Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Virus's


  • This topic is locked This topic is locked
21 replies to this topic

#1 FallenAnzel

FallenAnzel

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:C.A.
  • Local time:10:50 PM

Posted 22 September 2008 - 10:39 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:18 PM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Fallen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\program files\steam\steam.exe
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\DOCUME~1\Fallen\LOCALS~1\Temp\a..exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Fallen\LOCALS~1\Temp\b.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DCE8929-CC5F-48F5-9626-8359BCCB7CBE} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Screenshot Captor] "C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Fallen\LOCALS~1\Temp\a..exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205905127053
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
O20 - Winlogon Notify: urqNDVmj - urqNDVmj.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c912e355531d1a) (gupdate1c912e355531d1a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 13698 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:50 PM

Posted 03 October 2008 - 02:40 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 FallenAnzel

FallenAnzel
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:C.A.
  • Local time:10:50 PM

Posted 03 October 2008 - 06:40 PM

Thanks for responding here are the tests.
OTViewIt.txt:

OTViewIt logfile created on: 10/3/2008 4:09:00 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Fallen\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 109.68 Mb Available Physical Memory | 10.72% Memory free
2.40 Gb Paging File | 1.70 Gb Available in Paging File | 70.56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 12.88 Gb Free Space | 16.80% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.92% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FALLEN-96160EF0
Current User Name: Fallen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/24 11:31:06 | 00,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
[2008/07/22 03:11:25 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/03/22 21:34:30 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/09/06 14:31:35 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/09/06 13:11:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[2008/05/12 17:55:07 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2005/08/15 16:48:19 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WtSrv.exe
[2007/11/27 16:46:32 | 00,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
[2008/07/02 07:39:09 | 01,155,072 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
[2005/05/10 18:31:22 | 00,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\stardock\SDMCP.exe
[2008/06/20 09:09:12 | 00,329,984 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
[2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/06/20 09:09:06 | 00,493,312 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
[2008/04/13 17:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2008/06/23 01:04:07 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/06/20 21:42:20 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/08/14 16:44:14 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
[2008/08/24 14:10:52 | 01,271,032 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
[2007/10/07 21:38:26 | 06,422,016 | ---- | M] (DonationCoder) -- C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
[2008/02/27 12:53:42 | 00,587,568 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/27 01:56:26 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2008/07/16 21:24:07 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/03 16:08:28 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fallen\My Documents\OTViewIt.exe
[2008/09/06 14:30:17 | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe

========== (O23) Win32 Services ==========

[2008/07/22 03:11:25 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/03/22 21:34:30 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/04/13 17:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/03/21 14:44:18 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/09/06 13:11:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c912e355531d1a [Auto | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/09/06 14:31:35 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/07/02 07:39:09 | 01,155,072 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/05/12 17:55:07 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
[2006/05/24 11:31:06 | 00,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService [Auto | Running])
[2008/06/27 01:56:26 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2008/09/15 02:50:47 | 01,261,568 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -- (VSSERV [Auto | Stopped])
[2005/08/15 16:48:19 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WtSrv.exe -- (WinTabService [Auto | Running])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2007/11/27 16:46:32 | 00,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])

========== Driver Services ==========

[2007/02/06 00:22:45 | 00,068,672 | R--- | M] (2Wire, Inc.) -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP [On_Demand | Running])
[2005/06/20 22:08:44 | 02,324,480 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2008/01/25 15:40:56 | 00,156,688 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
[2008/01/16 14:12:10 | 00,008,320 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
[2008/04/13 11:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2004/03/12 22:41:28 | 00,156,800 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d346bus.sys -- (d346bus [Boot | Running])
[2004/03/12 22:41:42 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d346prt.sys -- (d346prt [Boot | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/01/14 03:06:32 | 00,021,632 | ---- | M] (ManyCam LLC.) -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam [On_Demand | Running])
[2008/02/18 17:29:16 | 00,096,256 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])
[2008/04/13 11:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/04/13 11:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2008/04/13 11:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2007/12/05 01:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/08/18 17:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2005/04/06 03:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped])
[2005/04/06 03:22:30 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/02/28 05:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2008/04/13 11:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2007/07/12 00:32:44 | 00,012,800 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
[2006/02/28 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/03/21 13:30:04 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 11:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2008/05/20 16:21:39 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/04/13 11:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2005/10/31 14:44:39 | 00,010,880 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper [System | Running])
[2005/08/15 16:48:19 | 00,015,370 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\Tablet2k.sys -- (Tablet2k [On_Demand | Stopped])
[2005/08/15 16:48:19 | 00,023,202 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k [On_Demand | Stopped])
[2007/07/10 07:00:42 | 00,036,736 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
[2005/08/15 16:48:19 | 00,011,090 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid [On_Demand | Stopped])
[2008/04/13 11:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/13 11:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
[2008/02/20 20:17:32 | 00,040,928 | ---- | M] () -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv [System | Running])
[2008/02/20 20:17:40 | 00,027,776 | ---- | M] (innotek GmbH) -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon [System | Running])
[2001/12/19 11:45:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom [System | Running])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2008/04/13 11:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\XDva090.sys -- (XDva090 [On_Demand | Stopped])
[2007/08/28 17:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/?wl=true

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=msn

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}" (HKLM) -- C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/?wl=true

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=msn

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}" (HKLM) -- C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (687 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{1DCE8929-CC5F-48F5-9626-8359BCCB7CBE} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (HKLM) -- C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} (HKLM) -- C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{77D7E795-33C5-4323-974D-A2A49AB75517} (HKLM) -- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll (Google Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
{C14E6230-757D-4246-81CE-B34E2940C722} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{C333CF63-767F-4831-94AC-E683D962C63C} (HKLM) -- C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (HKLM) -- C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll (Google Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{F156768E-81EF-470C-9057-481BA8380DBA} (HKLM) -- C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}" (HKLM) -- C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" (BitDefender)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" ()
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" ()
"Screenshot Captor"="C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun (DonationCoder)
"Steam"="c:\program files\steam\steam.exe" -silent (Valve Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE File not found
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE File not found
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" ()
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" ()
"Screenshot Captor"="C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun (DonationCoder)
"Steam"="c:\program files\steam\steam.exe" -silent (Valve Corporation)

