View Full Version : Virtumode.dll Smitfraud-C infections
AmerikanMade
2008-08-30, 00:50
Start from Hijacklog then since I messed up.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:33 PM, on 8/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FAD232F6-9956-45C7-847F-E6AF01862A29} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218142267093
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll mdxlnm.dll
O20 - Winlogon Notify: fccbYpQh - C:\WINDOWS\
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - (no file)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 5730 bytes
Awaiting further instructions if you choose to help.
--------------------------------
Split off from previous topic: http://forums.spybot.info/showthread.php?t=33363
Please don't add posts to this thread until someone responds, thanks.
Hi AmerikanMade
Please download OTViewIt (http://oldtimer.geekstogo.com/OTViewIt.exe) by OldTimer and save it to your Desktop.
Close all applications and windows.
Double-click on the OTViewIt.exeto start OTViewIt.
Place a checkmark in the blue-colored "Scan All Users" checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
AmerikanMade
2008-09-01, 13:23
Okay here's OTViewIt.txt
OTViewIt logfile created on: 9/1/2008 6:13:53 AM - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\AmerikanMade\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.37% Memory free
3.35 Gb Paging File | 2.56 Gb Available in Paging File | 76.52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 79.63 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive D: | 152.66 Gb Total Space | 29.82 Gb Free Space | 19.53% Space Free | Partition Type: NTFS
Drive E: | 671.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BEAR-N7E5YNP0TL
Current User Name: AmerikanMade
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
===== Processes - Non-Microsoft Only =====
[08/29/2008 12:38 AM | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe
[02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[12/13/1999 01:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE
[08/18/2008 10:47 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe
[08/07/2008 04:49 PM | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgrsx.exe
[08/29/2008 12:38 AM | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgemc.exe
[09/17/2003 10:43 AM | 00,057,344 | ---- | M] (Creative Technology Ltd) - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
[06/18/2003 01:00 AM | 00,045,056 | ---- | M] (Creative Technology Ltd) - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
[10/08/2005 04:27 PM | 00,155,648 | ---- | M] () - C:\Program Files\Razer\Copperhead\razerhid.exe
[08/03/2008 06:02 PM | 00,036,352 | ---- | M] () - C:\Program Files\Winamp\winampa.exe
[08/29/2008 12:38 AM | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgtray.exe
[10/08/2003 04:35 PM | 00,139,264 | ---- | M] (Creative Technology Ltd) - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[08/08/2008 07:11 AM | 00,490,952 | ---- | M] (DT Soft Ltd) - C:\Program Files\DAEMON Tools Lite\daemon.exe
[07/22/2005 03:00 PM | 00,147,456 | ---- | M] () - C:\Program Files\Razer\Copperhead\razertra.exe
[07/22/2005 03:02 PM | 00,159,744 | ---- | M] (Razer Inc.) - C:\Program Files\Razer\Copperhead\razerofa.exe
[08/12/2008 05:07 PM | 03,065,168 | ---- | M] (Xfire Inc.) - C:\Program Files\Xfire\xfire.exe
[08/27/2008 03:11 AM | 00,267,056 | ---- | M] (BitTorrent, Inc.) - C:\Program Files\uTorrent\uTorrent.exe
[07/02/2008 08:52 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
===== Win32 Services - Non-Microsoft Only =====
(avg8emc) AVG Free8 E-mail Scanner [Auto | Running]
[08/29/2008 12:38 AM | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgemc.exe
(avg8wd) AVG Free8 WatchDog [Auto | Running]
[08/29/2008 12:38 AM | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Auto | Running]
[02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running]
[12/13/1999 01:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[08/25/2008 03:00 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(PnkBstrA) PnkBstrA [Auto | Running]
[08/18/2008 10:47 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe
===== Driver Services - Non-Microsoft Only =====
(AvgLdx86) AVG Free AVI Loader Driver x86 [System | Running]
[08/29/2008 12:38 AM | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgldx86.sys
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [System | Running]
[08/07/2008 04:49 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgmfx86.sys
(AvgTdiX) AVG Free8 Network Redirector [Auto | Running]
[08/07/2008 04:49 PM | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgtdix.sys
(catchme) catchme [On_Demand | Stopped]
File not found - C:\DOCUME~1\AMERIK~1\LOCALS~1\Temp\catchme.sys
(ctac32k) Creative AC3 Software Decoder [On_Demand | Running]
[11/05/2003 01:26 AM | 00,645,392 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctac32k.sys
(ctaud2k) Creative Audio Driver (WDM) [On_Demand | Running]
[11/18/2003 09:13 PM | 00,366,160 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctaud2k.sys
(ctdvda2k) Creative DVD-Audio Device Driver [On_Demand | Stopped]
[10/13/2003 10:17 PM | 00,332,800 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctdvda2k.sys
(ctprxy2k) Creative Proxy Driver [On_Demand | Running]
[10/07/2003 09:08 PM | 00,006,096 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctprxy2k.sys
(ctsfm2k) Creative SoundFont Management Device Driver [On_Demand | Running]
[10/07/2003 09:09 PM | 00,130,288 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctsfm2k.sys
(emupia) E-mu Plug-in Architecture Driver [On_Demand | Running]
[10/13/2003 04:42 AM | 00,145,488 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\emupia2k.sys
(gdrv) gdrv [On_Demand | Stopped]
[08/07/2008 03:27 PM | 00,015,600 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\gdrv.sys
(ha10kx2k) Creative Hardware Abstract Layer Driver [On_Demand | Running]
[10/21/2003 04:26 AM | 00,904,496 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ha10kx2k.sys
(hap16v2k) Creative P16V HAL Driver [On_Demand | Running]
[10/21/2003 04:23 AM | 00,148,432 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\haP16v2k.sys
(ossrv) Creative OS Services Driver [On_Demand | Running]
[10/07/2003 09:06 PM | 00,178,672 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctoss2k.sys
(PfDetNT) PfDetNT [Auto | Running]
[03/05/2003 12:19 PM | 00,015,840 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\PfModNT.sys
(Razerlow) Razer Copperhead Driver [On_Demand | Running]
[08/12/2005 10:11 AM | 00,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) - C:\WINDOWS\system32\drivers\Razerlow.sys
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [On_Demand | Running]
[12/14/2006 03:44 AM | 00,085,120 | R--- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtnicxp.sys
(sptd) sptd [Boot | Running]
[08/09/2008 02:26 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys
========== Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" = ALCMTR.EXE [05/03/2005 05:43 AM | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"AVG8_TRAY" = C:\PROGRA~1\AVG\AVG8\avgtray.exe [08/29/2008 12:38 AM | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
"CTDVDDET" = C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE [06/18/2003 01:00 AM | 00,045,056 | ---- | M] (Creative Technology Ltd)
"CTHelper" = CTHELPER.EXE [10/06/2003 01:57 AM | 00,024,576 | ---- | M] (Creative Technology Ltd)
"CTSysVol" = C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r [09/17/2003 10:43 AM | 00,057,344 | ---- | M] (Creative Technology Ltd)
"googletalk" = C:\Program Files\Google\Google Talk\googletalk.exe /autostart [01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [05/16/2008 02:01 PM | 13,529,088 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [05/16/2008 02:01 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [05/16/2008 02:01 PM | 01,630,208 | ---- | M] ()
"razer" = C:\Program Files\Razer\Copperhead\razerhid.exe [10/08/2005 04:27 PM | 00,155,648 | ---- | M] ()
"RTHDCPL" = RTHDCPL.EXE [04/12/2007 04:33 AM | 16,132,608 | R--- | M] (Realtek Semiconductor Corp.)
"SBDrvDet" = C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r [12/03/2002 06:06 PM | 00,045,056 | ---- | M] (Creative Technology Ltd)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [08/07/2008 04:55 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"UpdReg" = C:\WINDOWS\UpdReg.EXE [05/11/2000 01:00 AM | 00,090,112 | ---- | M] (Creative Technology Ltd.)
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [08/03/2008 06:02 PM | 00,036,352 | ---- | M] ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [08/08/2008 07:11 AM | 00,490,952 | ---- | M] (DT Soft Ltd)
"RemoteCenter" = C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [10/08/2003 04:35 PM | 00,139,264 | ---- | M] (Creative Technology Ltd)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [08/08/2008 07:11 AM | 00,490,952 | ---- | M] (DT Soft Ltd)
"RemoteCenter" = C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [10/08/2003 04:35 PM | 00,139,264 | ---- | M] (Creative Technology Ltd)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
========== Startup Folders ==========
[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[AmerikanMade Startup Folder - C:\Documents and Settings\AmerikanMade\Start Menu\Programs\Startup]
[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]
========== BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAD232F6-9956-45C7-847F-E6AF01862A29}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
========== Toolbars ==========
========== AppInit_Dlls ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"avgrsstx.dll mdxlnm.dll" - File not found
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E2B532CC-0605-40D4-9659-54B020ABCEC3}" =
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - File not found C:\WINDOWS\system32\fccbYpQh.dll
========== Shared Task Scheduler ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{020487CC-FC04-4B1E-863F-D9801796230B}" = Windows Installer Class
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
"IPC Configuration Utility" = IPC Configuration Utility
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
========== HKLM Security Providers ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders]
"msapsspc.dll schannel.dll digest.dll msnsspc.dll" - File not found
========== HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 07:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 07:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 07:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 07:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
========== User's Winlogon Settings ==========
========== Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbYpQh]
"DllName" = File not found
========== Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
========== Lsa Authentication Packages ==========
========== Lsa Security Packages ==========
========== Desktop Components ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "Privacy Protection"
"Source" = ""
"SubscribedURL" = ""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"
========== Safeboot Options ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe
========== Disabled MsConfig Items ==========
Unable to open key or key not present!
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[08/07/2008 03:06 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]
AUTOEXEC.BAT []
[04/23/2008 02:50 AM | 00,000,000 | ---- | M] () D:\AUTOEXEC.BAT [ NTFS ]
Autorun.exe [MZ | ]
[05/22/2005 05:51 PM | 01,187,840 | R--- | M] () E:\Autorun.exe [ CDFS ]
Autorun.inf [[autorun] | icon=BF2.ico | open=Autorun.exe | ]
[05/22/2005 05:51 PM | 00,000,043 | R--- | M] () E:\Autorun.inf [ CDFS ]
autorun []
[05/22/2005 05:51 PM | 01,187,840 | R--- | M] () E:\autorun.exe [ CDFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef9180a4-7401-11dd-bc1b-806d6172696f}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
"" = AutoRun
========== DNS Name Servers ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8CD67773-E4D7-4962-A7FD-FE5599BE8820}]
Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C2300693-818B-416A-8F6C-9040726D1EBC}]
Servers: | Description: 1394 Net Adapter
========== Hosts File ==========
HOSTS File = (262036 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
....continued in next post
AmerikanMade
2008-09-01, 13:24
========== Files/Folders - Created Within 30 days ==========
[08/07/2008 03:06 PM | 00,000,000 | ---- | C] () - C:\AUTOEXEC.BAT
[08/07/2008 03:06 PM | 00,000,000 | ---- | C] () - C:\CONFIG.SYS
[08/07/2008 03:06 PM | 00,000,000 | RHS- | C] () - C:\IO.SYS
[08/07/2008 03:06 PM | 00,000,000 | RHS- | C] () - C:\MSDOS.SYS
[08/07/2008 03:22 PM | -HSD | C] - C:\System Volume Information
[08/07/2008 03:26 PM | ---D | C] - C:\Intel
[08/07/2008 04:10 PM | ---D | C] - C:\NVIDIA
[08/07/2008 05:01 PM | -HSD | C] - C:\Config.Msi
[08/07/2008 05:06 PM | ---D | C] - C:\6967c0f4693cd3a6a2ab
[08/07/2008 05:06 PM | ---D | C] - C:\e3f2084b8a7afd93af503c4e
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS
[08/07/2008 09:56 AM | 00,000,211 | RHS- | C] () - C:\boot.ini
[08/07/2008 09:57 AM | ---D | C] - C:\Documents and Settings
[08/07/2008 09:58 AM | R--D | C] - C:\Program Files
[08/08/2008 02:55 AM | -HSD | C] - C:\RECYCLER
[08/08/2008 08:04 PM | -H-D | C] - C:\$AVG8.VAULT$
[08/29/2008 07:26 AM | ---D | C] - C:\SDFix
[08/29/2008 09:40 AM | ---D | C] - C:\rsit
[08/07/2008 03:05 PM | 00,000,984 | ---- | C] () - C:\WINDOWS\System32\dllcache\srframe.mmf
[08/07/2008 03:06 PM | 04,399,505 | ---- | C] () - C:\WINDOWS\System32\dllcache\nls302en.lex
[08/07/2008 03:07 PM | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esucmd.dll
[08/07/2008 03:07 PM | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esunid.dll
[08/07/2008 03:07 PM | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) - C:\WINDOWS\System32\dllcache\cap7146.sys
[08/07/2008 03:07 PM | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esuimgd.dll
[08/07/2008 03:07 PM | 00,059,392 | ---- | C] () - C:\WINDOWS\System32\dllcache\imscinst.exe
[08/07/2008 03:07 PM | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia001.dll
[08/07/2008 03:07 PM | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia330.dll
[08/07/2008 03:07 PM | 00,108,827 | ---- | C] () - C:\WINDOWS\System32\dllcache\hanja.lex
[08/07/2008 03:07 PM | 00,134,339 | ---- | C] () - C:\WINDOWS\System32\dllcache\imekr.lex
[08/07/2008 03:07 PM | 00,173,568 | ---- | C] () - C:\WINDOWS\System32\dllcache\chtskf.dll
[08/07/2008 03:07 PM | 00,175,104 | ---- | C] () - C:\WINDOWS\System32\dllcache\pintlcsa.dll
[08/07/2008 03:07 PM | 00,196,665 | ---- | C] () - C:\WINDOWS\System32\dllcache\imjpinst.exe
[08/07/2008 03:07 PM | 01,158,818 | ---- | C] () - C:\WINDOWS\System32\dllcache\korwbrkr.lex
[08/07/2008 03:07 PM | 13,463,552 | ---- | C] () - C:\WINDOWS\System32\dllcache\hwxjpn.dll
[08/07/2008 03:35 PM | 00,036,864 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\dllcache\sfman32.dll
[08/07/2008 04:40 PM | 00,000,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapp.gif
[08/07/2008 04:40 PM | 00,000,760 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapph.gif
[08/07/2008 04:40 PM | 00,000,772 | ---- | C] () - C:\WINDOWS\System32\dllcache\cntd.gif
[08/07/2008 04:40 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnt.gif
[08/07/2008 04:40 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnth.gif
[08/07/2008 04:40 PM | 00,000,999 | ---- | C] () - C:\WINDOWS\System32\dllcache\bktrh.gif
[08/07/2008 04:40 PM | 00,006,878 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.js
[08/07/2008 04:40 PM | 00,008,298 | ---- | C] () - C:\WINDOWS\System32\dllcache\contents.htm
[08/07/2008 04:40 PM | 00,009,585 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.css
[08/07/2008 04:40 PM | 00,184,959 | ---- | C] () - C:\WINDOWS\System32\dllcache\compact.wmz
[08/07/2008 04:40 PM | 00,381,425 | ---- | C] () - C:\WINDOWS\System32\dllcache\copycd.wmv
[08/07/2008 04:40 PM | 00,498,742 | ---- | C] () - C:\WINDOWS\System32\dllcache\dxmasf.dll
[08/07/2008 04:41 PM | 00,000,403 | ---- | C] () - C:\WINDOWS\System32\dllcache\npdrmv2.zip
[08/07/2008 04:41 PM | 00,000,420 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmploc.js
[08/07/2008 04:41 PM | 00,000,733 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst15.wpl
[08/07/2008 04:41 PM | 00,000,775 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst14.wpl
[08/07/2008 04:41 PM | 00,000,783 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst13.wpl
[08/07/2008 04:41 PM | 00,000,784 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst9.wpl
[08/07/2008 04:41 PM | 00,000,787 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst10.wpl
[08/07/2008 04:41 PM | 00,000,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst11.wpl
[08/07/2008 04:41 PM | 00,000,855 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpocm.inf
[08/07/2008 04:41 PM | 00,000,908 | ---- | C] () - C:\WINDOWS\System32\dllcache\skins.inf
[08/07/2008 04:41 PM | 00,001,036 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst8.wpl
[08/07/2008 04:41 PM | 00,001,046 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst7.wpl
[08/07/2008 04:41 PM | 00,001,049 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst2.wpl
[08/07/2008 04:41 PM | 00,001,148 | ---- | C] () - C:\WINDOWS\System32\dllcache\snd.htm
[08/07/2008 04:41 PM | 00,001,250 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst1.wpl
[08/07/2008 04:41 PM | 00,001,367 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoffh.gif
[08/07/2008 04:41 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoff.gif
[08/07/2008 04:41 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taonh.gif
[08/07/2008 04:41 PM | 00,001,398 | ---- | C] () - C:\WINDOWS\System32\dllcache\taon.gif
[08/07/2008 04:41 PM | 00,001,448 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst4.wpl
[08/07/2008 04:41 PM | 00,001,451 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst12.wpl
[08/07/2008 04:41 PM | 00,001,474 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst3.wpl
[08/07/2008 04:41 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst5.wpl
[08/07/2008 04:41 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst6.wpl
[08/07/2008 04:41 PM | 00,001,771 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.css
[08/07/2008 04:41 PM | 00,001,885 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.cnt
[08/07/2008 04:41 PM | 00,002,371 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpauseh.gif
[08/07/2008 04:41 PM | 00,002,375 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplayh.gif
[08/07/2008 04:41 PM | 00,002,450 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpause.gif
[08/07/2008 04:41 PM | 00,002,469 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplay.gif
[08/07/2008 04:41 PM | 00,002,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm5.gif
[08/07/2008 04:41 PM | 00,002,545 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogo.gif
