,000,538 | ---- | M] ()
prodinfo.dat -> %SystemRoot%\Temp\AVSETUP_49c1380a\prodinfo.dat -> [2009/02/10 10:41:57 | 00,000,538 | ---- | M] ()
prodinfo.dat -> %SystemRoot%\Temp\AVSETUP_49c0c89f\prodinfo.dat -> [2009/02/10 10:41:57 | 00,000,538 | ---- | M] ()
rcimage.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\rcimage.dll -> [2009/02/09 11:45:45 | 02,438,401 | ---- | M] (Avira GmbH)
rcimage.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\rcimage.dll -> [2009/02/09 11:45:45 | 02,438,401 | ---- | M] (Avira GmbH)
rcimage.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\rcimage.dll -> [2009/02/09 11:45:45 | 02,438,401 | ---- | M] (Avira GmbH)
rcimage.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\rcimage.dll -> [2009/02/09 11:45:45 | 02,438,401 | ---- | M] (Avira GmbH)
rcimage.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\rcimage.dll -> [2009/02/09 11:45:45 | 02,438,401 | ---- | M] (Avira GmbH)
avarkt.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avarkt.dll -> [2009/02/09 07:52:24 | 00,292,609 | ---- | M] (Avira GmbH)
avarkt.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avarkt.dll -> [2009/02/09 07:52:24 | 00,292,609 | ---- | M] (Avira GmbH)
avarkt.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avarkt.dll -> [2009/02/09 07:52:24 | 00,292,609 | ---- | M] (Avira GmbH)
avarkt.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avarkt.dll -> [2009/02/09 07:52:24 | 00,292,609 | ---- | M] (Avira GmbH)
avarkt.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avarkt.dll -> [2009/02/09 07:52:24 | 00,292,609 | ---- | M] (Avira GmbH)
setupprf.dat -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\setupprf.dat -> [2009/02/04 14:32:36 | 00,000,802 | ---- | M] ()
setupprf.dat -> %SystemRoot%\Temp\AVSETUP_49c5422e\setupprf.dat -> [2009/02/04 14:32:36 | 00,000,802 | ---- | M] ()
setupprf.dat -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\setupprf.dat -> [2009/02/04 14:32:36 | 00,000,802 | ---- | M] ()
setupprf.dat -> %SystemRoot%\Temp\AVSETUP_49c1380a\setupprf.dat -> [2009/02/04 14:32:36 | 00,000,802 | ---- | M] ()
setupprf.dat -> %SystemRoot%\Temp\AVSETUP_49c0c89f\setupprf.dat -> [2009/02/04 14:32:36 | 00,000,802 | ---- | M] ()
avinet.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avinet.dll -> [2009/02/04 09:07:04 | 00,013,569 | ---- | M] (Avira GmbH)
avinet.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avinet.dll -> [2009/02/04 09:07:04 | 00,013,569 | ---- | M] (Avira GmbH)
avinet.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avinet.dll -> [2009/02/04 09:07:04 | 00,013,569 | ---- | M] (Avira GmbH)
avinet.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avinet.dll -> [2009/02/04 09:07:04 | 00,013,569 | ---- | M] (Avira GmbH)
avinet.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avinet.dll -> [2009/02/04 09:07:04 | 00,013,569 | ---- | M] (Avira GmbH)
wksstats.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\wksstats.dll -> [2009/02/02 08:25:21 | 00,085,249 | ---- | M] (Avira GmbH)
wksstats.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\wksstats.dll -> [2009/02/02 08:25:21 | 00,085,249 | ---- | M] (Avira GmbH)
wksstats.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\wksstats.dll -> [2009/02/02 08:25:21 | 00,085,249 | ---- | M] (Avira GmbH)
wksstats.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\wksstats.dll -> [2009/02/02 08:25:21 | 00,085,249 | ---- | M] (Avira GmbH)
wksstats.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\wksstats.dll -> [2009/02/02 08:25:21 | 00,085,249 | ---- | M] (Avira GmbH)
smtplib.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\smtplib.dll -> [2009/02/02 08:21:33 | 00,028,417 | ---- | M] (Avira GmbH)
smtplib.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\smtplib.dll -> [2009/02/02 08:21:33 | 00,028,417 | ---- | M] (Avira GmbH)
smtplib.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\smtplib.dll -> [2009/02/02 08:21:33 | 00,028,417 | ---- | M] (Avira GmbH)