========== (O4) Startup Folders ==========

[2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[2007/10/21 17:26:52 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Fallen\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AIM Search: c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html [2006/09/07 13:59:50 | 00,000,747 | ---- | M] ()
&Download All with FlashGet: C:\Program Files\FlashGet\JC_ALL.HTM [2007/05/18 09:13:10 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\FlashGet\JC_LINK.HTM [2007/05/18 09:13:10 | 00,001,898 | ---- | M] ()
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 12:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/06/20 14:37:18 | 09,068,544 | R--- | M] (Microsoft Corporation)
Sothink SWF Catcher: C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm [2008/04/22 16:00:00 | 00,000,191 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}: &Gears Settings -- C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll (Google Inc.)
{3369AF0D-62E9-4bda-8103-B4C75499B578}: AIM Toolbar -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E}: Fiddler2 -- C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E}: Fiddler2 -- C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: FlashGet -- C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: FlashGet -- C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: Sothink SWF Catcher -- C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: Sothink SWF Catcher -- C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1205905127053 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{08BEAF95-D4F5-4D42-978A-B1A61A3C9562} (Servers: | Description: )
{358639AC-1FBE-410A-AF09-653F851B1492} (Servers: | Description: )
{4609EAF6-0642-4433-947C-DF4EAFAA79E2} (Servers: | Description: 2Wire PC Port)
{4957592D-018E-43D4-8912-1E5259807DFD} (Servers: | Description: 2Wire PC Port)
{508F9565-6E9B-431A-8F52-EC8AC44635E3} (Servers: | Description: 2Wire PC Port)
{A32F8AEC-562F-4CE9-A41C-03BDDA5EE924} (Servers: | Description: 2Wire PC Port)
{E69C78D6-3655-4246-A83A-3CFEE09A2A8B} (Servers: | Description: 1394 Net Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\program,files\premieropinion\pmai.dll,c:\program files\premieropinion\pmai.dll
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found -- c:\program files\premieropinion\pmai.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UIHost"=C:\Program Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE
>File not found --
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
MCPClient: "DllName" = C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll -- C:\Program Files\Common Files\stardock\MCPStub.dll (Stardock)
PremierOpinion: "DllName" = C:\Program Files\PremierOpinion\pmls.dll -- C:\Program Files\PremierOpinion\pmls.dll File not found
urqNDVmj: "DllName" = urqNDVmj.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C14E6230-757D-4246-81CE-B34E2940C722}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\tuvWmlMG,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

Autodesk []
[2008/04/13 14:46:06 | 00,000,000 | ---D | M] -- C:\Autodesk -- [ NTFS ]

AUTOEXEC.BAT []
[2008/03/18 23:16:48 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | open=OblivionLauncher.exe | icon=Oblivion.ico | ]
[2005/11/21 10:26:21 | 00,000,057 | R--- | M] () -- D:\autorun.inf -- [ UDF ]