[08/07/2008 04:41 PM | 00,002,778 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogoh.gif
[08/07/2008 04:41 PM | 00,003,187 | ---- | C] () - C:\WINDOWS\System32\dllcache\tour.js
[08/07/2008 04:41 PM | 00,004,126 | ---- | C] () - C:\WINDOWS\System32\dllcache\msdxmlc.dll
[08/07/2008 04:41 PM | 00,004,193 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm8.gif
[08/07/2008 04:41 PM | 00,005,290 | ---- | C] () - C:\WINDOWS\System32\dllcache\vidsamp.gif
[08/07/2008 04:41 PM | 00,005,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm1.gif
[08/07/2008 04:41 PM | 00,005,971 | ---- | C] () - C:\WINDOWS\System32\dllcache\events.js
[08/07/2008 04:41 PM | 00,006,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm6.gif
[08/07/2008 04:41 PM | 00,006,241 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm3.gif
[08/07/2008 04:41 PM | 00,006,769 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmfsdk.inf
[08/07/2008 04:41 PM | 00,007,369 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm4.gif
[08/07/2008 04:41 PM | 00,007,636 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm2.gif
[08/07/2008 04:41 PM | 00,007,892 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm9.gif
[08/07/2008 04:41 PM | 00,008,677 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm7.gif
[08/07/2008 04:41 PM | 00,010,457 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.hta
[08/07/2008 04:41 PM | 00,017,272 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmdm.inf
[08/07/2008 04:41 PM | 00,017,489 | ---- | C] () - C:\WINDOWS\System32\dllcache\videobg.gif
[08/07/2008 04:41 PM | 00,018,286 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.inf
[08/07/2008 04:41 PM | 00,022,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\npds.zip
[08/07/2008 04:41 PM | 00,023,195 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplay.chm
[08/07/2008 04:41 PM | 00,023,829 | ---- | C] () - C:\WINDOWS\System32\dllcache\tourbg.gif
[08/07/2008 04:41 PM | 00,029,070 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmp.inf
[08/07/2008 04:41 PM | 00,066,725 | ---- | C] () - C:\WINDOWS\System32\dllcache\revert.wmz
[08/07/2008 04:41 PM | 00,069,612 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.adm
[08/07/2008 04:41 PM | 00,077,307 | ---- | C] () - C:\WINDOWS\System32\dllcache\plyr_err.chm
[08/07/2008 04:41 PM | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) - C:\WINDOWS\System32\dllcache\sl_anet.acm
[08/07/2008 04:41 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud2.wav
[08/07/2008 04:41 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud4.wav
[08/07/2008 04:41 PM | 00,086,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud5.wav
[08/07/2008 04:41 PM | 00,097,117 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.hlp
[08/07/2008 04:41 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud3.wav
[08/07/2008 04:41 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud8.wav
[08/07/2008 04:41 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud9.wav
[08/07/2008 04:41 PM | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) - C:\WINDOWS\System32\dllcache\l3codeca.acm
[08/07/2008 04:41 PM | 00,300,969 | ---- | C] () - C:\WINDOWS\System32\dllcache\viz.wmv
[08/07/2008 04:41 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud6.wav
[08/07/2008 04:41 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud7.wav
[08/07/2008 04:41 PM | 00,354,468 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud1.wav
[08/07/2008 04:41 PM | 00,375,519 | ---- | C] () - C:\WINDOWS\System32\dllcache\nuskin.wmv
[08/07/2008 04:41 PM | 00,457,607 | ---- | C] () - C:\WINDOWS\System32\dllcache\mdlib.wmv
[08/07/2008 04:41 PM | 00,572,557 | ---- | C] () - C:\WINDOWS\System32\dllcache\rtuner.wmv
[08/07/2008 04:41 PM | 00,613,334 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.chm
[08/07/2008 04:41 PM | 00,844,314 | ---- | C] () - C:\WINDOWS\System32\dllcache\msdxm.ocx
[08/07/2008 09:58 AM | 00,000,888 | ---- | C] () - C:\WINDOWS\System32\dllcache\sam.sdf
[08/07/2008 09:58 AM | 00,007,382 | ---- | C] () - C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[08/07/2008 09:58 AM | 00,008,574 | ---- | C] () - C:\WINDOWS\System32\dllcache\IASNT4.CAT
[08/07/2008 09:58 AM | 00,024,661 | ---- | C] (Perle Systems Ltd.) - C:\WINDOWS\System32\dllcache\spxcoins.dll
[08/07/2008 09:58 AM | 00,037,484 | ---- | C] () - C:\WINDOWS\System32\dllcache\MW770.CAT
[08/07/2008 09:58 AM | 00,399,645 | ---- | C] () - C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[08/07/2008 09:58 AM | 00,605,050 | ---- | C] () - C:\WINDOWS\System32\dllcache\r1033tts.lxa
[08/07/2008 09:58 AM | 00,643,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\ltts1033.lxa
[08/07/2008 09:58 AM | 00,797,189 | ---- | C] () - C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[08/07/2008 09:58 AM | 01,685,606 | ---- | C] () - C:\WINDOWS\System32\dllcache\sam.spd
[08/07/2008 04:49 PM | 00,080,727 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg
[08/07/2008 04:49 PM | 00,211,986 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[08/07/2008 04:49 PM | 06,061,540 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg
[08/07/2008 04:49 PM | 26,762,816 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/07/2008 04:15 PM | 00,000,734 | ---- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080807-161559.backup
[08/07/2008 04:16 PM | 00,257,725 | R--- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080807-161617.backup
[08/20/2008 11:33 AM | 00,257,725 | R--- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080820-113346.backup
[08/29/2008 03:02 AM | 00,260,784 | R--- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080829-030251.backup
[08/29/2008 07:57 AM | 00,000,686 | ---- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080829-075727.backup
[08/07/2008 05:06 PM | 00,000,000 | -H-- | C] () - C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[08/07/2008 03:28 PM | 00,085,120 | R--- | C] (Realtek Semiconductor Corporation ) - C:\WINDOWS\System32\drivers\Rtnicxp.sys
[08/07/2008 03:35 PM | 00,006,096 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctprxy2k.sys
[08/07/2008 03:35 PM | 00,012,160 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\drivers\CTGAME.SYS
[08/07/2008 03:35 PM | 00,015,840 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\drivers\PfModNT.sys
[08/07/2008 03:35 PM | 00,130,288 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctsfm2k.sys
[08/07/2008 03:35 PM | 00,145,488 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\emupia2k.sys
[08/07/2008 03:35 PM | 00,148,432 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\haP16v2k.sys
[08/07/2008 03:35 PM | 00,177,456 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\drivers\CTOSS9X.SYS
[08/07/2008 03:35 PM | 00,178,672 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\drivers\ctoss2k.sys
[08/07/2008 03:35 PM | 00,332,800 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctdvda2k.sys
[08/07/2008 03:35 PM | 00,366,160 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctaud2k.sys
[08/07/2008 03:35 PM | 00,645,392 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctac32k.sys
[08/07/2008 03:35 PM | 00,904,496 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ha10kx2k.sys
[08/07/2008 03:42 PM | 00,019,020 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) - C:\WINDOWS\System32\drivers\Razerlow.sys
[08/07/2008 03:42 PM | 00,162,900 | ---- | C] (Motorola) - C:\WINDOWS\System32\drivers\USBICP.sys
[08/07/2008 04:05 PM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[08/07/2008 04:49 PM | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys
[08/07/2008 04:49 PM | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgtdix.sys
[08/07/2008 04:49 PM | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys
[08/07/2008 04:49 PM | ---D | C] - C:\WINDOWS\System32\drivers\Avg
[08/07/2008 05:06 PM | ---D | C] - C:\WINDOWS\System32\drivers\UMDF
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\drivers\disdn
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\drivers\etc
[08/09/2008 02:26 AM | 00,717,296 | ---- | C] () - C:\WINDOWS\System32\drivers\sptd.sys
[08/18/2008 10:48 PM | 00,139,600 | ---- | C] () - C:\WINDOWS\System32\drivers\PnkBstrK.sys
[4 C:\WINDOWS\System32\*.tmp files]
[08/07/2008 03:04 PM | 00,000,768 | ---- | C] () - C:\WINDOWS\System32\msdtcprf.h
[08/07/2008 03:04 PM | 00,001,161 | ---- | C] () - C:\WINDOWS\System32\usrlogon.cmd
[08/07/2008 03:04 PM | 00,001,931 | ---- | C] () - C:\WINDOWS\System32\msdtcprf.ini
[08/07/2008 03:04 PM | 00,003,286 | ---- | C] () - C:\WINDOWS\System32\tslabels.h
[08/07/2008 03:04 PM | 00,013,223 | ---- | C] () - C:\WINDOWS\System32\tslabels.ini
[08/07/2008 03:04 PM | 00,063,488 | ---- | C] () - C:\WINDOWS\System32\wmimgmt.msc
[08/07/2008 03:04 PM | ---D | C] - C:\WINDOWS\System32\Com
[08/07/2008 03:04 PM | ---D | C] - C:\WINDOWS\System32\MsDtc
[08/07/2008 03:05 PM | 00,000,002 | ---- | C] () - C:\WINDOWS\System32\desktop.ini
[08/07/2008 03:05 PM | 00,021,640 | ---- | C] () - C:\WINDOWS\System32\emptyregdb.dat
[08/07/2008 03:05 PM | 00,032,768 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\isrdbg32.dll
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\System32\Macromed
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\System32\Restore
[08/07/2008 03:06 PM | 00,002,577 | ---- | C] () - C:\WINDOWS\System32\CONFIG.NT
[08/07/2008 03:06 PM | 00,016,832 | ---- | C] () - C:\WINDOWS\System32\amcompat.tlb
[08/07/2008 03:06 PM | 00,023,392 | ---- | C] () - C:\WINDOWS\System32\nscompat.tlb
[08/07/2008 03:06 PM | 00,025,065 | ---- | C] () - C:\WINDOWS\System32\wmpscheme.xml
[08/07/2008 03:06 PM | ---D | C] - C:\WINDOWS\System32\DirectX
[08/07/2008 03:07 PM | ---D | C] - C:\WINDOWS\System32\xircom
[08/07/2008 03:26 PM | ---D | C] - C:\WINDOWS\System32\DRVSTORE
[08/07/2008 03:26 PM | ---D | C] - C:\WINDOWS\System32\ReinstallBackups
[08/07/2008 03:26 PM | --SD | C] - C:\WINDOWS\System32\Microsoft
[08/07/2008 03:28 PM | 00,049,152 | R--- | C] () - C:\WINDOWS\System32\ChCfg.exe
[08/07/2008 03:28 PM | ---D | C] - C:\WINDOWS\System32\RTCOM
[08/07/2008 03:30 PM | 00,146,650 | ---- | C] () - C:\WINDOWS\System32\BuzzingBee.wav
[08/07/2008 03:30 PM | 00,940,794 | ---- | C] () - C:\WINDOWS\System32\LoopyMusic.wav
[08/07/2008 03:30 PM | ---D | C] - C:\WINDOWS\System32\Lang
[08/07/2008 03:31 PM | 00,018,070 | ---- | C] () - C:\WINDOWS\System32\nvdisp.nvu
[08/07/2008 03:31 PM | 00,177,091 | ---- | C] () - C:\WINDOWS\System32\nvapps.xml
[08/07/2008 03:33 PM | 00,013,646 | ---- | C] () - C:\WINDOWS\System32\wpa.bak
[08/07/2008 03:34 PM | 00,000,641 | ---- | C] () - C:\WINDOWS\System32\CTDetect.cnt
[08/07/2008 03:34 PM | 00,017,350 | ---- | C] () - C:\WINDOWS\System32\CTDetect.hlp
[08/07/2008 03:34 PM | 00,024,576 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\CTMERes.DLL
[08/07/2008 03:34 PM | 00,025,088 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTSVCCTL.EXE
[08/07/2008 03:34 PM | 00,044,032 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTSVCCDA.EXE
[08/07/2008 03:34 PM | 00,062,976 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\CTDetres.dll
[08/07/2008 03:34 PM | 00,139,264 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\Video.skn
[08/07/2008 03:34 PM | 00,331,776 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\CTMEDENG.DLL
[08/07/2008 03:34 PM | ---D | C] - C:\WINDOWS\System32\Win9X
[08/07/2008 03:35 PM | 00,000,059 | ---- | C] () - C:\WINDOWS\System32\DEFAULT.SFM
[08/07/2008 03:35 PM | 00,000,059 | ---- | C] () - C:\WINDOWS\System32\DEFAULT4.SFM
[08/07/2008 03:35 PM | 00,000,059 | ---- | C] () - C:\WINDOWS\System32\DEFAULT8.SFM
[08/07/2008 03:35 PM | 00,000,184 | ---- | C] () - C:\WINDOWS\System32\e000001.dat
[08/07/2008 03:35 PM | 00,000,194 | ---- | C] () - C:\WINDOWS\System32\KILL.INI
[08/07/2008 03:35 PM | 00,001,912 | ---- | C] () - C:\WINDOWS\System32\Audigy.bmp
[08/07/2008 03:35 PM | 00,005,515 | ---- | C] () - C:\WINDOWS\System32\ENSDEF.INI
[08/07/2008 03:35 PM | 00,006,760 | ---- | C] () - C:\WINDOWS\System32\CTGAME.VXD
[08/07/2008 03:35 PM | 00,007,406 | ---- | C] () - C:\WINDOWS\System32\SBAudigy.ico
[08/07/2008 03:35 PM | 00,012,288 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\AHQCpURes.dll
[08/07/2008 03:35 PM | 00,020,480 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\ENSDEF.EXE
[08/07/2008 03:35 PM | 00,024,576 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTHELPER.EXE
[08/07/2008 03:35 PM | 00,028,672 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTMMEP.DLL
[08/07/2008 03:35 PM | 00,032,768 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\AudioHQU.cpl
[08/07/2008 03:35 PM | 00,036,864 | ---- | C] () - C:\WINDOWS\System32\REGPLIB.EXE
[08/07/2008 03:35 PM | 00,036,864 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTEMUPIA.DLL
[08/07/2008 03:35 PM | 00,036,864 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\sfman32.dll
[08/07/2008 03:35 PM | 00,045,056 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTSPKHLP.DLL
[08/07/2008 03:35 PM | 00,053,248 | ---- | C] ( ) - C:\WINDOWS\System32\KILLAPPS.EXE
[08/07/2008 03:35 PM | 00,053,248 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\AC3API.DLL
[08/07/2008 03:35 PM | 00,053,932 | ---- | C] () - C:\WINDOWS\System32\ctdaught.dat
[08/07/2008 03:35 PM | 00,057,344 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTAGENT.DLL
[08/07/2008 03:35 PM | 00,065,536 | ---- | C] ( ) - C:\WINDOWS\System32\a3d.dll
[08/07/2008 03:35 PM | 00,069,632 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\System32\ctcoinst.dll
[08/07/2008 03:35 PM | 00,077,824 | ---- | C] (Creative Labs) - C:\WINDOWS\System32\EAXAC3.DLL
[08/07/2008 03:35 PM | 00,077,824 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\ctdvda32.dll
[08/07/2008 03:35 PM | 00,106,496 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTTHXCAL.DLL
[08/07/2008 03:35 PM | 00,110,592 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTDPROXY.DLL
[08/07/2008 03:35 PM | 00,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) - C:\WINDOWS\System32\OpenAL32.dll
[08/07/2008 03:35 PM | 00,112,411 | ---- | C] () - C:\WINDOWS\System32\CTBASICW.DAT
[08/07/2008 03:35 PM | 00,114,688 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\commonfx.dll
[08/07/2008 03:35 PM | 00,114,688 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\PIAPROXY.DLL
[08/07/2008 03:35 PM | 00,118,784 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTSCAL.DLL
[08/07/2008 03:35 PM | 00,126,976 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTASIO.DLL
[08/07/2008 03:35 PM | 00,139,264 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTDCIFCE.DLL
[08/07/2008 03:35 PM | 00,140,643 | ---- | C] () - C:\WINDOWS\System32\ctbas2w.dat
[08/07/2008 03:35 PM | 00,143,360 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\System32\ctdvinst.dll
[08/07/2008 03:35 PM | 00,159,744 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTOSUSER.DLL
[08/07/2008 03:35 PM | 00,172,032 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\SFMS32.DLL
[08/07/2008 03:35 PM | 00,217,272 | ---- | C] () - C:\WINDOWS\System32\ctdlang.dat
[08/07/2008 03:35 PM | 00,230,201 | ---- | C] () - C:\WINDOWS\System32\CTSBASW.DAT
[08/07/2008 03:35 PM | 00,264,466 | ---- | C] () - C:\WINDOWS\System32\ctsbas2w.dat
[08/07/2008 03:35 PM | 00,298,971 | ---- | C] () - C:\WINDOWS\System32\ctstatic.dat
[08/07/2008 03:35 PM | 00,327,680 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTDC0000.DLL
[08/07/2008 03:35 PM | 00,466,944 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTDC0001.DLL
[08/07/2008 03:35 PM | 00,585,728 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\ctaudfx.dll
[08/07/2008 03:35 PM | 00,606,208 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\ctsblfx.dll
[08/07/2008 03:35 PM | 01,048,576 | ---- | C] () - C:\WINDOWS\System32\CT1MGM.ROM
[08/07/2008 03:35 PM | 02,167,684 | ---- | C] () - C:\WINDOWS\System32\CT2MGM.SF2
[08/07/2008 03:35 PM | 02,259,067 | ---- | C] () - C:\WINDOWS\System32\DEFAULT.ECW
[08/07/2008 03:35 PM | 04,174,814 | ---- | C] () - C:\WINDOWS\System32\CT4MGM.SF2
[08/07/2008 03:36 PM | 00,000,175 | ---- | C] () - C:\WINDOWS\System32\ctzapxx.ini
[08/07/2008 03:36 PM | 00,014,336 | ---- | C] () - C:\WINDOWS\System32\msdmo.dll
[08/07/2008 03:36 PM | 00,033,280 | ---- | C] () - C:\WINDOWS\System32\psisrndr.ax
[08/07/2008 03:36 PM | 00,035,328 | ---- | C] () - C:\WINDOWS\System32\mciqtz32.dll
[08/07/2008 03:36 PM | 00,043,517 | ---- | C] () - C:\WINDOWS\System32\e10kxwdm.ini
[08/07/2008 03:36 PM | 00,054,784 | ---- | C] (Blue Sky Software Corporation.) - C:\WINDOWS\System32\INETWH32.DLL
[08/07/2008 03:36 PM | 00,056,832 | ---- | C] () - C:\WINDOWS\System32\msdvbnp.ax
[08/07/2008 03:36 PM | 00,059,904 | ---- | C] () - C:\WINDOWS\System32\devenum.dll
[08/07/2008 03:36 PM | 00,070,656 | ---- | C] () - C:\WINDOWS\System32\amstream.dll
[08/07/2008 03:36 PM | 00,082,432 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\CTWFLT32.DLL
[08/07/2008 03:36 PM | 00,084,992 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\SFCVRT32.DLL
[08/07/2008 03:36 PM | 00,118,272 | ---- | C] () - C:\WINDOWS\System32\mpeg2data.ax
[08/07/2008 03:36 PM | 00,148,992 | ---- | C] () - C:\WINDOWS\System32\mpg2splt.ax
[08/07/2008 03:36 PM | 00,192,512 | ---- | C] () - C:\WINDOWS\System32\qcap.dll
[08/07/2008 03:36 PM | 00,279,040 | ---- | C] () - C:\WINDOWS\System32\qdv.dll
[08/07/2008 03:36 PM | 00,363,520 | ---- | C] () - C:\WINDOWS\System32\psisdecd.dll
[08/07/2008 03:36 PM | 00,386,048 | ---- | C] () - C:\WINDOWS\System32\qdvd.dll
[08/07/2008 03:36 PM | 00,562,176 | ---- | C] () - C:\WINDOWS\System32\qedit.dll
[08/07/2008 03:36 PM | 00,733,696 | ---- | C] () - C:\WINDOWS\System32\qedwipes.dll
[08/07/2008 03:36 PM | 01,048,576 | ---- | C] () - C:\WINDOWS\System32\SFMAN.DAT
[08/07/2008 03:36 PM | 01,288,192 | ---- | C] () - C:\WINDOWS\System32\quartz.dll
[08/07/2008 03:36 PM | ---D | C] - C:\WINDOWS\System32\Data
[08/07/2008 03:36 PM | ---D | C] - C:\WINDOWS\System32\Defaults
[08/07/2008 03:37 PM | 01,746,360 | ---- | C] () - C:\WINDOWS\System32\CTAA1.DAT
[08/07/2008 03:38 PM | 00,000,384 | ---- | C] () - C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[08/07/2008 03:38 PM | 00,000,384 | ---- | C] () - C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[08/07/2008 03:38 PM | 00,001,080 | ---- | C] () - C:\WINDOWS\System32\settings.sfm
[08/07/2008 03:38 PM | 00,001,080 | ---- | C] () - C:\WINDOWS\System32\settingsbkup.sfm
[08/07/2008 03:38 PM | 00,030,528 | ---- | C] () - C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/07/2008 03:38 PM | 00,030,528 | ---- | C] () - C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/07/2008 03:38 PM | 00,031,056 | ---- | C] () - C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/07/2008 03:38 PM | 00,031,056 | ---- | C] () - C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/07/2008 03:40 PM | 00,011,815 | ---- | C] () - C:\WINDOWS\System32\CTHELPER.RPT
[08/07/2008 03:41 PM | 00,069,632 | ---- | C] (Razer Inc.) - C:\WINDOWS\System32\razer.cpl