smtplib.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\smtplib.dll -> [2009/02/02 08:21:33 | 00,028,417 | ---- | M] (Avira GmbH)
smtplib.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\smtplib.dll -> [2009/02/02 08:21:33 | 00,028,417 | ---- | M] (Avira GmbH)
ccupdate.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccupdate.dll -> [2009/02/02 08:20:20 | 00,167,681 | ---- | M] (Avira GmbH)
ccupdate.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccupdate.dll -> [2009/02/02 08:20:20 | 00,167,681 | ---- | M] (Avira GmbH)
ccupdate.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccupdate.dll -> [2009/02/02 08:20:20 | 00,167,681 | ---- | M] (Avira GmbH)
ccupdate.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccupdate.dll -> [2009/02/02 08:20:20 | 00,167,681 | ---- | M] (Avira GmbH)
ccupdate.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccupdate.dll -> [2009/02/02 08:20:20 | 00,167,681 | ---- | M] (Avira GmbH)
ccreport.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccreport.dll -> [2009/02/02 08:18:25 | 00,282,881 | ---- | M] (Avira GmbH)
ccreport.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccreport.dll -> [2009/02/02 08:18:25 | 00,282,881 | ---- | M] (Avira GmbH)
ccreport.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccreport.dll -> [2009/02/02 08:18:25 | 00,282,881 | ---- | M] (Avira GmbH)
ccreport.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccreport.dll -> [2009/02/02 08:18:25 | 00,282,881 | ---- | M] (Avira GmbH)
ccreport.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccreport.dll -> [2009/02/02 08:18:25 | 00,282,881 | ---- | M] (Avira GmbH)
ccguard.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccguard.dll -> [2009/02/02 08:15:25 | 00,226,049 | ---- | M] (Avira GmbH)
ccguard.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccguard.dll -> [2009/02/02 08:15:25 | 00,226,049 | ---- | M] (Avira GmbH)
ccguard.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccguard.dll -> [2009/02/02 08:15:25 | 00,226,049 | ---- | M] (Avira GmbH)
ccguard.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccguard.dll -> [2009/02/02 08:15:25 | 00,226,049 | ---- | M] (Avira GmbH)
ccguard.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccguard.dll -> [2009/02/02 08:15:25 | 00,226,049 | ---- | M] (Avira GmbH)
cclib.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\cclib.dll -> [2009/01/30 10:58:30 | 00,211,713 | ---- | M] (Avira GmbH)
cclib.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\cclib.dll -> [2009/01/30 10:58:30 | 00,211,713 | ---- | M] (Avira GmbH)
cclib.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\cclib.dll -> [2009/01/30 10:58:30 | 00,211,713 | ---- | M] (Avira GmbH)
cclib.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\cclib.dll -> [2009/01/30 10:58:30 | 00,211,713 | ---- | M] (Avira GmbH)
cclib.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\cclib.dll -> [2009/01/30 10:58:30 | 00,211,713 | ---- | M] (Avira GmbH)
ccmsg.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\ccmsg.dll -> [2009/01/30 10:56:30 | 00,173,825 | ---- | M] (Avira GmbH)
ccmsg.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\ccmsg.dll -> [2009/01/30 10:56:30 | 00,173,825 | ---- | M] (Avira GmbH)
ccmsg.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\ccmsg.dll -> [2009/01/30 10:56:30 | 00,173,825 | ---- | M] (Avira GmbH)
ccmsg.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\ccmsg.dll -> [2009/01/30 10:56:30 | 00,173,825 | ---- | M] (Avira GmbH)
ccmsg.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\ccmsg.dll -> [2009/01/30 10:56:30 | 00,173,825 | ---- | M] (Avira GmbH)
licmgr.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\licmgr.exe -> [2009/01/30 10:50:20 | 00,131,841 | ---- | M] (Avira GmbH)
licmgr.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\licmgr.exe -> [2009/01/30 10:50:20 | 00,131,841 | ---- | M] (Avira GmbH)
licmgr.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\licmgr.exe -> [2009/01/30 10:50:20 | 00,131,841 | ---- | M] (Avira GmbH)
