Please help me with my questions. I executed a file that I downloaded and thought was a legit program. It was but the install .exe was bundled with some malware that did drop 2 files in a Temp dir. in the Documents and Settings. I executed the original .exe as Untrusted and DW did nothing to tell me (other then in the Log) about those file drops. But Avira did catch them and then I closed Avira so that the two malware-exe:s could land fine on my hdd the second time. Now comes the strange. DW tells me under "Files and registry tracks that there are 2 .exe dropped but when I click "You have x untrusted processes running" only one of the malwares is listed (as untrusted). No sign of the other (I did cancel the original install). When I change view to "Untrusted applications" on top there are no signs of the 2 malwares. "Event Log" shows them and I can see that both tried to delete a service in Windows so they are both active. I don't know if they did succeed in deleting the service because DW don't tell wich one got attacked. And it continues: when I push "Stop attack" DW tells me that I have 0 untrusted applications running. Fine. But when I search for the two malware-exe:s they are both still on my hdd (in the Temp dir. as before). And DW says both are Trusted when I right click. So my questions: Why do DW let 2 files drop on my hdd without automatically telling me with a popup (now I need to examine the Log inside the program) and why do DW drop files from a installer that I run as UNTRUSTED? And why are those drops Trusted when the installer that they came from where untrusted? I have Windows XP SP3, NO firewall and DW 2.56. Thanks in advance.