[08/07/2008 03:53 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/07/2008 03:53 PM | ---D | C] - C:\WINDOWS\System32\PreInstall
[08/07/2008 04:05 PM | 00,004,569 | ---- | C] () - C:\WINDOWS\System32\secupd.dat
[08/07/2008 04:05 PM | 00,007,208 | ---- | C] () - C:\WINDOWS\System32\secupd.sig
[08/07/2008 04:10 PM | 00,186,407 | ---- | C] () - C:\WINDOWS\System32\nvapps.nvb
[08/07/2008 04:41 PM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[08/07/2008 04:49 PM | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll
[08/07/2008 04:52 PM | ---D | C] - C:\WINDOWS\System32\en
[08/07/2008 04:53 PM | ---D | C] - C:\WINDOWS\System32\en-us
[08/07/2008 04:53 PM | ---D | C] - C:\WINDOWS\System32\scripting
[08/07/2008 04:55 PM | 00,278,528 | ---- | C] (Real Networks, Inc) - C:\WINDOWS\System32\pncrt.dll
[08/07/2008 05:06 PM | ---D | C] - C:\WINDOWS\System32\LogFiles
[08/07/2008 05:22 PM | 00,225,280 | ---- | C] (Propellerhead Software AB) - C:\WINDOWS\System32\rewire.dll
[08/07/2008 05:22 PM | 01,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) - C:\WINDOWS\System32\vorbis.acm
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1025
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1028
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1031
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1033
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1037
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1041
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1042
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1054
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\2052
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\3076
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\3com_dmi
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\config
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\dhcp
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\drivers
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\export
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\ias
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\icsxml
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\IME
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\inetsrv
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\mui
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\npp
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\oobe
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\ras
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\Setup
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\ShellExt
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\spool
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\usmt
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\wbem
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\wins
[08/07/2008 09:54 AM | RHSD | C] - C:\WINDOWS\System32\dllcache
[08/07/2008 09:56 AM | 00,000,261 | ---- | C] () - C:\WINDOWS\System32\$winnt$.inf
[08/07/2008 09:57 AM | 01,393,864 | ---- | C] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/07/2008 09:57 AM | ---D | C] - C:\WINDOWS\System32\CatRoot
[08/07/2008 09:57 AM | ---D | C] - C:\WINDOWS\System32\CatRoot2
[08/07/2008 09:58 AM | 00,001,688 | ---- | C] () - C:\WINDOWS\System32\AUTOEXEC.NT
[08/07/2008 09:58 AM | 00,024,661 | ---- | C] (Perle Systems Ltd.) - C:\WINDOWS\System32\spxcoins.dll
[08/07/2008 09:58 AM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28594.NLS
[08/07/2008 09:58 AM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28595.NLS
[08/07/2008 09:58 AM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28597.NLS
[08/07/2008 09:58 AM | 00,356,120 | ---- | C] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/12/2008 05:07 PM | 00,042,320 | ---- | C] () - C:\WINDOWS\System32\xfcodec.dll
[08/18/2008 10:47 PM | 00,066,872 | ---- | C] () - C:\WINDOWS\System32\PnkBstrA.exe
[08/18/2008 10:48 PM | 00,111,928 | ---- | C] () - C:\WINDOWS\System32\PnkBstrB.exe
[08/21/2008 03:14 PM | ---D | C] - C:\WINDOWS\System32\SoftwareDistribution
[08/28/2008 06:20 PM | 00,413,696 | ---- | C] (Creative Labs) - C:\WINDOWS\System32\wrap_oal.dll
[08/29/2008 09:09 AM | 01,335,090 | -HS- | C] () - C:\WINDOWS\System32\nrnywrdn.ini
[5 C:\WINDOWS\*.tmp files]
[08/07/2008 03:05 PM | 00,000,002 | ---- | C] () - C:\WINDOWS\desktop.ini
[08/07/2008 03:05 PM | 00,000,036 | ---- | C] () - C:\WINDOWS\vb.ini
[08/07/2008 03:05 PM | 00,000,037 | ---- | C] () - C:\WINDOWS\vbaddin.ini
[08/07/2008 03:05 PM | 00,001,272 | ---- | C] () - C:\WINDOWS\Blue Lace 16.bmp
[08/07/2008 03:05 PM | 00,009,522 | ---- | C] () - C:\WINDOWS\Zapotec.bmp
[08/07/2008 03:05 PM | 00,016,730 | ---- | C] () - C:\WINDOWS\FeatherTexture.bmp
[08/07/2008 03:05 PM | 00,017,062 | ---- | C] () - C:\WINDOWS\Coffee Bean.bmp
[08/07/2008 03:05 PM | 00,017,336 | ---- | C] () - C:\WINDOWS\Gone Fishing.bmp
[08/07/2008 03:05 PM | 00,017,362 | ---- | C] () - C:\WINDOWS\Rhododendron.bmp
[08/07/2008 03:05 PM | 00,026,582 | ---- | C] () - C:\WINDOWS\Greenstone.bmp
[08/07/2008 03:05 PM | 00,026,680 | ---- | C] () - C:\WINDOWS\River Sumida.bmp
[08/07/2008 03:05 PM | 00,048,680 | -HS- | C] () - C:\WINDOWS\winnt.bmp
[08/07/2008 03:05 PM | 00,048,680 | -HS- | C] () - C:\WINDOWS\winnt256.bmp
[08/07/2008 03:05 PM | 00,065,832 | ---- | C] () - C:\WINDOWS\Santa Fe Stucco.bmp
[08/07/2008 03:05 PM | 00,065,954 | ---- | C] () - C:\WINDOWS\Prairie Wind.bmp
[08/07/2008 03:05 PM | 00,065,978 | ---- | C] () - C:\WINDOWS\Soap Bubbles.bmp
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\PCHealth
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\Registration
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\srchasst
[08/07/2008 03:05 PM | --SD | C] - C:\WINDOWS\Tasks
[08/07/2008 03:06 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\control.ini
[08/07/2008 03:06 PM | 00,000,749 | RH-- | C] () - C:\WINDOWS\WindowsShell.Manifest
[08/07/2008 03:06 PM | 00,299,552 | ---- | C] () - C:\WINDOWS\WMSysPrx.prx
[08/07/2008 03:06 PM | R--D | C] - C:\WINDOWS\Offline Web Pages
[08/07/2008 03:06 PM | --SD | C] - C:\WINDOWS\Downloaded Program Files
[08/07/2008 03:08 PM | 00,002,048 | --S- | C] () - C:\WINDOWS\bootstat.dat
[08/07/2008 03:22 PM | 00,008,192 | ---- | C] () - C:\WINDOWS\REGLOCS.OLD
[08/07/2008 03:23 PM | -HSD | C] - C:\WINDOWS\Installer
[08/07/2008 03:25 PM | 00,015,600 | ---- | C] (Windows (R) 2000 DDK provider) - C:\WINDOWS\gdrv.sys
[08/07/2008 03:27 PM | 02,808,832 | R--- | C] (RealTek Semicoductor Corp.) - C:\WINDOWS\alcwzrd.exe
[08/07/2008 03:28 PM | ---D | C] - C:\WINDOWS\OPTIONS
[08/07/2008 03:31 PM | ---D | C] - C:\WINDOWS\nview
[08/07/2008 03:33 PM | 00,000,099 | ---- | C] () - C:\WINDOWS\È
[08/07/2008 03:34 PM | 00,000,136 | ---- | C] () - C:\WINDOWS\SBWIN.INI
[08/07/2008 03:34 PM | 00,316,640 | ---- | C] () - C:\WINDOWS\WMSysPr9.prx
[08/07/2008 03:35 PM | 00,049,152 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\MIDIDEF.EXE
[08/07/2008 03:35 PM | 00,094,208 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\DEVREG.DLL
[08/07/2008 03:35 PM | 00,180,224 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\READREG.EXE
[08/07/2008 03:35 PM | 00,184,320 | ---- | C] () - C:\WINDOWS\PSCONV.EXE
[08/07/2008 03:35 PM | 03,382,863 | ---- | C] () - C:\WINDOWS\CTDV10K1.CDF
[08/07/2008 03:35 PM | 03,735,544 | ---- | C] () - C:\WINDOWS\CTDV10K2.CDF
[08/07/2008 03:35 PM | 04,932,148 | ---- | C] () - C:\WINDOWS\CTDVAUDY.CDF
[08/07/2008 03:36 PM | 00,000,231 | ---- | C] () - C:\WINDOWS\AC3API.INI
[08/07/2008 03:36 PM | 00,020,480 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\INRES.DLL
[08/07/2008 03:36 PM | 00,024,976 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\CTRES.DLL
[08/07/2008 03:36 PM | 00,049,152 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\CTDCRES.DLL
[08/07/2008 03:36 PM | 00,053,552 | ---- | C] (Creative® Technology Ltd.) - C:\WINDOWS\CTCCW.DLL
[08/07/2008 03:36 PM | 00,090,112 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\Updreg.EXE
[08/07/2008 03:36 PM | ---D | C] - C:\WINDOWS\RegisteredPackages
[08/07/2008 03:38 PM | 00,041,984 | ---- | C] (Creative Technology Ltd ) - C:\WINDOWS\Ctregrun.exe
[08/07/2008 03:40 PM | 04,933,048 | ---- | C] () - C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-20021102}.BAK
[08/07/2008 03:40 PM | 04,933,048 | ---- | C] () - C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-20021102}.CDF
[08/07/2008 03:51 PM | ---D | C] - C:\WINDOWS\SoftwareDistribution
[08/07/2008 03:53 PM | -H-D | C] - C:\WINDOWS\$hf_mig$
[08/07/2008 03:53 PM | -H-D | C] - C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[08/07/2008 04:03 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\nsreg.dat
[08/07/2008 04:06 PM | ---D | C] - C:\WINDOWS\EHome
[08/07/2008 04:06 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/07/2008 04:08 PM | ---D | C] - C:\WINDOWS\peernet
[08/07/2008 04:08 PM | ---D | C] - C:\WINDOWS\provisioning
[08/07/2008 04:08 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/07/2008 04:10 PM | ---D | C] - C:\WINDOWS\NV36602076.TMP
[08/07/2008 04:48 PM | ---D | C] - C:\WINDOWS\network diagnostic
[08/07/2008 04:52 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/07/2008 05:00 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\addins
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\AppPatch
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Config
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Connection Wizard
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Cursors
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Debug
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Driver Cache
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Help
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\ime
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\java
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Media
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\msagent
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\msapps
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\mui
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\repair
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Resources
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\security
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\system
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\system32
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Temp
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\twain_32
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\WinSxS
[08/07/2008 09:54 AM | -H-D | C] - C:\WINDOWS\inf
[08/07/2008 09:54 AM | R--D | C] - C:\WINDOWS\Web
[08/07/2008 09:54 AM | R-SD | C] - C:\WINDOWS\Fonts
[08/07/2008 09:58 AM | 00,001,374 | ---- | C] () - C:\WINDOWS\imsins.BAK
[08/07/2008 09:58 AM | 00,004,161 | ---- | C] () - C:\WINDOWS\ODBCINST.INI
[08/14/2008 09:13 PM | 00,000,025 | ---- | C] () - C:\WINDOWS\cdplayer.ini
[08/28/2008 06:20 PM | 00,000,000 | -H-- | C] () - C:\WINDOWS\SwSys1.bmp
[08/28/2008 06:20 PM | 00,000,000 | -H-- | C] () - C:\WINDOWS\SwSys2.bmp
[08/29/2008 04:12 AM | 00,000,095 | ---- | C] () - C:\WINDOWS\wininit.ini
[08/29/2008 07:31 AM | ---D | C] - C:\WINDOWS\ERUNT
[08/07/2008 03:05 PM | 00,000,065 | RH-- | C] () - C:\WINDOWS\tasks\desktop.ini
[08/07/2008 03:06 PM | 00,000,006 | -H-- | C] () - C:\WINDOWS\tasks\SA.DAT
[08/07/2008 03:58 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[08/07/2008 04:13 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/07/2008 04:49 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\avg8
[08/07/2008 09:57 AM | --SD | C] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/07/2008 09:58 AM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\All Users\Application Data\desktop.ini
[08/08/2008 04:54 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/25/2008 03:19 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\FLEXnet
[08/29/2008 02:55 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
[08/29/2008 08:53 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/07/2008 03:23 PM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\AmerikanMade\Application Data\desktop.ini
[08/07/2008 03:23 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Identities
[08/07/2008 03:23 PM | --SD | C] - C:\Documents and Settings\AmerikanMade\Application Data\Microsoft
[08/07/2008 03:28 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\InstallShield
[08/07/2008 03:36 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Creative
[08/07/2008 04:03 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Mozilla
[08/07/2008 04:07 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Adobe
[08/07/2008 04:07 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Macromedia
[08/07/2008 04:25 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Winamp
[08/07/2008 04:55 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Real
[08/07/2008 05:20 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\WinRAR
[08/08/2008 03:00 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\uTorrent
[08/08/2008 08:59 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\vlc
[08/09/2008 02:25 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\DAEMON Tools
[08/12/2008 12:27 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Ventrilo
[08/18/2008 10:37 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\InstallShield Installation Information
[08/19/2008 08:02 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Xfire
[08/29/2008 08:53 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Malwarebytes
[08/07/2008 03:23 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\Microsoft
[08/07/2008 04:03 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\Mozilla
[08/07/2008 04:20 PM | 00,013,104 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/07/2008 04:58 PM | 05,348,338 | -H-- | C] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\IconCache.db
[08/08/2008 04:56 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\Adobe
[08/08/2008 08:57 AM | 00,041,472 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/07/2008 03:04 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\My Videos
[08/07/2008 03:05 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\My Music
[08/07/2008 03:05 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\My Pictures
[08/07/2008 09:58 AM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\All Users\Documents\desktop.ini
[08/28/2008 06:20 PM | 00,002,621 | ---- | C] () - C:\Documents and Settings\All Users\Documents\Global.sw2
[08/28/2008 06:20 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\Config
[08/28/2008 06:20 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\Fonts
[08/28/2008 06:20 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\Softwrap
[08/07/2008 03:23 PM | 00,000,083 | -HS- | C] () - C:\Documents and Settings\AmerikanMade\My Documents\desktop.ini
[08/07/2008 03:23 PM | R--D | C] - C:\Documents and Settings\AmerikanMade\My Documents\My Music
[08/07/2008 03:23 PM | R--D | C] - C:\Documents and Settings\AmerikanMade\My Documents\My Pictures
[08/07/2008 04:04 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Downloads
[08/07/2008 04:42 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\My Received Files
[08/07/2008 04:43 PM | 00,000,581 | ---- | C] () - C:\Documents and Settings\AmerikanMade\My Documents\My Sharing Folders.lnk
[08/09/2008 02:57 AM | R--D | C] - C:\Documents and Settings\AmerikanMade\My Documents\My Videos
[08/18/2008 10:39 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Battlefield 2 Demo
[08/28/2008 01:42 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Sprocket
[08/29/2008 02:59 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Battlefield 2
[09/01/2008 04:01 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Bears Pics
[08/07/2008 03:35 PM | 00,001,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Getting Started Demo.lnk
[08/07/2008 03:38 PM | 00,001,940 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[08/07/2008 04:25 PM | 00,000,664 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[08/07/2008 04:41 PM | 00,001,736 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[08/07/2008 04:49 PM | 00,001,507 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[08/08/2008 04:54 AM | 00,001,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/08/2008 04:55 AM | 00,000,734 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/12/2008 12:26 AM | 00,000,630 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[08/19/2008 08:02 PM | 00,000,638 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[08/28/2008 06:20 PM | 00,000,856 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Launch ArmA.lnk
[08/29/2008 01:02 AM | 00,001,723 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[08/29/2008 01:02 AM | 00,001,745 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Play BF2 Online Now!.lnk
[08/29/2008 08:53 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/07/2008 03:36 PM | 00,000,185 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Free AOL & Unlimited Internet.url
[08/07/2008 05:22 PM | 00,000,703 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\ASIO4ALL v2 Off-Line Settings.lnk
[08/07/2008 05:22 PM | 00,000,792 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\FL Studio 8.lnk
[08/07/2008 05:22 PM | 00,000,813 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[08/07/2008 08:19 PM | 00,000,667 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to Launcher.lnk
[08/08/2008 03:00 AM | 00,000,630 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\µTorrent.lnk
[08/08/2008 12:40 PM | 00,000,759 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to medieval2.lnk
[08/09/2008 03:29 AM | 00,000,962 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to medieval2_retrofit.lnk
[08/12/2008 02:35 AM | 00,001,789 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Ultimate AI.lnk
[08/18/2008 10:38 PM | 00,001,768 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Battlefield 2 Demo.lnk
[08/29/2008 05:26 AM | 00,001,734 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\HijackThis.lnk
[08/07/2008 09:58 AM | 00,000,084 | -HS- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[08/07/2008 03:23 PM | 00,000,084 | -HS- | C] () - C:\Documents and Settings\AmerikanMade\Start Menu\Programs\Startup\desktop.ini
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Common Files\MSSoap
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Common Files\Services
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Common Files\System
[08/07/2008 03:27 PM | ---D | C] - C:\Program Files\Common Files\InstallShield
[08/07/2008 04:55 PM | ---D | C] - C:\Program Files\Common Files\Real
[08/07/2008 04:55 PM | ---D | C] - C:\Program Files\Common Files\xing shared
[08/07/2008 09:58 AM | ---D | C] - C:\Program Files\Common Files\Microsoft Shared
[08/07/2008 09:58 AM | ---D | C] - C:\Program Files\Common Files\ODBC
[08/07/2008 09:58 AM | ---D | C] - C:\Program Files\Common Files\SpeechEngines
[08/08/2008 04:54 AM | ---D | C] - C:\Program Files\Common Files\Adobe