autorun.inf [[autorun] | OPEN=Start.exe | shellexecute=Start.exe | shell=Auto | shell\Auto=&Autoplay | shell\Auto\command=Start.exe | ]
[2008/09/09 22:35:02 | 00,000,115 | -HS- | M] () -- E:\autorun.inf -- [ FAT ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}\Shell\AutoRun\command]
""=H:\TrueCrypt\TrueCrypt.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}\Shell\dismount\command]
""=H:\TrueCrypt\TrueCrypt.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}\Shell\mount\command]
""=H:\TrueCrypt\TrueCrypt.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}\Shell\open\command]
""=H:\TrueCrypt\TrueCrypt.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Fallen\My Documents\*.tmp files]
[2008/10/03 16:08:27 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fallen\My Documents\OTViewIt.exe
[2008/10/03 15:54:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2008/10/02 18:03:54 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/10/02 18:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/10/02 18:01:44 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\WindowsXP-KB936929-SP3-x86-ENU.exe
[2008/10/02 18:01:32 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/10/02 18:01:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/10/02 17:57:42 | 25,740,144 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\wmp11-windowsxp-x86-enu.exe
[2008/10/01 20:46:43 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Unorginal!.fla
[2008/10/01 16:44:13 | 00,327,337 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\sonic.rar
[2008/10/01 16:43:53 | 00,037,486 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\alexkidd.rar
[2008/10/01 16:18:17 | 01,044,480 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Sega Project.fla
[2008/10/01 15:58:43 | 01,381,271 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\133985_rayfrard.mp3
[2008/10/01 15:51:56 | 02,732,951 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\162678_DV_Two_Sided.mp3
[2008/10/01 15:50:11 | 04,331,645 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\169856_DV_The_Days_We_Remember.mp3
[2008/09/30 22:39:02 | 04,891,216 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\Silverlight.2.0.exe
[2008/09/30 21:09:57 | 01,152,235 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ActRaiser 2.7z
[2008/09/30 18:14:43 | 00,173,896 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links Adv Re.swf
[2008/09/30 17:39:38 | 00,045,380 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ootganondorf.png
[2008/09/30 17:21:09 | 00,007,403 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\-577917066Advanced_Vcam.fla.zip
[2008/09/30 16:36:52 | 00,041,860 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv_Scene 1.swf
[2008/09/30 16:35:15 | 00,000,000 | ---D | C] -- C:\Program Files\Sprite Builder
[2008/09/30 16:34:48 | 00,936,034 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\spritebuildersetup.exe
[2008/09/30 16:29:08 | 08,666,624 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv. RE.fla
[2008/09/30 15:44:21 | 02,686,349 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\89111_Ordon_Mix_1.mp3
[2008/09/30 15:42:58 | 00,256,023 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Older link.png
[2008/09/29 19:49:06 | 00,026,598 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Chasing_The_Rainbow.mp3
[2008/09/29 19:48:25 | 00,037,515 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\America - 02 - I Need You.mp3
[2008/09/29 19:05:44 | 00,004,505 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Flash_V--_redesig-10378.zip
[2008/09/29 18:42:56 | 00,084,524 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Duck Tales (U).zip
[2008/09/29 18:22:44 | 00,160,651 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Dick Kids (MC Kids Hack).zip
[2008/09/29 18:22:21 | 00,084,332 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Dick Tracy (U).zip
[2008/09/28 16:38:20 | 00,001,113 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\fs.gif
[2008/09/28 16:21:09 | 01,632,465 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\156593_Windmill_song.mp3
[2008/09/28 16:18:21 | 00,002,204 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\links adv.gif
[2008/09/28 15:58:56 | 00,160,002 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv.swf
[2008/09/28 15:22:32 | 00,001,635 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\aos-winged_skeleton.gif
[2008/09/28 14:13:22 | 00,001,944 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_north.gif
[2008/09/28 13:56:34 | 00,073,216 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Template.fla
[2008/09/28 13:46:04 | 00,001,421 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Marle_battlestance_right.gif
[2008/09/28 13:36:56 | 02,706,620 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\147112_The_Legend_of_Zelda___A_Li.mp3
[2008/09/28 13:32:41 | 03,402,105 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\97234_Epic_but_Lost.mp3
[2008/09/28 13:32:12 | 01,622,851 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\157645_fairy_fountain.mp3
[2008/09/28 13:26:50 | 00,022,696 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\loud_Exp-Ivan-8050_hifi.mp3
[2008/09/28 13:25:47 | 00,008,286 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Explosio-Public_D-wav-201.zip
[2008/09/28 13:12:48 | 00,026,578 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Explosion1.gif
[2008/09/28 13:06:47 | 00,416,911 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\173370_random_stuff.mp3
[2008/09/28 13:06:15 | 07,429,141 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\107386_Falling_Farther__Trance_Re.mp3
[2008/09/28 13:04:56 | 03,543,374 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\170276_Burn_The_Skies.mp3
[2008/09/28 12:33:24 | 00,001,404 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Marle_walk_down.gif
[2008/09/28 12:26:11 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Marle_cry_up.gif
[2008/09/28 12:25:49 | 00,001,079 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Marle_happy.gif
[2008/09/28 12:14:13 | 02,841,620 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\138780_Zelda___ALTTP___Town__Rema.mp3
[2008/09/28 12:04:43 | 00,002,087 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_south.gif
[2008/09/28 12:04:28 | 00,002,218 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_west.gif
[2008/09/28 12:04:09 | 00,002,225 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_east.gif
[2008/09/28 11:55:12 | 00,057,933 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LuccasParentsRoom.gif
[2008/09/28 11:41:55 | 00,810,757 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\113801_SDZeta___Forest.mp3
[2008/09/28 11:39:42 | 00,792,367 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\158366_song_of_storms.mp3
[2008/09/28 11:38:13 | 00,047,237 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv_Part3.swf
[2008/09/28 11:29:13 | 00,010,462 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\museum6.png
[2008/09/27 19:09:34 | 00,277,970 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\links adv.3.swf
[2008/09/27 18:21:49 | 00,070,041 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ng_alternate_preloader.zip
[2008/09/27 18:20:16 | 08,993,574 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv3.swf
[2008/09/27 18:18:11 | 00,268,811 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links ad3.swf
[2008/09/27 17:33:07 | 00,008,321 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\AC_RunActiveContent.js
[2008/09/27 17:33:07 | 00,002,011 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv.html
[2008/09/27 17:00:26 | 00,001,492 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_shieldA_south.gif
[2008/09/27 16:59:09 | 00,002,160 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkG_walk_south.gif
[2008/09/27 16:49:52 | 00,019,171 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ZombieMale_exploding.gif
[2008/09/27 16:47:41 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkGB1_slash_right.gif
[2008/09/27 16:43:02 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkGN_walk_front.gif
[2008/09/27 16:32:12 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkGN_walk_right.gif
[2008/09/27 16:29:03 | 00,003,974 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ZombieMale_rise.gif
[2008/09/27 16:12:13 | 00,040,379 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Explosion2.gif
[2008/09/27 16:08:07 | 00,073,883 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\animation-skill-monsterrider-effect1.png
[2008/09/27 16:06:14 | 00,061,362 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\animation-skill-echoofhero-effect.png
[2008/09/27 15:48:10 | 00,004,288 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WeakGreenSoldier_look_left.gif
[2008/09/27 15:33:17 | 00,000,404 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WeakGreenSoldier_up.gif
[2008/09/27 15:11:12 | 00,122,827 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\tooltips.zip
[2008/09/27 15:04:30 | 00,001,453 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Test.html
[2008/09/27 15:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\My Documents\Scripts
[2008/09/27 15:01:07 | 00,371,056 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\afe.zip
[2008/09/27 15:00:59 | 04,574,042 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\advancedae.zip
[2008/09/27 14:49:11 | 00,319,359 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Movie.flv
[2008/09/27 14:48:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\My Documents\ImTOO Software Studio
[2008/09/27 14:48:09 | 00,548,864 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\prototype.fla
[2008/09/27 14:48:09 | 00,000,956 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ScrollBar.as
[2008/09/27 14:48:09 | 00,000,438 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ScrollBox.as
[2008/09/27 14:48:09 | 00,000,309 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ScrollBarEvent.as
[2008/09/27 14:47:36 | 00,477,135 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\oopscroll2.zip
[2008/09/27 14:47:23 | 05,639,009 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\as3preloader.zip
[2008/09/27 14:46:43 | 00,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2008/09/27 14:45:57 | 14,509,928 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\flv-converter-standard-41214.exe
[2008/09/27 14:45:38 | 02,617,323 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Pazera_Free_FLV_to_AVI_Converter.zip
[2008/09/27 14:42:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_7(2).zip
[2008/09/27 14:42:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_7.zip
[2008/09/27 14:41:25 | 00,178,710 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_8.zip
[2008/09/27 14:21:06 | 00,069,120 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\OS_bobble_v1.1.fla
[2008/09/27 14:20:10 | 00,055,940 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\saltas.zip
[2008/09/27 13:56:07 | 00,011,335 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\~449208_inquisitive_dave.flp
[2008/09/27 13:56:01 | 00,014,520 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\DaveTheGuy.as
[2008/09/27 13:56:01 | 00,003,026 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Wizard.as
[2008/09/27 13:56:01 | 00,002,941 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ClockCounter.as
[2008/09/27 13:56:01 | 00,002,875 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MusicManager.as
[2008/09/27 13:56:01 | 00,002,838 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\SoundEffectManager.as
[2008/09/27 13:56:01 | 00,002,688 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\TransitionHold.as
[2008/09/27 13:56:01 | 00,002,571 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Chicken.as
[2008/09/27 13:56:01 | 00,002,485 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WizardFull.as
[2008/09/27 13:56:01 | 00,001,954 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\FloatyPlat.as
[2008/09/27 13:56:01 | 00,001,070 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\SoundHolderFirstLevel.as