licmgr.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\licmgr.exe -> [2009/01/30 10:50:20 | 00,131,841 | ---- | M] (Avira GmbH)
licmgr.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\licmgr.exe -> [2009/01/30 10:50:20 | 00,131,841 | ---- | M] (Avira GmbH)
guardgui.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\guardgui.exe -> [2009/01/30 10:49:25 | 00,049,409 | ---- | M] (Avira GmbH)
guardgui.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\guardgui.exe -> [2009/01/30 10:49:25 | 00,049,409 | ---- | M] (Avira GmbH)
guardgui.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\guardgui.exe -> [2009/01/30 10:49:25 | 00,049,409 | ---- | M] (Avira GmbH)
guardgui.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\guardgui.exe -> [2009/01/30 10:49:25 | 00,049,409 | ---- | M] (Avira GmbH)
guardgui.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\guardgui.exe -> [2009/01/30 10:49:25 | 00,049,409 | ---- | M] (Avira GmbH)
cclic.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\cclic.dll -> [2009/01/30 10:44:12 | 00,057,089 | ---- | M] (Avira GmbH)
cclic.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\cclic.dll -> [2009/01/30 10:44:12 | 00,057,089 | ---- | M] (Avira GmbH)
cclic.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\cclic.dll -> [2009/01/30 10:44:12 | 00,057,089 | ---- | M] (Avira GmbH)
cclic.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\cclic.dll -> [2009/01/30 10:44:12 | 00,057,089 | ---- | M] (Avira GmbH)
cclic.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\cclic.dll -> [2009/01/30 10:44:12 | 00,057,089 | ---- | M] (Avira GmbH)
avevtlog.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avevtlog.dll -> [2009/01/30 10:37:08 | 00,167,169 | ---- | M] (Avira GmbH)
avevtlog.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avevtlog.dll -> [2009/01/30 10:37:08 | 00,167,169 | ---- | M] (Avira GmbH)
avevtlog.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avevtlog.dll -> [2009/01/30 10:37:08 | 00,167,169 | ---- | M] (Avira GmbH)
avevtlog.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avevtlog.dll -> [2009/01/30 10:37:08 | 00,167,169 | ---- | M] (Avira GmbH)
avevtlog.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avevtlog.dll -> [2009/01/30 10:37:08 | 00,167,169 | ---- | M] (Avira GmbH)
avcenter.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avcenter.exe -> [2009/01/30 10:33:40 | 00,469,761 | ---- | M] (Avira GmbH)
avcenter.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avcenter.exe -> [2009/01/30 10:33:40 | 00,469,761 | ---- | M] (Avira GmbH)
avcenter.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avcenter.exe -> [2009/01/30 10:33:40 | 00,469,761 | ---- | M] (Avira GmbH)
avcenter.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avcenter.exe -> [2009/01/30 10:33:40 | 00,469,761 | ---- | M] (Avira GmbH)
avcenter.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avcenter.exe -> [2009/01/30 10:33:40 | 00,469,761 | ---- | M] (Avira GmbH)
unacev2.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\unacev2.dll -> [2009/01/30 10:27:57 | 00,077,312 | ---- | M] (ACE Compression Software)
unacev2.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\unacev2.dll -> [2009/01/30 10:27:57 | 00,077,312 | ---- | M] (ACE Compression Software)
unacev2.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\unacev2.dll -> [2009/01/30 10:27:57 | 00,077,312 | ---- | M] (ACE Compression Software)
unacev2.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\unacev2.dll -> [2009/01/30 10:27:57 | 00,077,312 | ---- | M] (ACE Compression Software)
unacev2.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\unacev2.dll -> [2009/01/30 10:27:57 | 00,077,312 | ---- | M] (ACE Compression Software)
presetup.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\presetup.exe -> [2009/01/29 07:42:43 | 00,277,249 | ---- | M] (Avira GmbH)
presetup.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\presetup.exe -> [2009/01/29 07:42:43 | 00,277,249 | ---- | M] (Avira GmbH)