[08/08/2008 04:55 AM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/12/2008 12:25 AM | ---D | C] - C:\Program Files\Common Files\Wise Installation Wizard
[08/25/2008 03:00 AM | ---D | C] - C:\Program Files\Common Files\Macrovision Shared
[08/07/2008 03:04 PM | ---D | C] - C:\Program Files\MSN
[08/07/2008 03:04 PM | ---D | C] - C:\Program Files\Windows NT
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\ComPlus Applications
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Internet Explorer
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Messenger
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Movie Maker
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\MSN Gaming Zone
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\NetMeeting
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Online Services
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Outlook Express
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Windows Media Player
[08/07/2008 03:05 PM | -H-D | C] - C:\Program Files\WindowsUpdate
[08/07/2008 03:07 PM | ---D | C] - C:\Program Files\microsoft frontpage
[08/07/2008 03:07 PM | ---D | C] - C:\Program Files\xerox
[08/07/2008 03:23 PM | -H-D | C] - C:\Program Files\Uninstall Information
[08/07/2008 03:26 PM | ---D | C] - C:\Program Files\Intel
[08/07/2008 03:27 PM | ---D | C] - C:\Program Files\Realtek
[08/07/2008 03:27 PM | -H-D | C] - C:\Program Files\InstallShield Installation Information
[08/07/2008 03:33 PM | ---D | C] - C:\Program Files\Creative
[08/07/2008 03:41 PM | ---D | C] - C:\Program Files\Razer
[08/07/2008 04:03 PM | ---D | C] - C:\Program Files\Mozilla Firefox
[08/07/2008 04:13 PM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[08/07/2008 04:22 PM | ---D | C] - C:\Program Files\WinRAR
[08/07/2008 04:25 PM | ---D | C] - C:\Program Files\Winamp
[08/07/2008 04:41 PM | ---D | C] - C:\Program Files\MSN Messenger
[08/07/2008 04:49 PM | ---D | C] - C:\Program Files\AVG
[08/07/2008 04:55 PM | ---D | C] - C:\Program Files\Real
[08/07/2008 05:07 PM | ---D | C] - C:\Program Files\Windows Media Connect 2
[08/07/2008 05:21 PM | ---D | C] - C:\Program Files\Image-Line
[08/07/2008 05:21 PM | ---D | C] - C:\Program Files\Outsim
[08/07/2008 05:22 PM | ---D | C] - C:\Program Files\ASIO4ALL v2
[08/07/2008 05:22 PM | ---D | C] - C:\Program Files\VstPlugins
[08/07/2008 08:13 PM | ---D | C] - C:\Program Files\World of Warcraft
[08/07/2008 09:58 AM | ---D | C] - C:\Program Files\Common Files
[08/08/2008 02:45 AM | ---D | C] - C:\Program Files\SEGA
[08/08/2008 03:00 AM | ---D | C] - C:\Program Files\uTorrent
[08/08/2008 04:54 AM | ---D | C] - C:\Program Files\Adobe
[08/08/2008 08:59 AM | ---D | C] - C:\Program Files\VideoLAN
[08/09/2008 02:34 AM | ---D | C] - C:\Program Files\DAEMON Tools Lite
[08/12/2008 12:26 AM | ---D | C] - C:\Program Files\Ventrilo
[08/18/2008 10:37 PM | ---D | C] - C:\Program Files\EA GAMES
[08/19/2008 08:02 PM | ---D | C] - C:\Program Files\Xfire
[08/25/2008 03:05 AM | ---D | C] - C:\Program Files\Bonjour
[08/25/2008 03:18 AM | ---D | C] - C:\Program Files\DAMN NFO Viewer
[08/28/2008 06:13 PM | ---D | C] - C:\Program Files\Bohemia Interactive
[08/28/2008 06:20 PM | ---D | C] - C:\Program Files\OpenAL
[08/29/2008 05:26 AM | ---D | C] - C:\Program Files\Trend Micro
[08/29/2008 08:53 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
========== Files - Modified Within 30 days ==========
[08/07/2008 03:06 PM | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT
[08/07/2008 03:06 PM | 00,000,000 | ---- | M] () - C:\CONFIG.SYS
[08/07/2008 03:06 PM | 00,000,000 | RHS- | M] () - C:\IO.SYS
[08/07/2008 03:06 PM | 00,000,000 | RHS- | M] () - C:\MSDOS.SYS
[08/07/2008 04:07 PM | 00,047,564 | RHS- | M] () - C:\NTDETECT.COM
[08/07/2008 04:09 PM | 00,000,211 | RHS- | M] () - C:\boot.ini
[08/07/2008 04:48 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/07/2008 04:49 PM | 06,061,540 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg
[08/08/2008 09:35 AM | 00,211,986 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[08/30/2008 10:21 PM | 00,080,727 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg
[09/01/2008 06:15 AM | 26,785,826 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/07/2008 04:15 PM | 00,257,725 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080807-161617.backup
[08/07/2008 04:16 PM | 00,257,725 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080820-113346.backup
[08/20/2008 11:33 AM | 00,260,784 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080829-030251.backup
[08/29/2008 07:36 AM | 00,000,686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080829-075727.backup
[08/29/2008 07:57 AM | 00,262,036 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[08/07/2008 05:06 PM | 00,000,000 | -H-- | M] () - C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[08/07/2008 04:49 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys
[08/07/2008 04:49 PM | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgtdix.sys
[08/09/2008 02:26 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\System32\drivers\sptd.sys
[08/28/2008 04:10 AM | 00,139,600 | ---- | M] () - C:\WINDOWS\System32\drivers\PnkBstrK.sys
[08/29/2008 12:38 AM | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys
[4 C:\WINDOWS\System32\*.tmp files]
[08/07/2008 03:05 PM | 00,021,640 | ---- | M] () - C:\WINDOWS\System32\emptyregdb.dat
[08/07/2008 03:06 PM | 00,002,577 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/07/2008 03:08 PM | 00,000,261 | ---- | M] () - C:\WINDOWS\System32\$winnt$.inf
[08/07/2008 03:23 PM | 00,025,065 | ---- | M] () - C:\WINDOWS\System32\wmpscheme.xml
[08/07/2008 03:30 PM | 00,146,650 | ---- | M] () - C:\WINDOWS\System32\BuzzingBee.wav
[08/07/2008 03:30 PM | 00,940,794 | ---- | M] () - C:\WINDOWS\System32\LoopyMusic.wav
[08/07/2008 03:33 PM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.bak
[08/07/2008 03:35 PM | 00,000,184 | ---- | M] () - C:\WINDOWS\System32\e000001.dat
[08/07/2008 04:49 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll
[08/07/2008 04:55 PM | 00,278,528 | ---- | M] (Real Networks, Inc) - C:\WINDOWS\System32\pncrt.dll
[08/07/2008 05:01 PM | 00,040,196 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/07/2008 05:01 PM | 00,311,934 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/07/2008 05:01 PM | 00,356,120 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/07/2008 05:07 PM | 00,016,832 | ---- | M] () - C:\WINDOWS\System32\amcompat.tlb
[08/07/2008 05:07 PM | 00,023,392 | ---- | M] () - C:\WINDOWS\System32\nscompat.tlb
[08/12/2008 05:07 PM | 00,042,320 | ---- | M] () - C:\WINDOWS\System32\xfcodec.dll
[08/18/2008 10:47 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\System32\PnkBstrA.exe
[08/27/2008 01:33 AM | 01,393,864 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/28/2008 04:10 AM | 00,111,928 | ---- | M] () - C:\WINDOWS\System32\PnkBstrB.exe
[08/28/2008 06:20 PM | 00,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) - C:\WINDOWS\System32\OpenAL32.dll
[08/28/2008 06:20 PM | 00,413,696 | ---- | M] (Creative Labs) - C:\WINDOWS\System32\wrap_oal.dll
[08/29/2008 09:09 AM | 01,335,090 | -HS- | M] () - C:\WINDOWS\System32\nrnywrdn.ini
[08/29/2008 09:35 AM | 00,000,384 | ---- | M] () - C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[08/29/2008 09:35 AM | 00,000,384 | ---- | M] () - C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[08/29/2008 09:35 AM | 00,001,080 | ---- | M] () - C:\WINDOWS\System32\settings.sfm
[08/29/2008 09:35 AM | 00,001,080 | ---- | M] () - C:\WINDOWS\System32\settingsbkup.sfm
[08/29/2008 09:35 AM | 00,030,528 | ---- | M] () - C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/29/2008 09:35 AM | 00,030,528 | ---- | M] () - C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/29/2008 09:35 AM | 00,031,056 | ---- | M] () - C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/29/2008 09:35 AM | 00,031,056 | ---- | M] () - C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/29/2008 09:36 AM | 00,177,091 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[08/29/2008 09:37 AM | 00,011,815 | ---- | M] () - C:\WINDOWS\System32\CTHELPER.RPT
[08/29/2008 12:36 AM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\*.tmp files]
[08/07/2008 03:05 PM | 00,000,036 | ---- | M] () - C:\WINDOWS\vb.ini
[08/07/2008 03:05 PM | 00,000,037 | ---- | M] () - C:\WINDOWS\vbaddin.ini
[08/07/2008 03:06 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\control.ini
[08/07/2008 03:06 PM | 00,000,749 | RH-- | M] () - C:\WINDOWS\WindowsShell.Manifest
[08/07/2008 03:06 PM | 00,004,161 | ---- | M] () - C:\WINDOWS\ODBCINST.INI
[08/07/2008 03:06 PM | 00,299,552 | ---- | M] () - C:\WINDOWS\WMSysPrx.prx
[08/07/2008 03:22 PM | 00,008,192 | ---- | M] () - C:\WINDOWS\REGLOCS.OLD
[08/07/2008 03:27 PM | 00,015,600 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\gdrv.sys
[08/07/2008 03:37 PM | 00,000,136 | ---- | M] () - C:\WINDOWS\SBWIN.INI
[08/07/2008 03:38 PM | 00,000,099 | ---- | M] () - C:\WINDOWS\È
[08/07/2008 04:03 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\nsreg.dat
[08/07/2008 05:06 PM | 00,316,640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[08/07/2008 05:07 PM | 00,000,517 | ---- | M] () - C:\WINDOWS\win.ini
[08/07/2008 09:58 AM | 00,000,231 | ---- | M] () - C:\WINDOWS\system.ini
[08/14/2008 09:13 PM | 00,000,025 | ---- | M] () - C:\WINDOWS\cdplayer.ini
[08/15/2008 08:02 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/17/2008 11:12 PM | 04,933,048 | ---- | M] () - C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-20021102}.BAK
[08/28/2008 06:20 PM | 00,000,000 | -H-- | M] () - C:\WINDOWS\SwSys1.bmp
[08/28/2008 06:20 PM | 00,000,000 | -H-- | M] () - C:\WINDOWS\SwSys2.bmp
[08/29/2008 04:12 AM | 00,000,095 | ---- | M] () - C:\WINDOWS\wininit.ini
[08/29/2008 09:35 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/29/2008 09:37 AM | 04,933,048 | ---- | M] () - C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-20021102}.CDF
[08/29/2008 09:36 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/07/2008 09:58 AM | 00,000,062 | -HS- | M] () - C:\Documents and Settings\All Users\Application Data\desktop.ini
[08/07/2008 09:58 AM | 00,000,062 | -HS- | M] () - C:\Documents and Settings\AmerikanMade\Application Data\desktop.ini
[08/25/2008 03:49 AM | 00,013,104 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/29/2008 03:46 AM | 05,348,338 | -H-- | M] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\IconCache.db
[08/31/2008 09:09 PM | 00,041,472 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/07/2008 09:58 AM | 00,000,062 | -HS- | M] () - C:\Documents and Settings\All Users\Documents\desktop.ini
[08/28/2008 06:20 PM | 00,002,621 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Global.sw2
[08/07/2008 05:00 PM | 00,000,083 | -HS- | M] () - C:\Documents and Settings\AmerikanMade\My Documents\desktop.ini
[08/30/2008 03:21 AM | 00,000,581 | ---- | M] () - C:\Documents and Settings\AmerikanMade\My Documents\My Sharing Folders.lnk
[08/07/2008 03:35 PM | 00,001,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Getting Started Demo.lnk
[08/07/2008 03:38 PM | 00,001,940 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[08/07/2008 04:25 PM | 00,000,664 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[08/07/2008 04:49 PM | 00,001,507 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[08/07/2008 05:01 PM | 00,001,736 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[08/08/2008 04:54 AM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/08/2008 04:55 AM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/12/2008 12:26 AM | 00,000,630 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[08/19/2008 08:02 PM | 00,000,638 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[08/28/2008 06:20 PM | 00,000,856 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Launch ArmA.lnk
[08/29/2008 01:02 AM | 00,001,745 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Play BF2 Online Now!.lnk
[08/29/2008 08:53 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/30/2008 12:37 AM | 00,001,723 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[08/07/2008 03:36 PM | 00,000,185 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Free AOL & Unlimited Internet.url
[08/07/2008 05:22 PM | 00,000,703 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\ASIO4ALL v2 Off-Line Settings.lnk
[08/07/2008 05:22 PM | 00,000,792 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\FL Studio 8.lnk
[08/07/2008 05:22 PM | 00,000,813 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[08/07/2008 08:19 PM | 00,000,667 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to Launcher.lnk
[08/08/2008 12:40 PM | 00,000,759 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to medieval2.lnk
[08/09/2008 03:29 AM | 00,000,962 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to medieval2_retrofit.lnk
[08/12/2008 02:35 AM | 00,001,789 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Ultimate AI.lnk
[08/18/2008 10:38 PM | 00,001,768 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Battlefield 2 Demo.lnk
[08/27/2008 03:11 AM | 00,000,630 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\µTorrent.lnk
[08/29/2008 05:26 AM | 00,001,734 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\HijackThis.lnk
[08/07/2008 03:06 PM | 00,000,084 | -HS- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[08/07/2008 03:06 PM | 00,000,084 | -HS- | M] () - C:\Documents and Settings\AmerikanMade\Start Menu\Programs\Startup\desktop.ini
< End of report >
AmerikanMade
2008-09-01, 13:25
Here's Extras.txt
OTViewIt Extras logfile created on: 9/1/2008 6:13:53 AM - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\AmerikanMade\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.37% Memory free
3.35 Gb Paging File | 2.56 Gb Available in Paging File | 76.52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 79.63 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive D: | 152.66 Gb Total Space | 29.82 Gb Free Space | 19.53% Space Free | Partition Type: NTFS
Drive E: | 671.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[08/29/2008 12:38 AM | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[08/29/2008 12:37 AM | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[08/27/2008 03:11 AM | 00,267,056 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[07/02/2008 08:52 PM | 00,307,712 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[08/07/2008 04:55 PM | 00,214,560 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2
[06/07/2005 03:24 PM | 06,011,392 | ---- | M] ()
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
[08/12/2008 05:07 PM | 03,065,168 | ---- | M] (Xfire Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\Bohemia Interactive\ArmA\arma.exe" = C:\Program Files\Bohemia Interactive\ArmA\arma.exe:*:Enabled:ArmA
[08/28/2008 06:20 PM | 01,216,512 | ---- | M] ()
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
[09/26/2006 05:53 PM | 07,574,463 | ---- | M] ()
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" %*
========== Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [02/28/2006 12:42 PM | 00,094,208 | ---- | M] (Apple Computer, Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
========== HKEY_LOCAL_MACHINE Protocol Defaults ==========
========== HKEY_CURRENT_USER Protocol Defaults ==========
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
========== Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM - XPLPPFilter Class]
[08/07/2008 04:49 PM | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll
msdaipp: [HKLM - No CLSID value]
========== Protocol Filters ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"ArmA" = ArmA Uninstall
"ASIO4ALL" = ASIO4ALL
"AVG8Uninstall" = AVG Free 8.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FL Studio 8" = FL Studio 8
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 9 (KB911565)
"KB913433" = Security Update for Windows XP (KB913433)
"KB923689" = Security Update for Windows XP (KB923689)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942763" = Update for Windows XP (KB942763)
"KB946648" = Security Update for Windows XP (KB946648)
"KB950759" = Security Update for Windows XP (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838" = Security Update for Windows XP (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"RealPlayer 6.0" = RealPlayer
"Toxic Biohazard" = Toxic Biohazard
"Ultimate AI" = Ultimate AI
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"uTorrent" = µTorrent
========== HKEY_USERS Uninstall List ==========
========== HKEY_USERS Uninstall List ==========
========== HKEY_USERS Uninstall List ==========
========== HKEY_USERS Uninstall List ==========
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/10/2008 9:51:53 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
uisy3201.dll, version 0.1.1.45, fault address 0x0003a45f.
Error - 8/11/2008 6:48:23 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
rpmn3260.dll, version 6.0.10.44, fault address 0x0005a8f2.
Error - 8/15/2008 5:18:26 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.
Error - 8/22/2008 7:04:57 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x000d4eef.
Error - 8/23/2008 9:35:16 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Hang
Description = Hanging application realplay.exe, version 11.0.0.453, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/23/2008 9:57:33 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000109f9.
Error - 8/24/2008 10:09:21 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00011669.
Error - 8/25/2008 3:58:37 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00011669.
Error - 8/25/2008 11:18:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00011669.
Error - 8/29/2008 8:18:49 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Spybot - Search & Destroy
Description =
[ Security Events ]
[ System Events ]
Error - 8/29/2008 12:31:12 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = BEAR-N7E5YNP0TL\AmerikanMade - Source = DCOM
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends
on the TCP/IP Protocol Driver service which failed to start because of the following
error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
Error - 8/30/2008 5:32:45 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = BEAR-N7E5YNP0TL\AmerikanMade - Source = DCOM
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 8/30/2008 5:33:20 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = BEAR-N7E5YNP0TL\AmerikanMade - Source = DCOM
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 8/30/2008 6:03:51 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Schannel
Description = The certificate received from the remote server has expired. The SSL
connection request has failed. The attached data contains the server certificate.
< End of report >
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
uTorrent
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete these folders afterwards:
C:\Documents and Settings\AmerikanMade\Application Data\uTorrent
C:\Program Files\uTorrent\
Empty Recycle Bin.
Please run a new OTViewIt scan when finished and post the log back here.