[2008/09/27 13:56:01 | 00,001,064 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MusicHolderFirstLevel.as
[2008/09/27 13:56:01 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\AnimatedObject.as
[2008/09/27 13:56:01 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WaterElectric.as
[2008/09/27 13:56:01 | 00,000,413 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WaterEffect.as
[2008/09/27 13:56:01 | 00,000,201 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WaterFallClip.as
[2008/09/27 13:56:01 | 00,000,201 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\CrackEyesClip.as
[2008/09/27 13:56:01 | 00,000,199 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\FloatyPlatform.as
[2008/09/27 13:56:01 | 00,000,195 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\GuyRunning.as
[2008/09/27 13:56:01 | 00,000,193 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\FaderHold.as
[2008/09/27 13:56:01 | 00,000,191 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\TimerClip.as
[2008/09/27 13:56:01 | 00,000,189 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\AntDust.as
[2008/09/27 13:56:01 | 00,000,183 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Cloudy.as
[2008/09/27 13:56:01 | 00,000,182 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Tsicken.as
[2008/09/27 13:56:01 | 00,000,177 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Guy.as
[2008/09/27 13:56:00 | 00,003,042 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\GameData.as
[2008/09/27 13:56:00 | 00,002,865 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MessageWrite.as
[2008/09/27 13:56:00 | 00,002,772 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Gator.as
[2008/09/27 13:56:00 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WhirlyBolt.as
[2008/09/27 13:56:00 | 00,000,494 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Clip_Start.as
[2008/09/27 13:55:00 | 13,946,880 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\~449208_inquisitive_dave.fla
[2008/09/27 13:50:15 | 05,489,088 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\449208_inquisitive_dave.swf
[2008/09/27 13:26:45 | 81,225,728 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv. 3.fla
[2008/09/26 19:41:36 | 00,028,081 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\avgn_pic.jpg
[2008/09/26 19:39:59 | 00,061,827 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Street-Fighter-Quotes-1.0(2).plsc
[2008/09/26 19:33:38 | 00,022,537 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MSN_Text_Flooder.zip
[2008/09/26 19:32:09 | 00,013,583 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Msn_spam.zip
[2008/09/26 16:18:07 | 00,260,207 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 6 (U).zip
[2008/09/26 16:17:52 | 00,267,592 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 5 (U).zip
[2008/09/26 16:17:38 | 00,294,825 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 4 (U).zip
[2008/09/26 16:16:58 | 00,223,414 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 3 (U) [!].zip
[2008/09/26 16:16:46 | 00,135,874 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 2 (U).zip
[2008/09/25 18:02:06 | 00,432,694 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\crysis 2.jpg
[2008/09/25 18:01:53 | 00,661,244 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\wallpaper.jpg
[2008/09/25 18:00:34 | 00,372,394 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\123.jpg
[2008/09/24 20:35:07 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Fallen\My Documents\My Webs
[2008/09/24 20:34:10 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MLA_Template_for_CA_Myth_of_origin.doc
[2008/09/24 20:33:48 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Geography_Creat-A-Myth_Rubric.xls
[2008/09/23 21:21:33 | 00,000,000 | ---D | C] -- C:\Program Files\PrevxCSI
[2008/09/23 21:20:56 | 00,618,040 | ---- | C] (Prevx) -- C:\Documents and Settings\Fallen\My Documents\PREVXCSIFREE.EXE
[2008/09/23 21:19:15 | 49,996,376 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Fallen\My Documents\avg_free_stf_en_8_169a1359(2).exe
[2008/09/23 20:57:51 | 00,210,416 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\zaSetup_en(2).exe
[2008/09/23 20:42:13 | 07,281,784 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\windows-kb890830-v2.2.exe
[2008/09/23 20:16:01 | 00,007,071 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Free-Stuff.html
[2008/09/23 20:00:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\My Documents\images
[2008/09/23 19:45:44 | 01,857,468 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Template.psd
[2008/09/23 19:39:22 | 00,887,904 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\psd_tut1.zip
[2008/09/23 19:04:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/09/23 19:04:16 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/09/23 19:04:15 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/09/23 19:04:15 | 00,352,855 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/09/23 19:03:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/09/23 19:01:05 | 00,210,416 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\zaSetup_en.exe
[2008/09/23 16:06:39 | 00,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crysis WARHEAD.lnk
[2008/09/23 15:55:57 | 00,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/23 15:55:53 | 00,000,000 | ---D | C] -- C:\ProgramData
[2008/09/23 15:54:39 | 00,868,080 | ---- | C] (Sony DADC Austria AG) -- C:\Documents and Settings\Fallen\My Documents\PAUL(2).DLL
[2008/09/22 20:38:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Fallen\Desktop\HijackThis.lnk
[2008/09/22 20:38:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/22 20:28:33 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Fallen\My Documents\HJTInstall.exe
[2008/09/22 19:59:40 | 00,125,956 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll
[2008/09/22 18:07:39 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Fallen\Desktop\Spybot - Search & Destroy.lnk
[2008/09/22 18:07:25 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/09/22 18:04:08 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Fallen\My Documents\spybotsd160.exe
[2008/09/22 17:59:07 | 00,000,928 | ---- | C] () -- C:\Documents and Settings\Fallen\Desktop\Kaspersky Anti-Virus 2009.lnk
[2008/09/21 23:51:19 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/09/21 23:51:19 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/09/21 23:50:43 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2008/09/21 23:50:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/09/21 23:50:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/09/21 23:25:48 | 00,000,000 | ---D | C] -- C:\!KillBox
[2008/09/21 23:25:44 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Fallen\My Documents\KillBox.exe
[2008/09/21 23:04:54 | 49,996,376 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Fallen\My Documents\avg_free_stf_en_8_169a1359.exe
[2008/09/21 23:00:47 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\New
[2008/09/21 21:34:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\My Documents\My Games
[2008/09/21 21:33:01 | 06,153,760 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/09/21 21:33:01 | 00,540,704 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/09/21 21:33:01 | 00,049,156 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/09/21 21:33:01 | 00,002,928 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/09/21 21:30:00 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/09/21 21:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/09/21 21:14:43 | 33,138,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Fallen\My Documents\kav8.0.0.454en.exe
[2008/09/21 19:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\SopCast
[2008/09/21 19:46:32 | 01,363,514 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\clip0006.avi
[2008/09/21 19:46:05 | 09,678,704 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\clip0005.avi
[2008/09/21 19:43:18 | 03,168,382 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\SopCast.zip
[2008/09/21 19:32:49 | 00,000,000 | ---D | C] -- C:\Program Files\SAV
[2008/09/21 19:15:58 | 04,522,490 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ashley tisdale - never gonna give you up.mp3
[2008/09/21 18:26:39 | 00,000,000 | ---D | C] -- C:\Program Files\GameSpy
[2008/09/21 18:11:49 | 00,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crysis.lnk
[2008/09/21 11:59:08 | 00,198,061 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\001.jpg
[2008/09/20 19:01:32 | 01,315,628 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\DarkWing Duck - Theme.wav
[2008/09/20 19:00:43 | 00,601,744 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\2 Stupid Dogs - Theme.wav
[2008/09/20 18:59:48 | 01,442,348 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MagicBus - Theme.wav
[2008/09/20 18:58:35 | 01,351,090 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Gargoyles - Theme.wav
[2008/09/20 18:57:02 | 00,635,084 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Cow & Chicken - Theme.wav
[2008/09/20 16:16:06 | 00,075,264 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Sam and Max.fla
[2008/09/19 19:16:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Application Data\GarageGames
[2008/09/15 19:41:57 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\The Story of Creation.doc
[2008/09/15 18:47:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/15 18:46:32 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2008/09/15 18:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2008/09/15 18:46:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2008/09/15 18:45:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2008/09/15 18:45:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008/09/15 18:39:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Desktop\Microsoft Office
[2008/09/15 15:17:52 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/15 15:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/15 15:17:20 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/15 15:17:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/12 15:42:26 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/09/12 15:41:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/11 23:16:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/11 23:16:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/11 23:16:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/11 23:16:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/11 23:13:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/11 23:11:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/09/11 23:08:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/11 23:07:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/09/11 21:09:36 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/09/11 21:09:34 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/09/11 21:09:34 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/09/11 21:09:33 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/09/11 21:09:33 | 00,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2008/09/11 21:09:33 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2008/09/11 21:09:33 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/09/11 21:09:33 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/09/11 21:09:32 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/09/11 21:09:32 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/09/11 21:09:32 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/09/11 21:09:32 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/09/11 21:09:32 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/09/11 21:09:32 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/09/11 21:09:31 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/09/11 21:09:31 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/09/11 21:09:31 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/09/11 21:09:31 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2008/09/11 21:09:30 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/09/11 21:09:29 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/11 21:09:29 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/09/11 