presetup.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\presetup.exe -> [2009/01/29 07:42:43 | 00,277,249 | ---- | M] (Avira GmbH)
presetup.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\presetup.exe -> [2009/01/29 07:42:43 | 00,277,249 | ---- | M] (Avira GmbH)
presetup.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\presetup.exe -> [2009/01/29 07:42:43 | 00,277,249 | ---- | M] (Avira GmbH)
sqlite3.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\sqlite3.dll -> [2009/01/28 15:03:49 | 00,326,401 | ---- | M] ()
sqlite3.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\sqlite3.dll -> [2009/01/28 15:03:49 | 00,326,401 | ---- | M] ()
sqlite3.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\sqlite3.dll -> [2009/01/28 15:03:49 | 00,326,401 | ---- | M] ()
sqlite3.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\sqlite3.dll -> [2009/01/28 15:03:49 | 00,326,401 | ---- | M] ()
sqlite3.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\sqlite3.dll -> [2009/01/28 15:03:49 | 00,326,401 | ---- | M] ()
aevdf.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aevdf.dll -> [2009/01/27 17:36:42 | 00,106,868 | ---- | M] (Avira GmbH)
aevdf.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aevdf.dll -> [2009/01/27 17:36:42 | 00,106,868 | ---- | M] (Avira GmbH)
aevdf.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aevdf.dll -> [2009/01/27 17:36:42 | 00,106,868 | ---- | M] (Avira GmbH)
aevdf.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aevdf.dll -> [2009/01/27 17:36:42 | 00,106,868 | ---- | M] (Avira GmbH)
aevdf.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aevdf.dll -> [2009/01/27 17:36:42 | 00,106,868 | ---- | M] (Avira GmbH)
shlext.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\shlext.dll -> [2009/01/26 11:46:41 | 00,086,273 | ---- | M] (Avira GmbH)
shlext.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\shlext.dll -> [2009/01/26 11:46:41 | 00,086,273 | ---- | M] (Avira GmbH)
shlext.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\shlext.dll -> [2009/01/26 11:46:41 | 00,086,273 | ---- | M] (Avira GmbH)
shlext.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\shlext.dll -> [2009/01/26 11:46:41 | 00,086,273 | ---- | M] (Avira GmbH)
shlext.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\shlext.dll -> [2009/01/26 11:46:41 | 00,086,273 | ---- | M] (Avira GmbH)
avnotify.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avnotify.exe -> [2009/01/26 10:26:45 | 00,198,913 | ---- | M] (Avira GmbH)
avnotify.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avnotify.exe -> [2009/01/26 10:26:45 | 00,198,913 | ---- | M] (Avira GmbH)
avnotify.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avnotify.exe -> [2009/01/26 10:26:45 | 00,198,913 | ---- | M] (Avira GmbH)
avnotify.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avnotify.exe -> [2009/01/26 10:26:45 | 00,198,913 | ---- | M] (Avira GmbH)
avnotify.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avnotify.exe -> [2009/01/26 10:26:45 | 00,198,913 | ---- | M] (Avira GmbH)
avgio.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avgio.dll -> [2009/01/22 08:05:25 | 00,072,449 | ---- | M] (Avira GmbH)
avgio.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avgio.dll -> [2009/01/22 08:05:25 | 00,072,449 | ---- | M] (Avira GmbH)
avgio.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avgio.dll -> [2009/01/22 08:05:25 | 00,072,449 | ---- | M] (Avira GmbH)
avgio.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avgio.dll -> [2009/01/22 08:05:25 | 00,072,449 | ---- | M] (Avira GmbH)
avgio.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avgio.dll -> [2009/01/22 08:05:25 | 00,072,449 | ---- | M] (Avira GmbH)
avrep.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avrep.dll -> [2009/01/20 14:34:28 | 00,155,905 | ---- | M] (Avira GmbH)
avrep.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avrep.dll -> [2009/01/20 14:34:28 | 00,155,905 | ---- | M] (Avira GmbH)
avrep.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avrep.dll -> [2009/01/20 14:34:28 | 00,155,905 | ---- | M] (Avira GmbH)