AmerikanMade
2008-09-02, 00:36
OTViewIT.txt
OTViewIt logfile created on: 9/1/2008 5:34:07 PM - Run 2
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\AmerikanMade\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.68% Memory free
3.35 Gb Paging File | 2.56 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 79.15 Gb Free Space | 33.99% Space Free | Partition Type: NTFS
Drive D: | 152.66 Gb Total Space | 29.82 Gb Free Space | 19.53% Space Free | Partition Type: NTFS
Drive E: | 671.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BEAR-N7E5YNP0TL
Current User Name: AmerikanMade
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
===== Processes - Non-Microsoft Only =====
[08/29/2008 12:38 AM | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe
[02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[12/13/1999 01:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE
[08/18/2008 10:47 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe
[08/07/2008 04:49 PM | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgrsx.exe
[08/29/2008 12:38 AM | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgemc.exe
[09/17/2003 10:43 AM | 00,057,344 | ---- | M] (Creative Technology Ltd) - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
[06/18/2003 01:00 AM | 00,045,056 | ---- | M] (Creative Technology Ltd) - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
[10/08/2005 04:27 PM | 00,155,648 | ---- | M] () - C:\Program Files\Razer\Copperhead\razerhid.exe
[08/03/2008 06:02 PM | 00,036,352 | ---- | M] () - C:\Program Files\Winamp\winampa.exe
[08/29/2008 12:38 AM | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgtray.exe
[10/08/2003 04:35 PM | 00,139,264 | ---- | M] (Creative Technology Ltd) - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[08/08/2008 07:11 AM | 00,490,952 | ---- | M] (DT Soft Ltd) - C:\Program Files\DAEMON Tools Lite\daemon.exe
[07/22/2005 03:00 PM | 00,147,456 | ---- | M] () - C:\Program Files\Razer\Copperhead\razertra.exe
[07/22/2005 03:02 PM | 00,159,744 | ---- | M] (Razer Inc.) - C:\Program Files\Razer\Copperhead\razerofa.exe
[08/12/2008 05:07 PM | 03,065,168 | ---- | M] (Xfire Inc.) - C:\Program Files\Xfire\xfire.exe
[07/07/2008 09:42 AM | 04,891,472 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
===== Win32 Services - Non-Microsoft Only =====
(avg8emc) AVG Free8 E-mail Scanner [Auto | Running]
[08/29/2008 12:38 AM | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgemc.exe
(avg8wd) AVG Free8 WatchDog [Auto | Running]
[08/29/2008 12:38 AM | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Auto | Running]
[02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running]
[12/13/1999 01:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[08/25/2008 03:00 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(PnkBstrA) PnkBstrA [Auto | Running]
[08/18/2008 10:47 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe
===== Driver Services - Non-Microsoft Only =====
(AvgLdx86) AVG Free AVI Loader Driver x86 [System | Running]
[08/29/2008 12:38 AM | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgldx86.sys
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [System | Running]
[08/07/2008 04:49 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgmfx86.sys
(AvgTdiX) AVG Free8 Network Redirector [Auto | Running]
[08/07/2008 04:49 PM | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgtdix.sys
(catchme) catchme [On_Demand | Stopped]
File not found - C:\DOCUME~1\AMERIK~1\LOCALS~1\Temp\catchme.sys
(ctac32k) Creative AC3 Software Decoder [On_Demand | Running]
[11/05/2003 01:26 AM | 00,645,392 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctac32k.sys
(ctaud2k) Creative Audio Driver (WDM) [On_Demand | Running]
[11/18/2003 09:13 PM | 00,366,160 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctaud2k.sys
(ctdvda2k) Creative DVD-Audio Device Driver [On_Demand | Stopped]
[10/13/2003 10:17 PM | 00,332,800 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctdvda2k.sys
(ctprxy2k) Creative Proxy Driver [On_Demand | Running]
[10/07/2003 09:08 PM | 00,006,096 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctprxy2k.sys
(ctsfm2k) Creative SoundFont Management Device Driver [On_Demand | Running]
[10/07/2003 09:09 PM | 00,130,288 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctsfm2k.sys
(emupia) E-mu Plug-in Architecture Driver [On_Demand | Running]
[10/13/2003 04:42 AM | 00,145,488 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\emupia2k.sys
(gdrv) gdrv [On_Demand | Stopped]
[08/07/2008 03:27 PM | 00,015,600 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\gdrv.sys
(ha10kx2k) Creative Hardware Abstract Layer Driver [On_Demand | Running]
[10/21/2003 04:26 AM | 00,904,496 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ha10kx2k.sys
(hap16v2k) Creative P16V HAL Driver [On_Demand | Running]
[10/21/2003 04:23 AM | 00,148,432 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\haP16v2k.sys
(ossrv) Creative OS Services Driver [On_Demand | Running]
[10/07/2003 09:06 PM | 00,178,672 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctoss2k.sys
(PfDetNT) PfDetNT [Auto | Running]
[03/05/2003 12:19 PM | 00,015,840 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\PfModNT.sys
(Razerlow) Razer Copperhead Driver [On_Demand | Running]
[08/12/2005 10:11 AM | 00,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) - C:\WINDOWS\system32\drivers\Razerlow.sys
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [On_Demand | Running]
[12/14/2006 03:44 AM | 00,085,120 | R--- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtnicxp.sys
(sptd) sptd [Boot | Running]
[08/09/2008 02:26 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys
========== Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" = ALCMTR.EXE [05/03/2005 05:43 AM | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"AVG8_TRAY" = C:\PROGRA~1\AVG\AVG8\avgtray.exe [08/29/2008 12:38 AM | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
"CTDVDDET" = C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE [06/18/2003 01:00 AM | 00,045,056 | ---- | M] (Creative Technology Ltd)
"CTHelper" = CTHELPER.EXE [10/06/2003 01:57 AM | 00,024,576 | ---- | M] (Creative Technology Ltd)
"CTSysVol" = C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r [09/17/2003 10:43 AM | 00,057,344 | ---- | M] (Creative Technology Ltd)
"googletalk" = C:\Program Files\Google\Google Talk\googletalk.exe /autostart [01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [05/16/2008 02:01 PM | 13,529,088 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [05/16/2008 02:01 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [05/16/2008 02:01 PM | 01,630,208 | ---- | M] ()
"razer" = C:\Program Files\Razer\Copperhead\razerhid.exe [10/08/2005 04:27 PM | 00,155,648 | ---- | M] ()
"RTHDCPL" = RTHDCPL.EXE [04/12/2007 04:33 AM | 16,132,608 | R--- | M] (Realtek Semiconductor Corp.)
"SBDrvDet" = C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r [12/03/2002 06:06 PM | 00,045,056 | ---- | M] (Creative Technology Ltd)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [08/07/2008 04:55 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"UpdReg" = C:\WINDOWS\UpdReg.EXE [05/11/2000 01:00 AM | 00,090,112 | ---- | M] (Creative Technology Ltd.)
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [08/03/2008 06:02 PM | 00,036,352 | ---- | M] ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [08/08/2008 07:11 AM | 00,490,952 | ---- | M] (DT Soft Ltd)
"RemoteCenter" = C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [10/08/2003 04:35 PM | 00,139,264 | ---- | M] (Creative Technology Ltd)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [08/08/2008 07:11 AM | 00,490,952 | ---- | M] (DT Soft Ltd)
"RemoteCenter" = C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [10/08/2003 04:35 PM | 00,139,264 | ---- | M] (Creative Technology Ltd)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
========== Startup Folders ==========
[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[AmerikanMade Startup Folder - C:\Documents and Settings\AmerikanMade\Start Menu\Programs\Startup]
[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]
========== BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAD232F6-9956-45C7-847F-E6AF01862A29}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
========== Toolbars ==========
========== AppInit_Dlls ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"avgrsstx.dll mdxlnm.dll" - File not found
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E2B532CC-0605-40D4-9659-54B020ABCEC3}" =
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - File not found C:\WINDOWS\system32\fccbYpQh.dll
========== Shared Task Scheduler ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{020487CC-FC04-4B1E-863F-D9801796230B}" = Windows Installer Class
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
"IPC Configuration Utility" = IPC Configuration Utility
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
========== HKLM Security Providers ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders]
"msapsspc.dll schannel.dll digest.dll msnsspc.dll" - File not found
========== HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 07:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 07:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 07:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 07:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
========== User's Winlogon Settings ==========
========== Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbYpQh]
"DllName" = File not found
========== Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
========== Lsa Authentication Packages ==========
========== Lsa Security Packages ==========
========== Desktop Components ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "Privacy Protection"
"Source" = ""
"SubscribedURL" = ""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"
========== Safeboot Options ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe
========== Disabled MsConfig Items ==========
Unable to open key or key not present!
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[08/07/2008 03:06 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]
AUTOEXEC.BAT []
[04/23/2008 02:50 AM | 00,000,000 | ---- | M] () D:\AUTOEXEC.BAT [ NTFS ]
Autorun.exe [MZ | ]
[05/22/2005 05:51 PM | 01,187,840 | R--- | M] () E:\Autorun.exe [ CDFS ]
Autorun.inf [[autorun] | icon=BF2.ico | open=Autorun.exe | ]
[05/22/2005 05:51 PM | 00,000,043 | R--- | M] () E:\Autorun.inf [ CDFS ]
autorun []
[05/22/2005 05:51 PM | 01,187,840 | R--- | M] () E:\autorun.exe [ CDFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef9180a4-7401-11dd-bc1b-806d6172696f}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
"" = AutoRun
========== DNS Name Servers ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8CD67773-E4D7-4962-A7FD-FE5599BE8820}]
Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C2300693-818B-416A-8F6C-9040726D1EBC}]
Servers: | Description: 1394 Net Adapter
========== Hosts File ==========
HOSTS File = (262036 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
......continued in next post.
AmerikanMade
2008-09-02, 00:36
========== Files/Folders - Created Within 30 days ==========
[08/07/2008 03:06 PM | 00,000,000 | ---- | C] () - C:\AUTOEXEC.BAT
[08/07/2008 03:06 PM | 00,000,000 | ---- | C] () - C:\CONFIG.SYS
[08/07/2008 03:06 PM | 00,000,000 | RHS- | C] () - C:\IO.SYS
[08/07/2008 03:06 PM | 00,000,000 | RHS- | C] () - C:\MSDOS.SYS
[08/07/2008 03:22 PM | -HSD | C] - C:\System Volume Information
[08/07/2008 03:26 PM | ---D | C] - C:\Intel
[08/07/2008 04:10 PM | ---D | C] - C:\NVIDIA
[08/07/2008 05:01 PM | -HSD | C] - C:\Config.Msi
[08/07/2008 05:06 PM | ---D | C] - C:\6967c0f4693cd3a6a2ab
[08/07/2008 05:06 PM | ---D | C] - C:\e3f2084b8a7afd93af503c4e
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS
[08/07/2008 09:56 AM | 00,000,211 | RHS- | C] () - C:\boot.ini
[08/07/2008 09:57 AM | ---D | C] - C:\Documents and Settings
[08/07/2008 09:58 AM | R--D | C] - C:\Program Files
[08/08/2008 02:55 AM | -HSD | C] - C:\RECYCLER
[08/08/2008 08:04 PM | -H-D | C] - C:\$AVG8.VAULT$
[08/29/2008 07:26 AM | ---D | C] - C:\SDFix
[08/29/2008 09:40 AM | ---D | C] - C:\rsit
[08/07/2008 03:05 PM | 00,000,984 | ---- | C] () - C:\WINDOWS\System32\dllcache\srframe.mmf
[08/07/2008 03:06 PM | 04,399,505 | ---- | C] () - C:\WINDOWS\System32\dllcache\nls302en.lex
[08/07/2008 03:07 PM | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esucmd.dll
[08/07/2008 03:07 PM | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esunid.dll
[08/07/2008 03:07 PM | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) - C:\WINDOWS\System32\dllcache\cap7146.sys
[08/07/2008 03:07 PM | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esuimgd.dll
[08/07/2008 03:07 PM | 00,059,392 | ---- | C] () - C:\WINDOWS\System32\dllcache\imscinst.exe
[08/07/2008 03:07 PM | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia001.dll
[08/07/2008 03:07 PM | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia330.dll
[08/07/2008 03:07 PM | 00,108,827 | ---- | C] () - C:\WINDOWS\System32\dllcache\hanja.lex
[08/07/2008 03:07 PM | 00,134,339 | ---- | C] () - C:\WINDOWS\System32\dllcache\imekr.lex
[08/07/2008 03:07 PM | 00,173,568 | ---- | C] () - C:\WINDOWS\System32\dllcache\chtskf.dll
[08/07/2008 03:07 PM | 00,175,104 | ---- | C] () - C:\WINDOWS\System32\dllcache\pintlcsa.dll
[08/07/2008 03:07 PM | 00,196,665 | ---- | C] () - C:\WINDOWS\System32\dllcache\imjpinst.exe
[08/07/2008 03:07 PM | 01,158,818 | ---- | C] () - C:\WINDOWS\System32\dllcache\korwbrkr.lex
[08/07/2008 03:07 PM | 13,463,552 | ---- | C] () - C:\WINDOWS\System32\dllcache\hwxjpn.dll
[08/07/2008 03:35 PM | 00,036,864 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\dllcache\sfman32.dll
[08/07/2008 04:40 PM | 00,000,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapp.gif
[08/07/2008 04:40 PM | 00,000,760 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapph.gif
[08/07/2008 04:40 PM | 00,000,772 | ---- | C] () - C:\WINDOWS\System32\dllcache\cntd.gif
[08/07/2008 04:40 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnt.gif
[08/07/2008 04:40 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnth.gif
[08/07/2008 04:40 PM | 00,000,999 | ---- | C] () - C:\WINDOWS\System32\dllcache\bktrh.gif
[08/07/2008 04:40 PM | 00,006,878 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.js
[08/07/2008 04:40 PM | 00,008,298 | ---- | C] () - C:\WINDOWS\System32\dllcache\contents.htm
[08/07/2008 04:40 PM | 00,009,585 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.css
[08/07/2008 04:40 PM | 00,184,959 | ---- | C] () - C:\WINDOWS\System32\dllcache\compact.wmz
[08/07/2008 04:40 PM | 00,381,425 | ---- | C] () - C:\WINDOWS\System32\dllcache\copycd.wmv
[08/07/2008 04:40 PM | 00,498,742 | ---- | C] () - C:\WINDOWS\System32\dllcache\dxmasf.dll
[08/07/2008 04:41 PM | 00,000,403 | ---- | C] () - C:\WINDOWS\System32\dllcache\npdrmv2.zip
[08/07/2008 04:41 PM | 00,000,420 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmploc.js
[08/07/2008 04:41 PM | 00,000,733 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst15.wpl
[08/07/2008 04:41 PM | 00,000,775 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst14.wpl
[08/07/2008 04:41 PM | 00,000,783 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst13.wpl
[08/07/2008 04:41 PM | 00,000,784 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst9.wpl
[08/07/2008 04:41 PM | 00,000,787 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst10.wpl
[08/07/2008 04:41 PM | 00,000,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst11.wpl
[08/07/2008 04:41 PM | 00,000,855 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpocm.inf
[08/07/2008 04:41 PM | 00,000,908 | ---- | C] () - C:\WINDOWS\System32\dllcache\skins.inf
[08/07/2008 04:41 PM | 00,001,036 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst8.wpl
[08/07/2008 04:41 PM | 00,001,046 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst7.wpl
[08/07/2008 04:41 PM | 00,001,049 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst2.wpl
[08/07/2008 04:41 PM | 00,001,148 | ---- | C] () - C:\WINDOWS\System32\dllcache\snd.htm
[08/07/2008 04:41 PM | 00,001,250 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst1.wpl
[08/07/2008 04:41 PM | 00,001,367 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoffh.gif
[08/07/2008 04:41 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoff.gif
[08/07/2008 04:41 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taonh.gif
[08/07/2008 04:41 PM | 00,001,398 | ---- | C] () - C:\WINDOWS\System32\dllcache\taon.gif
[08/07/2008 04:41 PM | 00,001,448 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst4.wpl
[08/07/2008 04:41 PM | 00,001,451 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst12.wpl
[08/07/2008 04:41 PM | 00,001,474 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst3.wpl
[08/07/2008 04:41 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst5.wpl
[08/07/2008 04:41 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst6.wpl
[08/07/2008 04:41 PM | 00,001,771 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.css
[08/07/2008 04:41 PM | 00,001,885 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.cnt
[08/07/2008 04:41 PM | 00,002,371 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpauseh.gif
[08/07/2008 04:41 PM | 00,002,375 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplayh.gif
[08/07/2008 04:41 PM | 00,002,450 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpause.gif
[08/07/2008 04:41 PM | 00,002,469 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplay.gif
[08/07/2008 04:41 PM | 00,002,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm5.gif
[08/07/2008 04:41 PM | 00,002,545 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogo.gif
[08/07/2008 04:41 PM | 00,002,778 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogoh.gif
[08/07/2008 04:41 PM | 00,003,187 | ---- | C] () - C:\WINDOWS\System32\dllcache\tour.js
[08/07/2008 04:41 PM | 00,004,126 | ---- | C] () - C:\WINDOWS\System32\dllcache\msdxmlc.dll
[08/07/2008 04:41 PM | 00,004,193 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm8.gif
[08/07/2008 04:41 PM | 00,005,290 | ---- | C] () - C:\WINDOWS\System32\dllcache\vidsamp.gif
[08/07/2008 04:41 PM | 00,005,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm1.gif
[08/07/2008 04:41 PM | 00,005,971 | ---- | C] () - C:\WINDOWS\System32\dllcache\events.js
[08/07/2008 04:41 PM | 00,006,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm6.gif
[08/07/2008 04:41 PM | 00,006,241 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm3.gif
[08/07/2008 04:41 PM | 00,006,769 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmfsdk.inf
[08/07/2008 04:41 PM | 00,007,369 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm4.gif
[08/07/2008 04:41 PM | 00,007,636 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm2.gif
[08/07/2008 04:41 PM | 00,007,892 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm9.gif