21:09:29 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/09/11 21:09:29 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/09/11 21:09:29 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/09/11 21:09:29 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/09/11 21:09:29 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/09/11 21:09:29 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/09/11 21:09:29 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/09/11 21:09:29 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/09/11 21:09:29 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/09/11 21:09:24 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/09/11 21:09:24 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/09/11 21:09:24 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/09/11 21:09:24 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/11 21:09:24 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/09/11 21:09:22 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/11 21:09:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/11 21:09:19 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/11 21:09:19 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/11 21:09:19 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/11 21:09:18 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/09/11 21:09:18 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/09/11 21:09:18 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/09/11 21:09:18 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/09/11 21:09:18 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/09/11 21:09:18 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/09/11 21:09:16 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/09/11 21:09:16 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/09/11 21:09:16 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/09/11 21:09:16 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/09/11 21:09:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/11 21:09:11 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/11 21:09:10 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2008/09/11 21:09:10 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/11 21:09:10 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/09/11 21:09:10 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/09/11 21:09:07 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/11 21:09:07 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/11 21:09:04 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/09/11 21:09:03 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/11 21:09:03 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2008/09/11 21:09:03 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/11 21:09:03 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/11 21:09:02 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/11 21:09:01 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/11 21:09:00 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/11 21:09:00 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/11 21:08:59 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/11 21:08:58 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/09/11 21:08:58 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/09/11 21:08:58 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/09/11 21:08:58 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/09/11 21:08:58 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/09/11 21:08:58 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/09/11 21:08:58 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/09/11 21:08:58 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/09/11 21:08:58 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/09/11 21:08:58 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/09/11 21:08:58 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/09/11 21:08:58 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/09/11 21:08:58 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/09/11 21:08:58 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/09/11 21:08:58 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/09/11 21:08:58 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/09/11 21:08:55 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/11 21:08:52 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/09/11 21:08:49 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/09/11 21:08:49 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/09/11 21:08:48 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/11 21:08:47 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/11 21:08:47 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/11 21:08:47 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/11 21:08:45 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/11 21:08:45 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/11 21:08:43 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/11 21:08:43 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/11 21:08:33 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2008/09/11 21:08:32 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/09/11 21:08:32 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/09/11 21:08:32 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/09/11 21:08:30 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/11 21:08:30 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/11 21:08:30 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/11 21:08:30 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/11 21:08:27 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/09/11 21:08:17 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2008/09/11 21:08:17 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/11 21:08:16 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/11 21:08:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/11 21:08:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/11 21:08:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/11 21:08:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/11 21:08:09 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/11 21:08:06 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/11 21:08:06 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/11 21:08:04 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/11 21:08:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/11 21:08:01 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/09/11 21:07:59 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/11 21:07:59 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/11 21:07:59 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/11 21:07:59 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/11 21:07:59 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/11 21:07:59 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/11 21:07:59 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/11 21:07:59 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/11 21:07:56 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/11 21:07:56 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/11 21:07:56 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/11 21:07:56 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/11 21:07:56 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/11 21:07:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/11 21:07:56 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/11 21:07:55 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2008/09/11 21:07:54 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/11 21:07:54 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/11 21:07:54 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/11 21:07:52 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/11 21:07:51 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/09/11 21:07:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/11 21:07:51 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/09/11 21:07:51 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/09/11 21:07:51 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/09/11 21:07:50 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2008/09/11 21:07:50 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/09/11 21:07:50 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/09/11 21:07:49 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/09/11 21:07:49 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/09/11 21:07:49 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/09/11 21:07:46 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/11 21:07:46 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/11 21:07:46 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/11 21:07:46 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/11 21:07:46 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/09/11 21:07:45 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/11 21:07:44 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/11 21:07:40 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/11 21:07:39 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/11 21:07:39 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/11 21:07:37 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/11 18:44:13 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2008/09/10 22:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2008/09/10 20:38:25 | 00,340,772 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Normal Picture.jpg
[2008/09/09 22:00:40 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/09/09 16:56:30 | 11,895,220 | ---- | C] (PortableTurk.com) -- C:\Documents and Settings\Fallen\Desktop\LimeWire PRO 4.18.6.exe
[2008/09/09 16:56:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Application Data\Thinstall
[2008/09/08 15:49:57 | 00,001,142 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/08 15:49:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Local Settings\Application Data\Downloaded Installations
[2008/09/08 15:32:22 | 00,000,000 | ---D | C] -- C:\Program Files\EA Games
[2008/09/08 15:32:21 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2008/09/08 15:32:21 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2008/09/08 15:32:21 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2008/09/08 15:32:20 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2008/09/08 15:32:18 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2008/09/08 15:32:15 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2008/09/08 15:31:50 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2008/09/08 15:31:49 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2008/09/08 15:31:45 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2008/09/08 15:31:45 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2008/09/08 15:31:42 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2008/09/08 15:25:33 | 00,000,000 | ---D | C] -- C:\Program Files\RADVideo
[2008/09/08 15:13:41 | 00,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2008/09/08 15:09:24 | 00,286,208 | ---- | C] () -- C:\WINDOWS\System\binkw32.dll
[2008/09/08 15:08:34 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\d3dx9_36.dll
[2008/09/04 17:15:37 | 00,042,581 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Tom green.swf
[2008/09/04 17:13:11 | 00,886,784 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Tom green.fla
[2008/09/04 16:35:38 | 00,000,019 | ---- | C] () -- C:\WINDOWS\win96.INI
[2008/09/04 16:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\Super Mario Blue Twilight DX
[2008/09/04 16:21:20 | 00,000,000 | ---D | C] -- C:\Jonny RPG
[2008/09/03 22:48:21 | 00,092,660 | ---- | C] () -- C:\Documents and Settings\Fallen\Desktop\bass.dll
[2008/09/03 22:48:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Desktop\Sound
[2008/09/03 21:10:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Desktop\Scrubs Season 1 Soundtrack
[2008/09/03 20:03:31 | 00,033,140 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\DO I GET TO TALK NOW.jpg
[2008/09/03 19:32:50 | 00,000,000 | ---D | C] -- C:\Program Files\Camtech