avrep.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avrep.dll -> [2009/01/20 14:34:28 | 00,155,905 | ---- | M] (Avira GmbH)
avrep.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avrep.dll -> [2009/01/20 14:34:28 | 00,155,905 | ---- | M] (Avira GmbH)
avwinll.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avwinll.dll -> [2008/12/12 08:47:59 | 00,018,177 | ---- | M] (Avira GmbH)
avwinll.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avwinll.dll -> [2008/12/12 08:47:59 | 00,018,177 | ---- | M] (Avira GmbH)
avwinll.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avwinll.dll -> [2008/12/12 08:47:59 | 00,018,177 | ---- | M] (Avira GmbH)
avwinll.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avwinll.dll -> [2008/12/12 08:47:59 | 00,018,177 | ---- | M] (Avira GmbH)
avwinll.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avwinll.dll -> [2008/12/12 08:47:59 | 00,018,177 | ---- | M] (Avira GmbH)
vcredist_x86.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\vcredist_x86.exe -> [2008/12/05 10:32:22 | 04,216,840 | ---- | M] (Microsoft Corporation)
vcredist_x86.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\vcredist_x86.exe -> [2008/12/05 10:32:22 | 04,216,840 | ---- | M] (Microsoft Corporation)
vcredist_x86.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\vcredist_x86.exe -> [2008/12/05 10:32:22 | 04,216,840 | ---- | M] (Microsoft Corporation)
vcredist_x86.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\vcredist_x86.exe -> [2008/12/05 10:32:22 | 04,216,840 | ---- | M] (Microsoft Corporation)
vcredist_x86.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\vcredist_x86.exe -> [2008/12/05 10:32:22 | 04,216,840 | ---- | M] (Microsoft Corporation)
scewxmlw.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\scewxmlw.dll -> [2008/12/05 10:32:20 | 00,126,721 | ---- | M] ()
scewxmlw.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\scewxmlw.dll -> [2008/12/05 10:32:20 | 00,126,721 | ---- | M] ()
scewxmlw.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\scewxmlw.dll -> [2008/12/05 10:32:20 | 00,126,721 | ---- | M] ()
scewxmlw.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\scewxmlw.dll -> [2008/12/05 10:32:20 | 00,126,721 | ---- | M] ()
scewxmlw.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\scewxmlw.dll -> [2008/12/05 10:32:20 | 00,126,721 | ---- | M] ()
mgrs.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\mgrs.dll -> [2008/12/05 10:32:19 | 00,103,681 | ---- | M] (Avira GmbH)
mgrs.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\mgrs.dll -> [2008/12/05 10:32:19 | 00,103,681 | ---- | M] (Avira GmbH)
mgrs.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\mgrs.dll -> [2008/12/05 10:32:19 | 00,103,681 | ---- | M] (Avira GmbH)
mgrs.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\mgrs.dll -> [2008/12/05 10:32:19 | 00,103,681 | ---- | M] (Avira GmbH)
mgrs.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\mgrs.dll -> [2008/12/05 10:32:19 | 00,103,681 | ---- | M] (Avira GmbH)
msgclient.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\msgclient.dll -> [2008/12/05 10:32:19 | 00,015,617 | ---- | M] (Avira GmbH)
msgclient.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\msgclient.dll -> [2008/12/05 10:32:19 | 00,015,617 | ---- | M] (Avira GmbH)
msgclient.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\msgclient.dll -> [2008/12/05 10:32:19 | 00,015,617 | ---- | M] (Avira GmbH)
msgclient.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\msgclient.dll -> [2008/12/05 10:32:19 | 00,015,617 | ---- | M] (Avira GmbH)
msgclient.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\msgclient.dll -> [2008/12/05 10:32:19 | 00,015,617 | ---- | M] (Avira GmbH)
imp64b.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\imp64b.exe -> [2008/12/05 10:32:18 | 00,045,313 | ---- | M] (Avira GmbH)
imp64b.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\imp64b.exe -> [2008/12/05 10:32:18 | 00,045,313 | ---- | M] (Avira GmbH)