[08/07/2008 04:41 PM | 00,008,677 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm7.gif
[08/07/2008 04:41 PM | 00,010,457 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.hta
[08/07/2008 04:41 PM | 00,017,272 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmdm.inf
[08/07/2008 04:41 PM | 00,017,489 | ---- | C] () - C:\WINDOWS\System32\dllcache\videobg.gif
[08/07/2008 04:41 PM | 00,018,286 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.inf
[08/07/2008 04:41 PM | 00,022,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\npds.zip
[08/07/2008 04:41 PM | 00,023,195 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplay.chm
[08/07/2008 04:41 PM | 00,023,829 | ---- | C] () - C:\WINDOWS\System32\dllcache\tourbg.gif
[08/07/2008 04:41 PM | 00,029,070 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmp.inf
[08/07/2008 04:41 PM | 00,066,725 | ---- | C] () - C:\WINDOWS\System32\dllcache\revert.wmz
[08/07/2008 04:41 PM | 00,069,612 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.adm
[08/07/2008 04:41 PM | 00,077,307 | ---- | C] () - C:\WINDOWS\System32\dllcache\plyr_err.chm
[08/07/2008 04:41 PM | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) - C:\WINDOWS\System32\dllcache\sl_anet.acm
[08/07/2008 04:41 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud2.wav
[08/07/2008 04:41 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud4.wav
[08/07/2008 04:41 PM | 00,086,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud5.wav
[08/07/2008 04:41 PM | 00,097,117 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.hlp
[08/07/2008 04:41 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud3.wav
[08/07/2008 04:41 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud8.wav
[08/07/2008 04:41 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud9.wav
[08/07/2008 04:41 PM | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) - C:\WINDOWS\System32\dllcache\l3codeca.acm
[08/07/2008 04:41 PM | 00,300,969 | ---- | C] () - C:\WINDOWS\System32\dllcache\viz.wmv
[08/07/2008 04:41 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud6.wav
[08/07/2008 04:41 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud7.wav
[08/07/2008 04:41 PM | 00,354,468 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud1.wav
[08/07/2008 04:41 PM | 00,375,519 | ---- | C] () - C:\WINDOWS\System32\dllcache\nuskin.wmv
[08/07/2008 04:41 PM | 00,457,607 | ---- | C] () - C:\WINDOWS\System32\dllcache\mdlib.wmv
[08/07/2008 04:41 PM | 00,572,557 | ---- | C] () - C:\WINDOWS\System32\dllcache\rtuner.wmv
[08/07/2008 04:41 PM | 00,613,334 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.chm
[08/07/2008 04:41 PM | 00,844,314 | ---- | C] () - C:\WINDOWS\System32\dllcache\msdxm.ocx
[08/07/2008 09:58 AM | 00,000,888 | ---- | C] () - C:\WINDOWS\System32\dllcache\sam.sdf
[08/07/2008 09:58 AM | 00,007,382 | ---- | C] () - C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[08/07/2008 09:58 AM | 00,008,574 | ---- | C] () - C:\WINDOWS\System32\dllcache\IASNT4.CAT
[08/07/2008 09:58 AM | 00,024,661 | ---- | C] (Perle Systems Ltd.) - C:\WINDOWS\System32\dllcache\spxcoins.dll
[08/07/2008 09:58 AM | 00,037,484 | ---- | C] () - C:\WINDOWS\System32\dllcache\MW770.CAT
[08/07/2008 09:58 AM | 00,399,645 | ---- | C] () - C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[08/07/2008 09:58 AM | 00,605,050 | ---- | C] () - C:\WINDOWS\System32\dllcache\r1033tts.lxa
[08/07/2008 09:58 AM | 00,643,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\ltts1033.lxa
[08/07/2008 09:58 AM | 00,797,189 | ---- | C] () - C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[08/07/2008 09:58 AM | 01,685,606 | ---- | C] () - C:\WINDOWS\System32\dllcache\sam.spd
[08/07/2008 04:49 PM | 00,080,727 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg
[08/07/2008 04:49 PM | 00,211,986 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[08/07/2008 04:49 PM | 06,061,540 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg
[08/07/2008 04:49 PM | 26,785,826 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/07/2008 04:15 PM | 00,000,734 | ---- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080807-161559.backup
[08/07/2008 04:16 PM | 00,257,725 | R--- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080807-161617.backup
[08/20/2008 11:33 AM | 00,257,725 | R--- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080820-113346.backup
[08/29/2008 03:02 AM | 00,260,784 | R--- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080829-030251.backup
[08/29/2008 07:57 AM | 00,000,686 | ---- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.20080829-075727.backup
[08/07/2008 05:06 PM | 00,000,000 | -H-- | C] () - C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[08/07/2008 03:28 PM | 00,085,120 | R--- | C] (Realtek Semiconductor Corporation ) - C:\WINDOWS\System32\drivers\Rtnicxp.sys
[08/07/2008 03:35 PM | 00,006,096 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctprxy2k.sys
[08/07/2008 03:35 PM | 00,012,160 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\drivers\CTGAME.SYS
[08/07/2008 03:35 PM | 00,015,840 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\drivers\PfModNT.sys
[08/07/2008 03:35 PM | 00,130,288 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctsfm2k.sys
[08/07/2008 03:35 PM | 00,145,488 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\emupia2k.sys
[08/07/2008 03:35 PM | 00,148,432 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\haP16v2k.sys
[08/07/2008 03:35 PM | 00,177,456 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\drivers\CTOSS9X.SYS
[08/07/2008 03:35 PM | 00,178,672 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\drivers\ctoss2k.sys
[08/07/2008 03:35 PM | 00,332,800 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctdvda2k.sys
[08/07/2008 03:35 PM | 00,366,160 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctaud2k.sys
[08/07/2008 03:35 PM | 00,645,392 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ctac32k.sys
[08/07/2008 03:35 PM | 00,904,496 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\drivers\ha10kx2k.sys
[08/07/2008 03:42 PM | 00,019,020 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) - C:\WINDOWS\System32\drivers\Razerlow.sys
[08/07/2008 03:42 PM | 00,162,900 | ---- | C] (Motorola) - C:\WINDOWS\System32\drivers\USBICP.sys
[08/07/2008 04:05 PM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[08/07/2008 04:49 PM | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys
[08/07/2008 04:49 PM | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgtdix.sys
[08/07/2008 04:49 PM | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys
[08/07/2008 04:49 PM | ---D | C] - C:\WINDOWS\System32\drivers\Avg
[08/07/2008 05:06 PM | ---D | C] - C:\WINDOWS\System32\drivers\UMDF
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\drivers\disdn
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\drivers\etc
[08/09/2008 02:26 AM | 00,717,296 | ---- | C] () - C:\WINDOWS\System32\drivers\sptd.sys
[08/18/2008 10:48 PM | 00,139,600 | ---- | C] () - C:\WINDOWS\System32\drivers\PnkBstrK.sys
[4 C:\WINDOWS\System32\*.tmp files]
[08/07/2008 03:04 PM | 00,000,768 | ---- | C] () - C:\WINDOWS\System32\msdtcprf.h
[08/07/2008 03:04 PM | 00,001,161 | ---- | C] () - C:\WINDOWS\System32\usrlogon.cmd
[08/07/2008 03:04 PM | 00,001,931 | ---- | C] () - C:\WINDOWS\System32\msdtcprf.ini
[08/07/2008 03:04 PM | 00,003,286 | ---- | C] () - C:\WINDOWS\System32\tslabels.h
[08/07/2008 03:04 PM | 00,013,223 | ---- | C] () - C:\WINDOWS\System32\tslabels.ini
[08/07/2008 03:04 PM | 00,063,488 | ---- | C] () - C:\WINDOWS\System32\wmimgmt.msc
[08/07/2008 03:04 PM | ---D | C] - C:\WINDOWS\System32\Com
[08/07/2008 03:04 PM | ---D | C] - C:\WINDOWS\System32\MsDtc
[08/07/2008 03:05 PM | 00,000,002 | ---- | C] () - C:\WINDOWS\System32\desktop.ini
[08/07/2008 03:05 PM | 00,021,640 | ---- | C] () - C:\WINDOWS\System32\emptyregdb.dat
[08/07/2008 03:05 PM | 00,032,768 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\isrdbg32.dll
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\System32\Macromed
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\System32\Restore
[08/07/2008 03:06 PM | 00,002,577 | ---- | C] () - C:\WINDOWS\System32\CONFIG.NT
[08/07/2008 03:06 PM | 00,016,832 | ---- | C] () - C:\WINDOWS\System32\amcompat.tlb
[08/07/2008 03:06 PM | 00,023,392 | ---- | C] () - C:\WINDOWS\System32\nscompat.tlb
[08/07/2008 03:06 PM | 00,025,065 | ---- | C] () - C:\WINDOWS\System32\wmpscheme.xml
[08/07/2008 03:06 PM | ---D | C] - C:\WINDOWS\System32\DirectX
[08/07/2008 03:07 PM | ---D | C] - C:\WINDOWS\System32\xircom
[08/07/2008 03:26 PM | ---D | C] - C:\WINDOWS\System32\DRVSTORE
[08/07/2008 03:26 PM | ---D | C] - C:\WINDOWS\System32\ReinstallBackups
[08/07/2008 03:26 PM | --SD | C] - C:\WINDOWS\System32\Microsoft
[08/07/2008 03:28 PM | 00,049,152 | R--- | C] () - C:\WINDOWS\System32\ChCfg.exe
[08/07/2008 03:28 PM | ---D | C] - C:\WINDOWS\System32\RTCOM
[08/07/2008 03:30 PM | 00,146,650 | ---- | C] () - C:\WINDOWS\System32\BuzzingBee.wav
[08/07/2008 03:30 PM | 00,940,794 | ---- | C] () - C:\WINDOWS\System32\LoopyMusic.wav
[08/07/2008 03:30 PM | ---D | C] - C:\WINDOWS\System32\Lang
[08/07/2008 03:31 PM | 00,018,070 | ---- | C] () - C:\WINDOWS\System32\nvdisp.nvu
[08/07/2008 03:31 PM | 00,177,091 | ---- | C] () - C:\WINDOWS\System32\nvapps.xml
[08/07/2008 03:33 PM | 00,013,646 | ---- | C] () - C:\WINDOWS\System32\wpa.bak
[08/07/2008 03:34 PM | 00,000,641 | ---- | C] () - C:\WINDOWS\System32\CTDetect.cnt
[08/07/2008 03:34 PM | 00,017,350 | ---- | C] () - C:\WINDOWS\System32\CTDetect.hlp
[08/07/2008 03:34 PM | 00,024,576 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\CTMERes.DLL
[08/07/2008 03:34 PM | 00,025,088 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTSVCCTL.EXE
[08/07/2008 03:34 PM | 00,044,032 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTSVCCDA.EXE
[08/07/2008 03:34 PM | 00,062,976 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\CTDetres.dll
[08/07/2008 03:34 PM | 00,139,264 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\Video.skn
[08/07/2008 03:34 PM | 00,331,776 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\CTMEDENG.DLL
[08/07/2008 03:34 PM | ---D | C] - C:\WINDOWS\System32\Win9X
[08/07/2008 03:35 PM | 00,000,059 | ---- | C] () - C:\WINDOWS\System32\DEFAULT.SFM
[08/07/2008 03:35 PM | 00,000,059 | ---- | C] () - C:\WINDOWS\System32\DEFAULT4.SFM
[08/07/2008 03:35 PM | 00,000,059 | ---- | C] () - C:\WINDOWS\System32\DEFAULT8.SFM
[08/07/2008 03:35 PM | 00,000,184 | ---- | C] () - C:\WINDOWS\System32\e000001.dat
[08/07/2008 03:35 PM | 00,000,194 | ---- | C] () - C:\WINDOWS\System32\KILL.INI
[08/07/2008 03:35 PM | 00,001,912 | ---- | C] () - C:\WINDOWS\System32\Audigy.bmp
[08/07/2008 03:35 PM | 00,005,515 | ---- | C] () - C:\WINDOWS\System32\ENSDEF.INI
[08/07/2008 03:35 PM | 00,006,760 | ---- | C] () - C:\WINDOWS\System32\CTGAME.VXD
[08/07/2008 03:35 PM | 00,007,406 | ---- | C] () - C:\WINDOWS\System32\SBAudigy.ico
[08/07/2008 03:35 PM | 00,012,288 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\AHQCpURes.dll
[08/07/2008 03:35 PM | 00,020,480 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\ENSDEF.EXE
[08/07/2008 03:35 PM | 00,024,576 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTHELPER.EXE
[08/07/2008 03:35 PM | 00,028,672 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTMMEP.DLL
[08/07/2008 03:35 PM | 00,032,768 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\AudioHQU.cpl
[08/07/2008 03:35 PM | 00,036,864 | ---- | C] () - C:\WINDOWS\System32\REGPLIB.EXE
[08/07/2008 03:35 PM | 00,036,864 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTEMUPIA.DLL
[08/07/2008 03:35 PM | 00,036,864 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\sfman32.dll
[08/07/2008 03:35 PM | 00,045,056 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTSPKHLP.DLL
[08/07/2008 03:35 PM | 00,053,248 | ---- | C] ( ) - C:\WINDOWS\System32\KILLAPPS.EXE
[08/07/2008 03:35 PM | 00,053,248 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\AC3API.DLL
[08/07/2008 03:35 PM | 00,053,932 | ---- | C] () - C:\WINDOWS\System32\ctdaught.dat
[08/07/2008 03:35 PM | 00,057,344 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTAGENT.DLL
[08/07/2008 03:35 PM | 00,065,536 | ---- | C] ( ) - C:\WINDOWS\System32\a3d.dll
[08/07/2008 03:35 PM | 00,069,632 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\System32\ctcoinst.dll
[08/07/2008 03:35 PM | 00,077,824 | ---- | C] (Creative Labs) - C:\WINDOWS\System32\EAXAC3.DLL
[08/07/2008 03:35 PM | 00,077,824 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\ctdvda32.dll
[08/07/2008 03:35 PM | 00,106,496 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTTHXCAL.DLL
[08/07/2008 03:35 PM | 00,110,592 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTDPROXY.DLL
[08/07/2008 03:35 PM | 00,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) - C:\WINDOWS\System32\OpenAL32.dll
[08/07/2008 03:35 PM | 00,112,411 | ---- | C] () - C:\WINDOWS\System32\CTBASICW.DAT
[08/07/2008 03:35 PM | 00,114,688 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\commonfx.dll
[08/07/2008 03:35 PM | 00,114,688 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\PIAPROXY.DLL
[08/07/2008 03:35 PM | 00,118,784 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTSCAL.DLL
[08/07/2008 03:35 PM | 00,126,976 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTASIO.DLL
[08/07/2008 03:35 PM | 00,139,264 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTDCIFCE.DLL
[08/07/2008 03:35 PM | 00,140,643 | ---- | C] () - C:\WINDOWS\System32\ctbas2w.dat
[08/07/2008 03:35 PM | 00,143,360 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\System32\ctdvinst.dll
[08/07/2008 03:35 PM | 00,159,744 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTOSUSER.DLL
[08/07/2008 03:35 PM | 00,172,032 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\SFMS32.DLL
[08/07/2008 03:35 PM | 00,217,272 | ---- | C] () - C:\WINDOWS\System32\ctdlang.dat
[08/07/2008 03:35 PM | 00,230,201 | ---- | C] () - C:\WINDOWS\System32\CTSBASW.DAT
[08/07/2008 03:35 PM | 00,264,466 | ---- | C] () - C:\WINDOWS\System32\ctsbas2w.dat
[08/07/2008 03:35 PM | 00,298,971 | ---- | C] () - C:\WINDOWS\System32\ctstatic.dat
[08/07/2008 03:35 PM | 00,327,680 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTDC0000.DLL
[08/07/2008 03:35 PM | 00,466,944 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\CTDC0001.DLL
[08/07/2008 03:35 PM | 00,585,728 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\ctaudfx.dll
[08/07/2008 03:35 PM | 00,606,208 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\System32\ctsblfx.dll
[08/07/2008 03:35 PM | 01,048,576 | ---- | C] () - C:\WINDOWS\System32\CT1MGM.ROM
[08/07/2008 03:35 PM | 02,167,684 | ---- | C] () - C:\WINDOWS\System32\CT2MGM.SF2
[08/07/2008 03:35 PM | 02,259,067 | ---- | C] () - C:\WINDOWS\System32\DEFAULT.ECW
[08/07/2008 03:35 PM | 04,174,814 | ---- | C] () - C:\WINDOWS\System32\CT4MGM.SF2
[08/07/2008 03:36 PM | 00,000,175 | ---- | C] () - C:\WINDOWS\System32\ctzapxx.ini
[08/07/2008 03:36 PM | 00,014,336 | ---- | C] () - C:\WINDOWS\System32\msdmo.dll
[08/07/2008 03:36 PM | 00,033,280 | ---- | C] () - C:\WINDOWS\System32\psisrndr.ax
[08/07/2008 03:36 PM | 00,035,328 | ---- | C] () - C:\WINDOWS\System32\mciqtz32.dll
[08/07/2008 03:36 PM | 00,043,517 | ---- | C] () - C:\WINDOWS\System32\e10kxwdm.ini
[08/07/2008 03:36 PM | 00,054,784 | ---- | C] (Blue Sky Software Corporation.) - C:\WINDOWS\System32\INETWH32.DLL
[08/07/2008 03:36 PM | 00,056,832 | ---- | C] () - C:\WINDOWS\System32\msdvbnp.ax
[08/07/2008 03:36 PM | 00,059,904 | ---- | C] () - C:\WINDOWS\System32\devenum.dll
[08/07/2008 03:36 PM | 00,070,656 | ---- | C] () - C:\WINDOWS\System32\amstream.dll
[08/07/2008 03:36 PM | 00,082,432 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\CTWFLT32.DLL
[08/07/2008 03:36 PM | 00,084,992 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\System32\SFCVRT32.DLL
[08/07/2008 03:36 PM | 00,118,272 | ---- | C] () - C:\WINDOWS\System32\mpeg2data.ax
[08/07/2008 03:36 PM | 00,148,992 | ---- | C] () - C:\WINDOWS\System32\mpg2splt.ax
[08/07/2008 03:36 PM | 00,192,512 | ---- | C] () - C:\WINDOWS\System32\qcap.dll
[08/07/2008 03:36 PM | 00,279,040 | ---- | C] () - C:\WINDOWS\System32\qdv.dll
[08/07/2008 03:36 PM | 00,363,520 | ---- | C] () - C:\WINDOWS\System32\psisdecd.dll
[08/07/2008 03:36 PM | 00,386,048 | ---- | C] () - C:\WINDOWS\System32\qdvd.dll
[08/07/2008 03:36 PM | 00,562,176 | ---- | C] () - C:\WINDOWS\System32\qedit.dll
[08/07/2008 03:36 PM | 00,733,696 | ---- | C] () - C:\WINDOWS\System32\qedwipes.dll
[08/07/2008 03:36 PM | 01,048,576 | ---- | C] () - C:\WINDOWS\System32\SFMAN.DAT
[08/07/2008 03:36 PM | 01,288,192 | ---- | C] () - C:\WINDOWS\System32\quartz.dll
[08/07/2008 03:36 PM | ---D | C] - C:\WINDOWS\System32\Data
[08/07/2008 03:36 PM | ---D | C] - C:\WINDOWS\System32\Defaults
[08/07/2008 03:37 PM | 01,746,360 | ---- | C] () - C:\WINDOWS\System32\CTAA1.DAT
[08/07/2008 03:38 PM | 00,000,384 | ---- | C] () - C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[08/07/2008 03:38 PM | 00,000,384 | ---- | C] () - C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[08/07/2008 03:38 PM | 00,001,080 | ---- | C] () - C:\WINDOWS\System32\settings.sfm
[08/07/2008 03:38 PM | 00,001,080 | ---- | C] () - C:\WINDOWS\System32\settingsbkup.sfm
[08/07/2008 03:38 PM | 00,030,528 | ---- | C] () - C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/07/2008 03:38 PM | 00,030,528 | ---- | C] () - C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/07/2008 03:38 PM | 00,031,056 | ---- | C] () - C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/07/2008 03:38 PM | 00,031,056 | ---- | C] () - C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/07/2008 03:40 PM | 00,011,815 | ---- | C] () - C:\WINDOWS\System32\CTHELPER.RPT
[08/07/2008 03:41 PM | 00,069,632 | ---- | C] (Razer Inc.) - C:\WINDOWS\System32\razer.cpl
[08/07/2008 03:53 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/07/2008 03:53 PM | ---D | C] - C:\WINDOWS\System32\PreInstall
[08/07/2008 04:05 PM | 00,004,569 | ---- | C] () - C:\WINDOWS\System32\secupd.dat
[08/07/2008 04:05 PM | 00,007,208 | ---- | C] () - C:\WINDOWS\System32\secupd.sig
[08/07/2008 04:10 PM | 00,186,407 | ---- | C] () - C:\WINDOWS\System32\nvapps.nvb
[08/07/2008 04:41 PM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[08/07/2008 04:49 PM | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll
[08/07/2008 04:52 PM | ---D | C] - C:\WINDOWS\System32\en
[08/07/2008 04:53 PM | ---D | C] - C:\WINDOWS\System32\en-us
[08/07/2008 04:53 PM | ---D | C] - C:\WINDOWS\System32\scripting
[08/07/2008 04:55 PM | 00,278,528 | ---- | C] (Real Networks, Inc) - C:\WINDOWS\System32\pncrt.dll
[08/07/2008 05:06 PM | ---D | C] - C:\WINDOWS\System32\LogFiles
[08/07/2008 05:22 PM | 00,225,280 | ---- | C] (Propellerhead Software AB) - C:\WINDOWS\System32\rewire.dll
[08/07/2008 05:22 PM | 01,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) - C:\WINDOWS\System32\vorbis.acm