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Fallen\My Documents\*.tmp files]
[2008/10/03 16:08:28 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fallen\My Documents\OTViewIt.exe
[2008/10/03 16:02:10 | 00,000,590 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\My Sharing Folders.lnk
[2008/10/03 16:00:00 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008/10/03 15:59:30 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2008/10/03 15:59:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 15:59:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/03 15:57:21 | 06,153,760 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/03 15:57:21 | 00,540,704 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/03 15:57:21 | 00,049,156 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/03 15:57:21 | 00,002,928 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/03 15:48:33 | 00,352,855 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/03 15:48:27 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/03 15:35:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/02 22:01:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/02 18:12:27 | 33,180,5736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\WindowsXP-KB936929-SP3-x86-ENU.exe
[2008/10/02 18:03:34 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/02 18:01:32 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/10/02 17:58:30 | 25,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\wmp11-windowsxp-x86-enu.exe
[2008/10/01 20:46:44 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Unorginal!.fla
[2008/10/01 16:44:14 | 00,327,337 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\sonic.rar
[2008/10/01 16:43:53 | 00,037,486 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\alexkidd.rar
[2008/10/01 16:43:16 | 01,044,480 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Sega Project.fla
[2008/10/01 15:58:55 | 01,381,271 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\133985_rayfrard.mp3
[2008/10/01 15:52:17 | 02,732,951 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\162678_DV_Two_Sided.mp3
[2008/10/01 15:50:49 | 04,331,645 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\169856_DV_The_Days_We_Remember.mp3
[2008/10/01 15:05:57 | 08,666,624 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv. RE.fla
[2008/10/01 15:04:47 | 00,160,002 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv.swf
[2008/09/30 22:56:57 | 02,279,434 | -HS- | M] () -- C:\Documents and Settings\Fallen\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Fallen\My Documents\Thumbs.db:encryptable
[2008/09/30 22:39:22 | 04,891,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\Silverlight.2.0.exe
[2008/09/30 21:10:10 | 01,152,235 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ActRaiser 2.7z
[2008/09/30 18:14:46 | 00,173,896 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links Adv Re.swf
[2008/09/30 17:39:39 | 00,045,380 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ootganondorf.png
[2008/09/30 17:25:48 | 00,041,860 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv_Scene 1.swf
[2008/09/30 17:21:10 | 00,007,403 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\-577917066Advanced_Vcam.fla.zip
[2008/09/30 16:34:55 | 00,936,034 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\spritebuildersetup.exe
[2008/09/30 15:44:40 | 02,686,349 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\89111_Ordon_Mix_1.mp3
[2008/09/30 15:42:59 | 00,256,023 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Older link.png
[2008/09/29 19:49:06 | 00,026,598 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Chasing_The_Rainbow.mp3
[2008/09/29 19:48:27 | 00,037,515 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\America - 02 - I Need You.mp3
[2008/09/29 19:05:44 | 00,004,505 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Flash_V--_redesig-10378.zip
[2008/09/29 18:42:56 | 00,084,524 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Duck Tales (U).zip
[2008/09/29 18:22:45 | 00,160,651 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Dick Kids (MC Kids Hack).zip
[2008/09/29 18:22:22 | 00,084,332 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Dick Tracy (U).zip
[2008/09/29 16:38:22 | 81,225,728 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv. 3.fla
[2008/09/29 14:12:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/28 16:38:21 | 00,001,113 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\fs.gif
[2008/09/28 16:21:09 | 01,632,465 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\156593_Windmill_song.mp3
[2008/09/28 16:18:23 | 00,002,204 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\links adv.gif
[2008/09/28 16:04:20 | 08,993,574 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv3.swf
[2008/09/28 15:22:33 | 00,001,635 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\aos-winged_skeleton.gif
[2008/09/28 14:13:22 | 00,001,944 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_north.gif
[2008/09/28 13:56:35 | 00,073,216 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Template.fla
[2008/09/28 13:46:04 | 00,001,421 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Marle_battlestance_right.gif
[2008/09/28 13:37:01 | 02,706,620 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\147112_The_Legend_of_Zelda___A_Li.mp3
[2008/09/28 13:32:50 | 03,402,105 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\97234_Epic_but_Lost.mp3
[2008/09/28 13:32:14 | 01,622,851 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\157645_fairy_fountain.mp3
[2008/09/28 13:26:51 | 00,022,696 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\loud_Exp-Ivan-8050_hifi.mp3
[2008/09/28 13:25:47 | 00,008,286 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Explosio-Public_D-wav-201.zip
[2008/09/28 13:12:48 | 00,026,578 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Explosion1.gif
[2008/09/28 13:06:47 | 00,416,911 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\173370_random_stuff.mp3
[2008/09/28 13:06:35 | 07,429,141 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\107386_Falling_Farther__Trance_Re.mp3
[2008/09/28 13:05:05 | 03,543,374 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\170276_Burn_The_Skies.mp3
[2008/09/28 12:33:24 | 00,001,404 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Marle_walk_down.gif
[2008/09/28 12:26:11 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Marle_cry_up.gif
[2008/09/28 12:25:49 | 00,001,079 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Marle_happy.gif
[2008/09/28 12:14:22 | 02,841,620 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\138780_Zelda___ALTTP___Town__Rema.mp3
[2008/09/28 12:04:43 | 00,002,087 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_south.gif
[2008/09/28 12:04:28 | 00,002,218 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_west.gif
[2008/09/28 12:04:09 | 00,002,225 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_east.gif
[2008/09/28 11:55:12 | 00,057,933 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LuccasParentsRoom.gif
[2008/09/28 11:52:11 | 00,047,237 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv_Part3.swf
[2008/09/28 11:41:55 | 00,810,757 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\113801_SDZeta___Forest.mp3
[2008/09/28 11:39:42 | 00,792,367 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\158366_song_of_storms.mp3
[2008/09/28 11:29:14 | 00,010,462 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\museum6.png
[2008/09/27 19:09:37 | 00,277,970 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\links adv.3.swf
[2008/09/27 18:21:49 | 00,070,041 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ng_alternate_preloader.zip
[2008/09/27 18:18:19 | 00,268,811 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links ad3.swf
[2008/09/27 17:33:07 | 00,002,011 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv.html
[2008/09/27 17:00:26 | 00,001,492 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_shieldA_south.gif
[2008/09/27 16:59:10 | 00,002,160 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkG_walk_south.gif
[2008/09/27 16:49:52 | 00,019,171 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ZombieMale_exploding.gif
[2008/09/27 16:47:41 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkGB1_slash_right.gif
[2008/09/27 16:43:03 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkGN_walk_front.gif
[2008/09/27 16:32:12 | 00,001,556 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkGN_walk_right.gif
[2008/09/27 16:29:04 | 00,003,974 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ZombieMale_rise.gif
[2008/09/27 16:12:13 | 00,040,379 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Explosion2.gif
[2008/09/27 16:08:07 | 00,073,883 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\animation-skill-monsterrider-effect1.png
[2008/09/27 16:06:14 | 00,061,362 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\animation-skill-echoofhero-effect.png
[2008/09/27 15:48:10 | 00,004,288 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WeakGreenSoldier_look_left.gif
[2008/09/27 15:33:18 | 00,000,404 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WeakGreenSoldier_up.gif
[2008/09/27 15:11:12 | 00,122,827 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\tooltips.zip
[2008/09/27 15:07:32 | 00,001,365 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\index.html
[2008/09/27 15:04:30 | 00,001,453 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Test.html
[2008/09/27 15:01:07 | 00,371,056 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\afe.zip
[2008/09/27 15:01:06 | 04,574,042 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\advancedae.zip
[2008/09/27 14:49:13 | 00,319,359 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Movie.flv
[2008/09/27 14:47:37 | 00,477,135 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\oopscroll2.zip
[2008/09/27 14:47:33 | 05,639,009 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\as3preloader.zip
[2008/09/27 14:46:24 | 14,509,928 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\flv-converter-standard-41214.exe
[2008/09/27 14:45:50 | 02,617,323 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Pazera_Free_FLV_to_AVI_Converter.zip
[2008/09/27 14:42:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_7(2).zip
[2008/09/27 14:42:29 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_7.zip
[2008/09/27 14:41:25 | 00,178,710 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_8.zip
[2008/09/27 14:21:06 | 00,069,120 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\OS_bobble_v1.1.fla
[2008/09/27 14:20:11 | 00,055,940 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\saltas.zip
[2008/09/27 13:56:07 | 13,946,880 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\~449208_inquisitive_dave.fla