imp64b.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\imp64b.exe -> [2008/12/05 10:32:18 | 00,045,313 | ---- | M] (Avira GmbH)
imp64b.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\imp64b.exe -> [2008/12/05 10:32:18 | 00,045,313 | ---- | M] (Avira GmbH)
imp64b.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\imp64b.exe -> [2008/12/05 10:32:18 | 00,045,313 | ---- | M] (Avira GmbH)
cctpc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\cctpc.dll -> [2008/12/05 10:32:17 | 00,351,489 | ---- | M] (Avira GmbH)
cctpc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\cctpc.dll -> [2008/12/05 10:32:17 | 00,351,489 | ---- | M] (Avira GmbH)
cctpc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\cctpc.dll -> [2008/12/05 10:32:17 | 00,351,489 | ---- | M] (Avira GmbH)
cctpc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\cctpc.dll -> [2008/12/05 10:32:17 | 00,351,489 | ---- | M] (Avira GmbH)
cctpc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\cctpc.dll -> [2008/12/05 10:32:17 | 00,351,489 | ---- | M] (Avira GmbH)
avipc.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avipc.dll -> [2008/12/05 10:32:15 | 00,062,209 | ---- | M] (Avira GmbH)
avipc.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avipc.dll -> [2008/12/05 10:32:15 | 00,062,209 | ---- | M] (Avira GmbH)
avipc.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avipc.dll -> [2008/12/05 10:32:15 | 00,062,209 | ---- | M] (Avira GmbH)
avipc.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avipc.dll -> [2008/12/05 10:32:15 | 00,062,209 | ---- | M] (Avira GmbH)
avipc.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avipc.dll -> [2008/12/05 10:32:15 | 00,062,209 | ---- | M] (Avira GmbH)
avpref.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avpref.dll -> [2008/12/05 10:32:15 | 00,043,777 | ---- | M] (Avira GmbH)
avpref.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avpref.dll -> [2008/12/05 10:32:15 | 00,043,777 | ---- | M] (Avira GmbH)
avpref.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avpref.dll -> [2008/12/05 10:32:15 | 00,043,777 | ---- | M] (Avira GmbH)
avpref.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avpref.dll -> [2008/12/05 10:32:15 | 00,043,777 | ---- | M] (Avira GmbH)
avpref.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avpref.dll -> [2008/12/05 10:32:15 | 00,043,777 | ---- | M] (Avira GmbH)
avscan.dat -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avscan.dat -> [2008/12/05 10:32:15 | 00,001,115 | ---- | M] ()
avscan.dat -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avscan.dat -> [2008/12/05 10:32:15 | 00,001,115 | ---- | M] ()
avscan.dat -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avscan.dat -> [2008/12/05 10:32:15 | 00,001,115 | ---- | M] ()
avscan.dat -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avscan.dat -> [2008/12/05 10:32:15 | 00,001,115 | ---- | M] ()
avscan.dat -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avscan.dat -> [2008/12/05 10:32:15 | 00,001,115 | ---- | M] ()
netnt.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\netnt.dll -> [2008/12/05 10:32:10 | 00,011,521 | ---- | M] (Avira GmbH)
netnt.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\netnt.dll -> [2008/12/05 10:32:10 | 00,011,521 | ---- | M] (Avira GmbH)
netnt.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\netnt.dll -> [2008/12/05 10:32:10 | 00,011,521 | ---- | M] (Avira GmbH)
netnt.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\netnt.dll -> [2008/12/05 10:32:10 | 00,011,521 | ---- | M] (Avira GmbH)
netnt.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\netnt.dll -> [2008/12/05 10:32:10 | 00,011,521 | ---- | M] (Avira GmbH)
AVReg.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\AVReg.dll -> [2008/12/05 10:32:09 | 00,036,609 | ---- | M] (Avira GmbH)
AVReg.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\AVReg.dll -> [2008/12/05 10:32:09 | 00,036,609 | ---- | M] (Avira GmbH)
AVReg.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\AVReg.dll -> [2008/12/05 10:32:09 | 00,036,609 | ---- | M] (Avira GmbH)