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1025
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1028
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1031
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1033
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1037
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1041
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1042
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\1054
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\2052
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\3076
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\3com_dmi
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\config
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\dhcp
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\drivers
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\export
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\ias
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\icsxml
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\IME
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\inetsrv
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\mui
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\npp
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\oobe
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\ras
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\Setup
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\ShellExt
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\spool
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\usmt
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\wbem
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\System32\wins
[08/07/2008 09:54 AM | RHSD | C] - C:\WINDOWS\System32\dllcache
[08/07/2008 09:56 AM | 00,000,261 | ---- | C] () - C:\WINDOWS\System32\$winnt$.inf
[08/07/2008 09:57 AM | 01,393,864 | ---- | C] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/07/2008 09:57 AM | ---D | C] - C:\WINDOWS\System32\CatRoot
[08/07/2008 09:57 AM | ---D | C] - C:\WINDOWS\System32\CatRoot2
[08/07/2008 09:58 AM | 00,001,688 | ---- | C] () - C:\WINDOWS\System32\AUTOEXEC.NT
[08/07/2008 09:58 AM | 00,024,661 | ---- | C] (Perle Systems Ltd.) - C:\WINDOWS\System32\spxcoins.dll
[08/07/2008 09:58 AM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28594.NLS
[08/07/2008 09:58 AM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28595.NLS
[08/07/2008 09:58 AM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28597.NLS
[08/07/2008 09:58 AM | 00,356,120 | ---- | C] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/12/2008 05:07 PM | 00,042,320 | ---- | C] () - C:\WINDOWS\System32\xfcodec.dll
[08/18/2008 10:47 PM | 00,066,872 | ---- | C] () - C:\WINDOWS\System32\PnkBstrA.exe
[08/18/2008 10:48 PM | 00,111,928 | ---- | C] () - C:\WINDOWS\System32\PnkBstrB.exe
[08/21/2008 03:14 PM | ---D | C] - C:\WINDOWS\System32\SoftwareDistribution
[08/28/2008 06:20 PM | 00,413,696 | ---- | C] (Creative Labs) - C:\WINDOWS\System32\wrap_oal.dll
[08/29/2008 09:09 AM | 01,335,090 | -HS- | C] () - C:\WINDOWS\System32\nrnywrdn.ini
[5 C:\WINDOWS\*.tmp files]
[08/07/2008 03:05 PM | 00,000,002 | ---- | C] () - C:\WINDOWS\desktop.ini
[08/07/2008 03:05 PM | 00,000,036 | ---- | C] () - C:\WINDOWS\vb.ini
[08/07/2008 03:05 PM | 00,000,037 | ---- | C] () - C:\WINDOWS\vbaddin.ini
[08/07/2008 03:05 PM | 00,001,272 | ---- | C] () - C:\WINDOWS\Blue Lace 16.bmp
[08/07/2008 03:05 PM | 00,009,522 | ---- | C] () - C:\WINDOWS\Zapotec.bmp
[08/07/2008 03:05 PM | 00,016,730 | ---- | C] () - C:\WINDOWS\FeatherTexture.bmp
[08/07/2008 03:05 PM | 00,017,062 | ---- | C] () - C:\WINDOWS\Coffee Bean.bmp
[08/07/2008 03:05 PM | 00,017,336 | ---- | C] () - C:\WINDOWS\Gone Fishing.bmp
[08/07/2008 03:05 PM | 00,017,362 | ---- | C] () - C:\WINDOWS\Rhododendron.bmp
[08/07/2008 03:05 PM | 00,026,582 | ---- | C] () - C:\WINDOWS\Greenstone.bmp
[08/07/2008 03:05 PM | 00,026,680 | ---- | C] () - C:\WINDOWS\River Sumida.bmp
[08/07/2008 03:05 PM | 00,048,680 | -HS- | C] () - C:\WINDOWS\winnt.bmp
[08/07/2008 03:05 PM | 00,048,680 | -HS- | C] () - C:\WINDOWS\winnt256.bmp
[08/07/2008 03:05 PM | 00,065,832 | ---- | C] () - C:\WINDOWS\Santa Fe Stucco.bmp
[08/07/2008 03:05 PM | 00,065,954 | ---- | C] () - C:\WINDOWS\Prairie Wind.bmp
[08/07/2008 03:05 PM | 00,065,978 | ---- | C] () - C:\WINDOWS\Soap Bubbles.bmp
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\PCHealth
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\Registration
[08/07/2008 03:05 PM | ---D | C] - C:\WINDOWS\srchasst
[08/07/2008 03:05 PM | --SD | C] - C:\WINDOWS\Tasks
[08/07/2008 03:06 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\control.ini
[08/07/2008 03:06 PM | 00,000,749 | RH-- | C] () - C:\WINDOWS\WindowsShell.Manifest
[08/07/2008 03:06 PM | 00,299,552 | ---- | C] () - C:\WINDOWS\WMSysPrx.prx
[08/07/2008 03:06 PM | R--D | C] - C:\WINDOWS\Offline Web Pages
[08/07/2008 03:06 PM | --SD | C] - C:\WINDOWS\Downloaded Program Files
[08/07/2008 03:08 PM | 00,002,048 | --S- | C] () - C:\WINDOWS\bootstat.dat
[08/07/2008 03:22 PM | 00,008,192 | ---- | C] () - C:\WINDOWS\REGLOCS.OLD
[08/07/2008 03:23 PM | -HSD | C] - C:\WINDOWS\Installer
[08/07/2008 03:25 PM | 00,015,600 | ---- | C] (Windows (R) 2000 DDK provider) - C:\WINDOWS\gdrv.sys
[08/07/2008 03:27 PM | 02,808,832 | R--- | C] (RealTek Semicoductor Corp.) - C:\WINDOWS\alcwzrd.exe
[08/07/2008 03:28 PM | ---D | C] - C:\WINDOWS\OPTIONS
[08/07/2008 03:31 PM | ---D | C] - C:\WINDOWS\nview
[08/07/2008 03:33 PM | 00,000,099 | ---- | C] () - C:\WINDOWS\È
[08/07/2008 03:34 PM | 00,000,136 | ---- | C] () - C:\WINDOWS\SBWIN.INI
[08/07/2008 03:34 PM | 00,316,640 | ---- | C] () - C:\WINDOWS\WMSysPr9.prx
[08/07/2008 03:35 PM | 00,049,152 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\MIDIDEF.EXE
[08/07/2008 03:35 PM | 00,094,208 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\DEVREG.DLL
[08/07/2008 03:35 PM | 00,180,224 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\READREG.EXE
[08/07/2008 03:35 PM | 00,184,320 | ---- | C] () - C:\WINDOWS\PSCONV.EXE
[08/07/2008 03:35 PM | 03,382,863 | ---- | C] () - C:\WINDOWS\CTDV10K1.CDF
[08/07/2008 03:35 PM | 03,735,544 | ---- | C] () - C:\WINDOWS\CTDV10K2.CDF
[08/07/2008 03:35 PM | 04,932,148 | ---- | C] () - C:\WINDOWS\CTDVAUDY.CDF
[08/07/2008 03:36 PM | 00,000,231 | ---- | C] () - C:\WINDOWS\AC3API.INI
[08/07/2008 03:36 PM | 00,020,480 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\INRES.DLL
[08/07/2008 03:36 PM | 00,024,976 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\CTRES.DLL
[08/07/2008 03:36 PM | 00,049,152 | ---- | C] (Creative Technology Ltd) - C:\WINDOWS\CTDCRES.DLL
[08/07/2008 03:36 PM | 00,053,552 | ---- | C] (Creative® Technology Ltd.) - C:\WINDOWS\CTCCW.DLL
[08/07/2008 03:36 PM | 00,090,112 | ---- | C] (Creative Technology Ltd.) - C:\WINDOWS\Updreg.EXE
[08/07/2008 03:36 PM | ---D | C] - C:\WINDOWS\RegisteredPackages
[08/07/2008 03:38 PM | 00,041,984 | ---- | C] (Creative Technology Ltd ) - C:\WINDOWS\Ctregrun.exe
[08/07/2008 03:40 PM | 04,933,048 | ---- | C] () - C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-20021102}.BAK
[08/07/2008 03:40 PM | 04,933,048 | ---- | C] () - C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-20021102}.CDF
[08/07/2008 03:51 PM | ---D | C] - C:\WINDOWS\SoftwareDistribution
[08/07/2008 03:53 PM | -H-D | C] - C:\WINDOWS\$hf_mig$
[08/07/2008 03:53 PM | -H-D | C] - C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[08/07/2008 04:03 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\nsreg.dat
[08/07/2008 04:06 PM | ---D | C] - C:\WINDOWS\EHome
[08/07/2008 04:06 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/07/2008 04:08 PM | ---D | C] - C:\WINDOWS\peernet
[08/07/2008 04:08 PM | ---D | C] - C:\WINDOWS\provisioning
[08/07/2008 04:08 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/07/2008 04:10 PM | ---D | C] - C:\WINDOWS\NV36602076.TMP
[08/07/2008 04:48 PM | ---D | C] - C:\WINDOWS\network diagnostic
[08/07/2008 04:52 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/07/2008 05:00 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\addins
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\AppPatch
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Config
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Connection Wizard
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Cursors
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Debug
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Driver Cache
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Help
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\ime
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\java
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Media
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\msagent
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\msapps
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\mui
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\repair
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Resources
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\security
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\system
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\system32
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\Temp
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\twain_32
[08/07/2008 09:54 AM | ---D | C] - C:\WINDOWS\WinSxS
[08/07/2008 09:54 AM | -H-D | C] - C:\WINDOWS\inf
[08/07/2008 09:54 AM | R--D | C] - C:\WINDOWS\Web
[08/07/2008 09:54 AM | R-SD | C] - C:\WINDOWS\Fonts
[08/07/2008 09:58 AM | 00,001,374 | ---- | C] () - C:\WINDOWS\imsins.BAK
[08/07/2008 09:58 AM | 00,004,161 | ---- | C] () - C:\WINDOWS\ODBCINST.INI
[08/14/2008 09:13 PM | 00,000,025 | ---- | C] () - C:\WINDOWS\cdplayer.ini
[08/28/2008 06:20 PM | 00,000,000 | -H-- | C] () - C:\WINDOWS\SwSys1.bmp
[08/28/2008 06:20 PM | 00,000,000 | -H-- | C] () - C:\WINDOWS\SwSys2.bmp
[08/29/2008 04:12 AM | 00,000,095 | ---- | C] () - C:\WINDOWS\wininit.ini
[08/29/2008 07:31 AM | ---D | C] - C:\WINDOWS\ERUNT
[08/07/2008 03:05 PM | 00,000,065 | RH-- | C] () - C:\WINDOWS\tasks\desktop.ini
[08/07/2008 03:06 PM | 00,000,006 | -H-- | C] () - C:\WINDOWS\tasks\SA.DAT
[08/07/2008 03:58 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[08/07/2008 04:13 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/07/2008 04:49 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\avg8
[08/07/2008 09:57 AM | --SD | C] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/07/2008 09:58 AM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\All Users\Application Data\desktop.ini
[08/08/2008 04:54 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/25/2008 03:19 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\FLEXnet
[08/29/2008 02:55 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
[08/29/2008 08:53 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/07/2008 03:23 PM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\AmerikanMade\Application Data\desktop.ini
[08/07/2008 03:23 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Identities
[08/07/2008 03:23 PM | --SD | C] - C:\Documents and Settings\AmerikanMade\Application Data\Microsoft
[08/07/2008 03:28 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\InstallShield
[08/07/2008 03:36 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Creative
[08/07/2008 04:03 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Mozilla
[08/07/2008 04:07 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Adobe
[08/07/2008 04:07 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Macromedia
[08/07/2008 04:25 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Winamp
[08/07/2008 04:55 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Real
[08/07/2008 05:20 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\WinRAR
[08/08/2008 08:59 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\vlc
[08/09/2008 02:25 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\DAEMON Tools
[08/12/2008 12:27 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Ventrilo
[08/18/2008 10:37 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\InstallShield Installation Information
[08/19/2008 08:02 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Xfire
[08/29/2008 08:53 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Application Data\Malwarebytes
[08/07/2008 03:23 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\Microsoft
[08/07/2008 04:03 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\Mozilla
[08/07/2008 04:20 PM | 00,013,104 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/07/2008 04:58 PM | 05,348,338 | -H-- | C] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\IconCache.db
[08/08/2008 04:56 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\Adobe
[08/08/2008 08:57 AM | 00,041,472 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/07/2008 03:04 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\My Videos
[08/07/2008 03:05 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\My Music
[08/07/2008 03:05 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\My Pictures
[08/07/2008 09:58 AM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\All Users\Documents\desktop.ini
[08/28/2008 06:20 PM | 00,002,621 | ---- | C] () - C:\Documents and Settings\All Users\Documents\Global.sw2
[08/28/2008 06:20 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\Config
[08/28/2008 06:20 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\Fonts
[08/28/2008 06:20 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\Softwrap
[08/07/2008 03:23 PM | 00,000,083 | -HS- | C] () - C:\Documents and Settings\AmerikanMade\My Documents\desktop.ini
[08/07/2008 03:23 PM | R--D | C] - C:\Documents and Settings\AmerikanMade\My Documents\My Music
[08/07/2008 03:23 PM | R--D | C] - C:\Documents and Settings\AmerikanMade\My Documents\My Pictures
[08/07/2008 04:04 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Downloads
[08/07/2008 04:42 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\My Received Files
[08/07/2008 04:43 PM | 00,000,581 | ---- | C] () - C:\Documents and Settings\AmerikanMade\My Documents\My Sharing Folders.lnk
[08/09/2008 02:57 AM | R--D | C] - C:\Documents and Settings\AmerikanMade\My Documents\My Videos
[08/18/2008 10:39 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Battlefield 2 Demo
[08/28/2008 01:42 PM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Sprocket
[08/29/2008 02:59 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Battlefield 2
[09/01/2008 04:01 AM | ---D | C] - C:\Documents and Settings\AmerikanMade\My Documents\Bears Pics
[08/07/2008 03:35 PM | 00,001,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Getting Started Demo.lnk
[08/07/2008 03:38 PM | 00,001,940 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[08/07/2008 04:25 PM | 00,000,664 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[08/07/2008 04:41 PM | 00,001,736 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[08/07/2008 04:49 PM | 00,001,507 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[08/08/2008 04:54 AM | 00,001,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/08/2008 04:55 AM | 00,000,734 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/12/2008 12:26 AM | 00,000,630 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[08/19/2008 08:02 PM | 00,000,638 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[08/28/2008 06:20 PM | 00,000,856 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Launch ArmA.lnk
[08/29/2008 01:02 AM | 00,001,723 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[08/29/2008 01:02 AM | 00,001,745 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Play BF2 Online Now!.lnk
[08/29/2008 08:53 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/07/2008 03:36 PM | 00,000,185 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Free AOL & Unlimited Internet.url
[08/07/2008 05:22 PM | 00,000,703 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\ASIO4ALL v2 Off-Line Settings.lnk
[08/07/2008 05:22 PM | 00,000,792 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\FL Studio 8.lnk
[08/07/2008 05:22 PM | 00,000,813 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[08/07/2008 08:19 PM | 00,000,667 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to Launcher.lnk
[08/08/2008 12:40 PM | 00,000,759 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to medieval2.lnk
[08/09/2008 03:29 AM | 00,000,962 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to medieval2_retrofit.lnk
[08/12/2008 02:35 AM | 00,001,789 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Ultimate AI.lnk
[08/18/2008 10:38 PM | 00,001,768 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\Battlefield 2 Demo.lnk
[08/29/2008 05:26 AM | 00,001,734 | ---- | C] () - C:\Documents and Settings\AmerikanMade\Desktop\HijackThis.lnk
[08/07/2008 09:58 AM | 00,000,084 | -HS- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[08/07/2008 03:23 PM | 00,000,084 | -HS- | C] () - C:\Documents and Settings\AmerikanMade\Start Menu\Programs\Startup\desktop.ini
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Common Files\MSSoap
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Common Files\Services
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Common Files\System
[08/07/2008 03:27 PM | ---D | C] - C:\Program Files\Common Files\InstallShield
[08/07/2008 04:55 PM | ---D | C] - C:\Program Files\Common Files\Real
[08/07/2008 04:55 PM | ---D | C] - C:\Program Files\Common Files\xing shared
[08/07/2008 09:58 AM | ---D | C] - C:\Program Files\Common Files\Microsoft Shared
[08/07/2008 09:58 AM | ---D | C] - C:\Program Files\Common Files\ODBC
[08/07/2008 09:58 AM | ---D | C] - C:\Program Files\Common Files\SpeechEngines
[08/08/2008 04:54 AM | ---D | C] - C:\Program Files\Common Files\Adobe
[08/08/2008 04:55 AM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/12/2008 12:25 AM | ---D | C] - C:\Program Files\Common Files\Wise Installation Wizard
[08/25/2008 03:00 AM | ---D | C] - C:\Program Files\Common Files\Macrovision Shared
[08/07/2008 03:04 PM | ---D | C] - C:\Program Files\MSN
[08/07/2008 03:04 PM | ---D | C] - C:\Program Files\Windows NT
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\ComPlus Applications
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Internet Explorer
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Messenger
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Movie Maker
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\MSN Gaming Zone
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\NetMeeting
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Online Services
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Outlook Express
[08/07/2008 03:05 PM | ---D | C] - C:\Program Files\Windows Media Player
[08/07/2008 03:05 PM | -H-D | C] - C:\Program Files\WindowsUpdate
[08/07/2008 03:07 PM | ---D | C] - C:\Program Files\microsoft frontpage
[08/07/2008 03:07 PM | ---D | C] - C:\Program Files\xerox