[2008/09/27 13:56:07 | 00,011,335 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\~449208_inquisitive_dave.flp
[2008/09/27 13:56:01 | 00,014,520 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\DaveTheGuy.as
[2008/09/27 13:56:01 | 00,003,026 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Wizard.as
[2008/09/27 13:56:01 | 00,002,941 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ClockCounter.as
[2008/09/27 13:56:01 | 00,002,875 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MusicManager.as
[2008/09/27 13:56:01 | 00,002,838 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\SoundEffectManager.as
[2008/09/27 13:56:01 | 00,002,688 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\TransitionHold.as
[2008/09/27 13:56:01 | 00,002,571 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Chicken.as
[2008/09/27 13:56:01 | 00,002,485 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WizardFull.as
[2008/09/27 13:56:01 | 00,001,954 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\FloatyPlat.as
[2008/09/27 13:56:01 | 00,001,070 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\SoundHolderFirstLevel.as
[2008/09/27 13:56:01 | 00,001,064 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MusicHolderFirstLevel.as
[2008/09/27 13:56:01 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\AnimatedObject.as
[2008/09/27 13:56:01 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WaterElectric.as
[2008/09/27 13:56:01 | 00,000,413 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WaterEffect.as
[2008/09/27 13:56:01 | 00,000,201 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WaterFallClip.as
[2008/09/27 13:56:01 | 00,000,201 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\CrackEyesClip.as
[2008/09/27 13:56:01 | 00,000,199 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\FloatyPlatform.as
[2008/09/27 13:56:01 | 00,000,195 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\GuyRunning.as
[2008/09/27 13:56:01 | 00,000,193 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\FaderHold.as
[2008/09/27 13:56:01 | 00,000,191 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\TimerClip.as
[2008/09/27 13:56:01 | 00,000,189 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\AntDust.as
[2008/09/27 13:56:01 | 00,000,183 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Cloudy.as
[2008/09/27 13:56:01 | 00,000,182 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Tsicken.as
[2008/09/27 13:56:01 | 00,000,177 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Guy.as
[2008/09/27 13:56:00 | 00,022,013 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\NewgroundsAPI.as
[2008/09/27 13:56:00 | 00,003,042 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\GameData.as
[2008/09/27 13:56:00 | 00,002,865 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MessageWrite.as
[2008/09/27 13:56:00 | 00,002,772 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Gator.as
[2008/09/27 13:56:00 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WhirlyBolt.as
[2008/09/27 13:56:00 | 00,000,494 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Clip_Start.as
[2008/09/27 13:50:16 | 05,489,088 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\449208_inquisitive_dave.swf
[2008/09/26 19:41:36 | 00,028,081 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\avgn_pic.jpg
[2008/09/26 19:39:59 | 00,061,827 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Street-Fighter-Quotes-1.0(2).plsc
[2008/09/26 19:33:38 | 00,022,537 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MSN_Text_Flooder.zip
[2008/09/26 19:32:10 | 00,013,583 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Msn_spam.zip
[2008/09/26 16:18:07 | 00,260,207 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 6 (U).zip
[2008/09/26 16:17:52 | 00,267,592 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 5 (U).zip
[2008/09/26 16:17:38 | 00,294,825 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 4 (U).zip
[2008/09/26 16:16:58 | 00,223,414 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 3 (U) [!].zip
[2008/09/26 16:16:46 | 00,135,874 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 2 (U).zip
[2008/09/25 18:02:06 | 00,432,694 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\crysis 2.jpg
[2008/09/25 18:01:53 | 00,661,244 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\wallpaper.jpg
[2008/09/25 18:00:35 | 00,372,394 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\123.jpg
[2008/09/24 20:34:10 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MLA_Template_for_CA_Myth_of_origin.doc
[2008/09/24 20:33:48 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Geography_Creat-A-Myth_Rubric.xls
[2008/09/23 21:21:46 | 49,996,376 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Fallen\My Documents\avg_free_stf_en_8_169a1359(2).exe
[2008/09/23 21:20:59 | 00,618,040 | ---- | M] (Prevx) -- C:\Documents and Settings\Fallen\My Documents\PREVXCSIFREE.EXE
[2008/09/23 20:57:51 | 00,210,416 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\zaSetup_en(2).exe
[2008/09/23 20:42:27 | 07,281,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\windows-kb890830-v2.2.exe
[2008/09/23 20:23:33 | 00,007,071 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Free-Stuff.html
[2008/09/23 20:00:13 | 01,857,468 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Template.psd
[2008/09/23 19:39:22 | 00,887,904 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\psd_tut1.zip
[2008/09/23 19:01:05 | 00,210,416 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\zaSetup_en.exe
[2008/09/23 16:11:30 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
[2008/09/23 16:06:39 | 00,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crysis WARHEAD.lnk
[2008/09/23 15:55:57 | 00,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/23 15:55:33 | 00,001,142 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/23 15:54:39 | 00,868,080 | ---- | M] (Sony DADC Austria AG) -- C:\Documents and Settings\Fallen\My Documents\PAUL(2).DLL
[2008/09/22 22:40:49 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\Fallen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/22 20:38:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Fallen\Desktop\HijackThis.lnk
[2008/09/22 20:28:34 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Fallen\My Documents\HJTInstall.exe
[2008/09/22 19:59:40 | 00,125,956 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll
[2008/09/22 18:07:39 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Fallen\Desktop\Spybot - Search & Destroy.lnk
[2008/09/22 18:06:13 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Fallen\My Documents\spybotsd160.exe
[2008/09/22 16:58:44 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/09/21 23:51:19 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/09/21 23:51:15 | 00,000,928 | ---- | M] () -- C:\Documents and Settings\Fallen\Desktop\Kaspersky Anti-Virus 2009.lnk
[2008/09/21 23:48:37 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/09/21 23:25:45 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Fallen\My Documents\KillBox.exe
[2008/09/21 23:16:53 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2008/09/21 23:09:12 | 49,996,376 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Fallen\My Documents\avg_free_stf_en_8_169a1359.exe
[2008/09/21 23:00:47 | 00,000,135 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\New
[2008/09/21 22:26:50 | 01,474,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/21 19:46:35 | 01,363,514 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\clip0006.avi
[2008/09/21 19:46:30 | 09,678,704 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\clip0005.avi
[2008/09/21 19:43:54 | 03,168,382 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\SopCast.zip
[2008/09/21 19:16:12 | 04,522,490 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ashley tisdale - never gonna give you up.mp3
[2008/09/21 19:04:34 | 00,039,744 | ---- | M] () -- C:\Documents and Settings\Fallen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/21 18:12:48 | 00,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/09/21 18:12:42 | 00,669,184 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2008/09/21 18:11:49 | 00,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crysis.lnk
[2008/09/21 11:59:09 | 00,198,061 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\001.jpg
[2008/09/21 00:08:44 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\sdd.hls
[2008/09/20 19:01:47 | 01,315,628 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\DarkWing Duck - Theme.wav
[2008/09/20 19:00:57 | 00,601,744 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\2 Stupid Dogs - Theme.wav
[2008/09/20 19:00:00 | 01,442,348 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MagicBus - Theme.wav
[2008/09/20 18:58:59 | 01,351,090 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Gargoyles - Theme.wav
[2008/09/20 18:58:10 | 00,635,084 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Cow & Chicken - Theme.wav
[2008/09/20 16:16:07 | 00,075,264 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Sam and Max.fla
[2008/09/18 23:14:33 | 06,167,552 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\movie 2.fla
[2008/09/15 19:42:05 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\The Story of Creation.doc
[2008/09/15 18:47:41 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2008/09/15 18:46:33 | 00,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2008/09/15 15:17:52 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/14 14:11:39 | 03,709,286 | -H-- | M] () -- C:\Documents and Settings\Fallen\Local Settings\Application Data\IconCache.db
[2008/09/12 15:44:00 | 00,433,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/12 15:44:00 | 00,067,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/12 15:43:59 | 00,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/12 15:42:50 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Fallen\My Documents\desktop.ini
[2008/09/12 15:42:41 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/11 23:11:20 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/11 18:44:13 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2008/09/10 20:38:26 | 00,340,772 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Normal Picture.jpg
[2008/09/06 13:32:58 | 11,895,220 | ---- | M] (PortableTurk.com) -- C:\Documents and Settings\Fallen\Desktop\LimeWire PRO 4.18.6.exe
[2008/09/06 12:50:50 | 00,000,019 | ---- | M] () -- C:\WINDOWS\win96.INI
[2008/09/04 17:22:17 | 00,886,784 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Tom green.fla
[2008/09/04 17:21:45 | 00,042,581 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Tom green.swf
[2008/09/03 20:03:32 | 00,033,140 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\DO I GET TO TALK NOW.jpg
< End of report >