AVReg.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\AVReg.dll -> [2008/12/05 10:32:09 | 00,036,609 | ---- | M] (Avira GmbH)
AVReg.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\AVReg.dll -> [2008/12/05 10:32:09 | 00,036,609 | ---- | M] (Avira GmbH)
jre-6u11-windows-i586-p-iftw.exe -> %UserProfile%\AppData\Local\Temp\jre-6u11-windows-i586-p-iftw.exe -> [2008/11/25 20:49:07 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.)
avupgsvc.exe -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\avupgsvc.exe -> [2008/11/22 10:18:05 | 00,037,633 | ---- | M] (Avira GmbH)
avupgsvc.exe -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\avupgsvc.exe -> [2008/11/22 10:18:05 | 00,037,633 | ---- | M] (Avira GmbH)
avupgsvc.exe -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\avupgsvc.exe -> [2008/11/22 10:18:05 | 00,037,633 | ---- | M] (Avira GmbH)
avupgsvc.exe -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\avupgsvc.exe -> [2008/11/22 10:18:05 | 00,037,633 | ---- | M] (Avira GmbH)
avupgsvc.exe -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\avupgsvc.exe -> [2008/11/22 10:18:05 | 00,037,633 | ---- | M] (Avira GmbH)
aerdl.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aerdl.dll -> [2008/10/29 18:24:41 | 00,438,645 | ---- | M] (Avira GmbH)
aerdl.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aerdl.dll -> [2008/10/29 18:24:41 | 00,438,645 | ---- | M] (Avira GmbH)
aerdl.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aerdl.dll -> [2008/10/29 18:24:41 | 00,438,645 | ---- | M] (Avira GmbH)
aerdl.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aerdl.dll -> [2008/10/29 18:24:41 | 00,438,645 | ---- | M] (Avira GmbH)
aerdl.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aerdl.dll -> [2008/10/29 18:24:41 | 00,438,645 | ---- | M] (Avira GmbH)
aeemu.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aeemu.dll -> [2008/10/09 14:32:40 | 00,393,588 | ---- | M] (Avira GmbH)
aeemu.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aeemu.dll -> [2008/10/09 14:32:40 | 00,393,588 | ---- | M] (Avira GmbH)
aeemu.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aeemu.dll -> [2008/10/09 14:32:40 | 00,393,588 | ---- | M] (Avira GmbH)
aeemu.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aeemu.dll -> [2008/10/09 14:32:40 | 00,393,588 | ---- | M] (Avira GmbH)
aeemu.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aeemu.dll -> [2008/10/09 14:32:40 | 00,393,588 | ---- | M] (Avira GmbH)
aebb.dll -> %UserProfile%\AppData\Local\Temp\AVSETUP_49c48eb8\basic\aebb.dll -> [2008/10/09 14:32:40 | 00,053,618 | ---- | M] (Avira GmbH)
aebb.dll -> %SystemRoot%\Temp\AVSETUP_49c5422e\basic\aebb.dll -> [2008/10/09 14:32:40 | 00,053,618 | ---- | M] (Avira GmbH)
aebb.dll -> %SystemRoot%\Temp\AVSETUP_49c2d0ed\basic\aebb.dll -> [2008/10/09 14:32:40 | 00,053,618 | ---- | M] (Avira GmbH)
aebb.dll -> %SystemRoot%\Temp\AVSETUP_49c1380a\basic\aebb.dll -> [2008/10/09 14:32:40 | 00,053,618 | ---- | M] (Avira GmbH)
aebb.dll -> %SystemRoot%\Temp\AVSETUP_49c0c89f\basic\aebb.dll -> [2008/10/09 14:32:40 | 00,053,618 | ---- | M] (Avira GmbH)
Mom and Sis.dat -> %AllUsersProfile%\Microsoft\User Account Pictures\Mom and Sis.dat -> [2008/09/29 02:59:46 | 00,000,000 | ---- | M] ()
Tobias.dat -> %AllUsersProfile%\Microsoft\User Account Pictures\Tobias.dat -> [2008/09/29 02:05:25 | 00,000,000 | ---- | M] ()
sporder.dll -> %UserProfile%\AppData\Local\Temp\7zSA331.tmp\sporder.dll -> [2007/08/07 12:01:30 | 00,008,464 | ---- | M] (Microsoft Corporation)
DXSETUP.exe -> %UserProfile%\AppData\Local\Temp\AUG2005DXREDIST\DXSETUP.exe -> [2005/07/26 15:23:16 | 00,482,000 | R--- | M] (Microsoft Corporation)
dsetup32.dll -> %UserProfile%\AppData\Local\Temp\AUG2005DXREDIST\dsetup32.dll -> [2005/07/26 15:23:14 | 02,245,840 | R--- | M] (Microsoft Corporation)
DSETUP.dll -> %UserProfile%\AppData\Local\Temp\AUG2005DXREDIST\DSETUP.dll -> [2005/07/26 15:23:14 | 00,075,472 | R--- | M] (Microsoft Corporation)
< End of report >
[/code]