[08/07/2008 03:23 PM | -H-D | C] - C:\Program Files\Uninstall Information
[08/07/2008 03:26 PM | ---D | C] - C:\Program Files\Intel
[08/07/2008 03:27 PM | ---D | C] - C:\Program Files\Realtek
[08/07/2008 03:27 PM | -H-D | C] - C:\Program Files\InstallShield Installation Information
[08/07/2008 03:33 PM | ---D | C] - C:\Program Files\Creative
[08/07/2008 03:41 PM | ---D | C] - C:\Program Files\Razer
[08/07/2008 04:03 PM | ---D | C] - C:\Program Files\Mozilla Firefox
[08/07/2008 04:13 PM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[08/07/2008 04:22 PM | ---D | C] - C:\Program Files\WinRAR
[08/07/2008 04:25 PM | ---D | C] - C:\Program Files\Winamp
[08/07/2008 04:41 PM | ---D | C] - C:\Program Files\MSN Messenger
[08/07/2008 04:49 PM | ---D | C] - C:\Program Files\AVG
[08/07/2008 04:55 PM | ---D | C] - C:\Program Files\Real
[08/07/2008 05:07 PM | ---D | C] - C:\Program Files\Windows Media Connect 2
[08/07/2008 05:21 PM | ---D | C] - C:\Program Files\Image-Line
[08/07/2008 05:21 PM | ---D | C] - C:\Program Files\Outsim
[08/07/2008 05:22 PM | ---D | C] - C:\Program Files\ASIO4ALL v2
[08/07/2008 05:22 PM | ---D | C] - C:\Program Files\VstPlugins
[08/07/2008 08:13 PM | ---D | C] - C:\Program Files\World of Warcraft
[08/07/2008 09:58 AM | ---D | C] - C:\Program Files\Common Files
[08/08/2008 02:45 AM | ---D | C] - C:\Program Files\SEGA
[08/08/2008 04:54 AM | ---D | C] - C:\Program Files\Adobe
[08/08/2008 08:59 AM | ---D | C] - C:\Program Files\VideoLAN
[08/09/2008 02:34 AM | ---D | C] - C:\Program Files\DAEMON Tools Lite
[08/12/2008 12:26 AM | ---D | C] - C:\Program Files\Ventrilo
[08/18/2008 10:37 PM | ---D | C] - C:\Program Files\EA GAMES
[08/19/2008 08:02 PM | ---D | C] - C:\Program Files\Xfire
[08/25/2008 03:05 AM | ---D | C] - C:\Program Files\Bonjour
[08/25/2008 03:18 AM | ---D | C] - C:\Program Files\DAMN NFO Viewer
[08/28/2008 06:13 PM | ---D | C] - C:\Program Files\Bohemia Interactive
[08/28/2008 06:20 PM | ---D | C] - C:\Program Files\OpenAL
[08/29/2008 05:26 AM | ---D | C] - C:\Program Files\Trend Micro
[08/29/2008 08:53 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
========== Files - Modified Within 30 days ==========
[08/07/2008 03:06 PM | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT
[08/07/2008 03:06 PM | 00,000,000 | ---- | M] () - C:\CONFIG.SYS
[08/07/2008 03:06 PM | 00,000,000 | RHS- | M] () - C:\IO.SYS
[08/07/2008 03:06 PM | 00,000,000 | RHS- | M] () - C:\MSDOS.SYS
[08/07/2008 04:07 PM | 00,047,564 | RHS- | M] () - C:\NTDETECT.COM
[08/07/2008 04:09 PM | 00,000,211 | RHS- | M] () - C:\boot.ini
[08/07/2008 04:48 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/07/2008 04:49 PM | 06,061,540 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg
[08/08/2008 09:35 AM | 00,211,986 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[08/30/2008 10:21 PM | 00,080,727 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg
[09/01/2008 06:15 AM | 26,785,826 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/07/2008 04:15 PM | 00,257,725 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080807-161617.backup
[08/07/2008 04:16 PM | 00,257,725 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080820-113346.backup
[08/20/2008 11:33 AM | 00,260,784 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080829-030251.backup
[08/29/2008 07:36 AM | 00,000,686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080829-075727.backup
[08/29/2008 07:57 AM | 00,262,036 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[08/07/2008 05:06 PM | 00,000,000 | -H-- | M] () - C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[08/07/2008 04:49 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys
[08/07/2008 04:49 PM | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgtdix.sys
[08/09/2008 02:26 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\System32\drivers\sptd.sys
[08/28/2008 04:10 AM | 00,139,600 | ---- | M] () - C:\WINDOWS\System32\drivers\PnkBstrK.sys
[08/29/2008 12:38 AM | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys
[4 C:\WINDOWS\System32\*.tmp files]
[08/07/2008 03:05 PM | 00,021,640 | ---- | M] () - C:\WINDOWS\System32\emptyregdb.dat
[08/07/2008 03:06 PM | 00,002,577 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/07/2008 03:08 PM | 00,000,261 | ---- | M] () - C:\WINDOWS\System32\$winnt$.inf
[08/07/2008 03:23 PM | 00,025,065 | ---- | M] () - C:\WINDOWS\System32\wmpscheme.xml
[08/07/2008 03:30 PM | 00,146,650 | ---- | M] () - C:\WINDOWS\System32\BuzzingBee.wav
[08/07/2008 03:30 PM | 00,940,794 | ---- | M] () - C:\WINDOWS\System32\LoopyMusic.wav
[08/07/2008 03:33 PM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.bak
[08/07/2008 03:35 PM | 00,000,184 | ---- | M] () - C:\WINDOWS\System32\e000001.dat
[08/07/2008 04:49 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll
[08/07/2008 04:55 PM | 00,278,528 | ---- | M] (Real Networks, Inc) - C:\WINDOWS\System32\pncrt.dll
[08/07/2008 05:01 PM | 00,040,196 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/07/2008 05:01 PM | 00,311,934 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/07/2008 05:01 PM | 00,356,120 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/07/2008 05:07 PM | 00,016,832 | ---- | M] () - C:\WINDOWS\System32\amcompat.tlb
[08/07/2008 05:07 PM | 00,023,392 | ---- | M] () - C:\WINDOWS\System32\nscompat.tlb
[08/12/2008 05:07 PM | 00,042,320 | ---- | M] () - C:\WINDOWS\System32\xfcodec.dll
[08/18/2008 10:47 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\System32\PnkBstrA.exe
[08/27/2008 01:33 AM | 01,393,864 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/28/2008 04:10 AM | 00,111,928 | ---- | M] () - C:\WINDOWS\System32\PnkBstrB.exe
[08/28/2008 06:20 PM | 00,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) - C:\WINDOWS\System32\OpenAL32.dll
[08/28/2008 06:20 PM | 00,413,696 | ---- | M] (Creative Labs) - C:\WINDOWS\System32\wrap_oal.dll
[08/29/2008 09:09 AM | 01,335,090 | -HS- | M] () - C:\WINDOWS\System32\nrnywrdn.ini
[08/29/2008 09:35 AM | 00,000,384 | ---- | M] () - C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[08/29/2008 09:35 AM | 00,000,384 | ---- | M] () - C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.dat
[08/29/2008 09:35 AM | 00,001,080 | ---- | M] () - C:\WINDOWS\System32\settings.sfm
[08/29/2008 09:35 AM | 00,001,080 | ---- | M] () - C:\WINDOWS\System32\settingsbkup.sfm
[08/29/2008 09:35 AM | 00,030,528 | ---- | M] () - C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/29/2008 09:35 AM | 00,030,528 | ---- | M] () - C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/29/2008 09:35 AM | 00,031,056 | ---- | M] () - C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/29/2008 09:35 AM | 00,031,056 | ---- | M] () - C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-20021102}.rfx
[08/29/2008 09:36 AM | 00,177,091 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[08/29/2008 09:37 AM | 00,011,815 | ---- | M] () - C:\WINDOWS\System32\CTHELPER.RPT
[08/29/2008 12:36 AM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\*.tmp files]
[08/07/2008 03:05 PM | 00,000,036 | ---- | M] () - C:\WINDOWS\vb.ini
[08/07/2008 03:05 PM | 00,000,037 | ---- | M] () - C:\WINDOWS\vbaddin.ini
[08/07/2008 03:06 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\control.ini
[08/07/2008 03:06 PM | 00,000,749 | RH-- | M] () - C:\WINDOWS\WindowsShell.Manifest
[08/07/2008 03:06 PM | 00,004,161 | ---- | M] () - C:\WINDOWS\ODBCINST.INI
[08/07/2008 03:06 PM | 00,299,552 | ---- | M] () - C:\WINDOWS\WMSysPrx.prx
[08/07/2008 03:22 PM | 00,008,192 | ---- | M] () - C:\WINDOWS\REGLOCS.OLD
[08/07/2008 03:27 PM | 00,015,600 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\gdrv.sys
[08/07/2008 03:37 PM | 00,000,136 | ---- | M] () - C:\WINDOWS\SBWIN.INI
[08/07/2008 03:38 PM | 00,000,099 | ---- | M] () - C:\WINDOWS\È
[08/07/2008 04:03 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\nsreg.dat
[08/07/2008 05:06 PM | 00,316,640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[08/07/2008 05:07 PM | 00,000,517 | ---- | M] () - C:\WINDOWS\win.ini
[08/07/2008 09:58 AM | 00,000,231 | ---- | M] () - C:\WINDOWS\system.ini
[08/14/2008 09:13 PM | 00,000,025 | ---- | M] () - C:\WINDOWS\cdplayer.ini
[08/15/2008 08:02 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/17/2008 11:12 PM | 04,933,048 | ---- | M] () - C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-20021102}.BAK
[08/28/2008 06:20 PM | 00,000,000 | -H-- | M] () - C:\WINDOWS\SwSys1.bmp
[08/28/2008 06:20 PM | 00,000,000 | -H-- | M] () - C:\WINDOWS\SwSys2.bmp
[08/29/2008 04:12 AM | 00,000,095 | ---- | M] () - C:\WINDOWS\wininit.ini
[08/29/2008 09:35 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/29/2008 09:37 AM | 04,933,048 | ---- | M] () - C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-20021102}.CDF
[08/29/2008 09:36 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/07/2008 09:58 AM | 00,000,062 | -HS- | M] () - C:\Documents and Settings\All Users\Application Data\desktop.ini
[08/07/2008 09:58 AM | 00,000,062 | -HS- | M] () - C:\Documents and Settings\AmerikanMade\Application Data\desktop.ini
[08/25/2008 03:49 AM | 00,013,104 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/29/2008 03:46 AM | 05,348,338 | -H-- | M] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\IconCache.db
[09/01/2008 06:26 AM | 00,041,472 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/07/2008 09:58 AM | 00,000,062 | -HS- | M] () - C:\Documents and Settings\All Users\Documents\desktop.ini
[08/28/2008 06:20 PM | 00,002,621 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Global.sw2
[08/07/2008 05:00 PM | 00,000,083 | -HS- | M] () - C:\Documents and Settings\AmerikanMade\My Documents\desktop.ini
[08/30/2008 03:21 AM | 00,000,581 | ---- | M] () - C:\Documents and Settings\AmerikanMade\My Documents\My Sharing Folders.lnk
[08/07/2008 03:35 PM | 00,001,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Getting Started Demo.lnk
[08/07/2008 03:38 PM | 00,001,940 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[08/07/2008 04:25 PM | 00,000,664 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[08/07/2008 04:49 PM | 00,001,507 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[08/07/2008 05:01 PM | 00,001,736 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[08/08/2008 04:54 AM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/08/2008 04:55 AM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/12/2008 12:26 AM | 00,000,630 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[08/19/2008 08:02 PM | 00,000,638 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[08/28/2008 06:20 PM | 00,000,856 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Launch ArmA.lnk
[08/29/2008 01:02 AM | 00,001,745 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Play BF2 Online Now!.lnk
[08/29/2008 08:53 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/30/2008 12:37 AM | 00,001,723 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[08/07/2008 03:36 PM | 00,000,185 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Free AOL & Unlimited Internet.url
[08/07/2008 05:22 PM | 00,000,703 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\ASIO4ALL v2 Off-Line Settings.lnk
[08/07/2008 05:22 PM | 00,000,792 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\FL Studio 8.lnk
[08/07/2008 05:22 PM | 00,000,813 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[08/07/2008 08:19 PM | 00,000,667 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to Launcher.lnk
[08/08/2008 12:40 PM | 00,000,759 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to medieval2.lnk
[08/09/2008 03:29 AM | 00,000,962 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Shortcut to medieval2_retrofit.lnk
[08/12/2008 02:35 AM | 00,001,789 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Ultimate AI.lnk
[08/18/2008 10:38 PM | 00,001,768 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\Battlefield 2 Demo.lnk
[08/29/2008 05:26 AM | 00,001,734 | ---- | M] () - C:\Documents and Settings\AmerikanMade\Desktop\HijackThis.lnk
[08/07/2008 03:06 PM | 00,000,084 | -HS- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[08/07/2008 03:06 PM | 00,000,084 | -HS- | M] () - C:\Documents and Settings\AmerikanMade\Start Menu\Programs\Startup\desktop.ini
< End of report >
AmerikanMade
2008-09-02, 00:37
Here's Extras.txt
OTViewIt Extras logfile created on: 9/1/2008 5:34:07 PM - Run 2
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\AmerikanMade\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.68% Memory free
3.35 Gb Paging File | 2.56 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 79.15 Gb Free Space | 33.99% Space Free | Partition Type: NTFS
Drive D: | 152.66 Gb Total Space | 29.82 Gb Free Space | 19.53% Space Free | Partition Type: NTFS
Drive E: | 671.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[08/29/2008 12:38 AM | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[08/29/2008 12:37 AM | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[07/02/2008 08:52 PM | 00,307,712 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[08/07/2008 04:55 PM | 00,214,560 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2
[06/07/2005 03:24 PM | 06,011,392 | ---- | M] ()
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
[08/12/2008 05:07 PM | 03,065,168 | ---- | M] (Xfire Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\Bohemia Interactive\ArmA\arma.exe" = C:\Program Files\Bohemia Interactive\ArmA\arma.exe:*:Enabled:ArmA
[08/28/2008 06:20 PM | 01,216,512 | ---- | M] ()
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
[09/26/2006 05:53 PM | 07,574,463 | ---- | M] ()
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" %*
========== Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [02/28/2006 12:42 PM | 00,094,208 | ---- | M] (Apple Computer, Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
========== HKEY_LOCAL_MACHINE Protocol Defaults ==========
========== HKEY_CURRENT_USER Protocol Defaults ==========
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
========== Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM - XPLPPFilter Class]
[08/07/2008 04:49 PM | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll
msdaipp: [HKLM - No CLSID value]
========== Protocol Filters ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"ArmA" = ArmA Uninstall
"ASIO4ALL" = ASIO4ALL
"AVG8Uninstall" = AVG Free 8.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FL Studio 8" = FL Studio 8
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 9 (KB911565)
"KB913433" = Security Update for Windows XP (KB913433)
"KB923689" = Security Update for Windows XP (KB923689)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942763" = Update for Windows XP (KB942763)
"KB946648" = Security Update for Windows XP (KB946648)
"KB950759" = Security Update for Windows XP (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838" = Security Update for Windows XP (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"RealPlayer 6.0" = RealPlayer
"Toxic Biohazard" = Toxic Biohazard
"Ultimate AI" = Ultimate AI
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
========== HKEY_USERS Uninstall List ==========
========== HKEY_USERS Uninstall List ==========
========== HKEY_USERS Uninstall List ==========
========== HKEY_USERS Uninstall List ==========
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1123561945-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/10/2008 9:51:53 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
uisy3201.dll, version 0.1.1.45, fault address 0x0003a45f.
Error - 8/11/2008 6:48:23 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
rpmn3260.dll, version 6.0.10.44, fault address 0x0005a8f2.
Error - 8/15/2008 5:18:26 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.
Error - 8/22/2008 7:04:57 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x000d4eef.
Error - 8/23/2008 9:35:16 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Hang
Description = Hanging application realplay.exe, version 11.0.0.453, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/23/2008 9:57:33 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000109f9.
Error - 8/24/2008 10:09:21 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00011669.
Error - 8/25/2008 3:58:37 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00011669.
Error - 8/25/2008 11:18:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Application Error
Description = Faulting application realplay.exe, version 11.0.0.453, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00011669.
Error - 8/29/2008 8:18:49 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Spybot - Search & Destroy
Description =
[ Security Events ]
[ System Events ]
Error - 8/29/2008 12:31:12 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = BEAR-N7E5YNP0TL\AmerikanMade - Source = DCOM
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends
on the TCP/IP Protocol Driver service which failed to start because of the following
error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 8/29/2008 12:31:31 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
Error - 8/30/2008 5:32:45 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = BEAR-N7E5YNP0TL\AmerikanMade - Source = DCOM
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 8/30/2008 5:33:20 AM - Computer Name = BEAR-N7E5YNP0TL - User Name = BEAR-N7E5YNP0TL\AmerikanMade - Source = DCOM
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 8/30/2008 6:03:51 PM - Computer Name = BEAR-N7E5YNP0TL - User Name = User SID not found - Source = Schannel
Description = The certificate received from the remote server has expired. The SSL
connection request has failed. The attached data contains the server certificate.
< End of report >
Go to Start > Run
Type regedit and click OK.
On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.
Open Notepad and copy the contents of the following box to a new file.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbYpQh]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
Save it as fix.reg (save type: "All files" (*.*)) to your desktop.
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Go to Desktop, double-click fix.reg and merge the infomation with the registry.
Reboot.
Post a fresh HijackThis log.
AmerikanMade
2008-09-02, 23:20
Here's my new hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:35 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FAD232F6-9956-45C7-847F-E6AF01862A29} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218142267093
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - (no file)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5728 bytes
Please make sure that all programs are closed when installing Java.
Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java Runtime Environment (JRE) 6 Update 7. Click on Download.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
Double click on jre-6u7-windows-i586-p.exe to install Java.
After the Java installation has finished, please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.