Had to break it up into two parts.

katana
2009-03-26, 13:21
There is no obvious sign of infection so far .....


Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.

First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.




Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt






Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.

Tobias Nightbringer
2009-03-26, 22:56
Here is the Malwarebytes Log

Malwarebytes' Anti-Malware 1.34
Database version: 1903
Windows 6.0.6001 Service Pack 1

3/26/2009 1:54:29 PM
mbam-log-2009-03-26 (13-54-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 275596
Time elapsed: 1 hour(s), 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Tobias Nightbringer
2009-03-26, 22:58
Disregard that last log. This is the 'updated' log after deleting the infected Registry Data File.

Malwarebytes' Anti-Malware 1.34
Database version: 1903
Windows 6.0.6001 Service Pack 1

3/26/2009 1:57:29 PM
mbam-log-2009-03-26 (13-57-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 275596
Time elapsed: 1 hour(s), 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Tobias Nightbringer
2009-03-27, 01:31
Active Scan

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-03-26 16:29:42
PROTECTIONS: 2
MALWARE: 23
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
COMODO Defense+ 3.5 No Yes
Windows Defender 1.1.1505.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\mom_and_sis@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\mom_and_sis@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@tradedoubler[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@mediaplex[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@clickbank[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@statcounter[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@bs.serving-sys[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@ads.pointroll[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\mom_and_sis@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@zedo[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@adrevolver[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@atwola[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location $����39
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description $����39
;===================================================================================================================================================================================
;===================================================================================================================================================================================

katana
2009-03-27, 15:36
Nothing to worry about there, just a few cookies.

Let's make sure there is nothing hiding .....


Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

Tobias Nightbringer
2009-03-29, 10:06
I apologize for the late response. Life threw me a curve ball so I haven't been online in the last few days.

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-03-27 13:32:54
Windows 6.0.6001 Service Pack 1


---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM (size mismatch) 294912/262144 bytes

---- EOF - GMER 1.0.15 ----

katana
2009-03-29, 19:32
Well, I am fairly sure that your machine is infection free :bigthumb:

From your description of the problem, it sounds as if one of the programs you use is corrupting the registry.

Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.

When you start your thread, explain what the problem is and let them know that you have been checked for malware.

Tobias Nightbringer
2009-03-30, 12:48
HUZZAH! Thank you so very much :) Very much appreciate all of your help and patience!