Extras.Txt:

OTViewIt Extras logfile created on: 10/3/2008 4:09:00 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Fallen\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 109.68 Mb Available Physical Memory | 10.72% Memory free
2.40 Gb Paging File | 1.70 Gb Available in Paging File | 70.56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 12.88 Gb Free Space | 16.80% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.92% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FALLEN-96160EF0
Current User Name: Fallen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/14 16:44:14 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/07/29 09:47:18 | 00,070,976 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup
[2008/08/14 16:44:14 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/02/27 12:53:42 | 00,587,568 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/01/29 07:08:23 | 00,868,352 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])
ipp: [HKLM - No CLSID value]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2008/04/23 17:45:34 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}"=Crysis®
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}"=Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{1DCC7418-2089-4BDD-B321-3771956160FC}"=ijji Auto Installer
"{1FF4C4EF-335A-49DE-99BC-95544176360C}"=innotek VirtualBox
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}"=Adobe Setup
"{2E7B6B00-5ECD-49A1-8FD4-4B647C5D8027}"=Adobe Captivate 3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3D347E6D-5A03-4342-B5BA-6A771885F379}"=Backburner
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4A56DAB1-2680-4B8A-AD84-77EECFB94D7B}"=BitDefender Antivirus 2008
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}"=Google Gears
"{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}"=
"{5888428E-699C-4E71-BF71-94EE06B497DA}"=TuneUp Utilities 2008
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{5A88DA25-5EF7-4841-9ABC-C4E72392349D}"=181600
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}"=RGSS-RTP Standard
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}"=GameSpy Comrade
"{5FC0EED2-701D-306A-939D-688FA00D49FE}"=Google Gears
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}"=Camtasia Studio 5
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}"=Adobe After Effects CS3 Third Party Content
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}"=Far Cry (Patch 1.4)
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}"=Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9578C0CD-8108-4379-9026-4601F59859A0}"=Google Earth Pro
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}"=AGEIA PhysX v7.11.13
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}"=RPGXP
"{9B743536-28E5-4A48-A1CC-8600A18386C3}"=Growler Guncam
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A7B9D802-94C0-4AF3-88F6-3D71C935F385}"=EMU7800
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"=Google Update
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB81360F-041C-4CF7-B15E-71380D154244}"=Adobe Setup
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1"=Sothink SWF Decompiler
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{CA40DD4F-D30E-4622-8783-1ED1E81340C2}"=GTOneCare
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{DB219559-1F78-4343-9A6E-C2E987AD47A3}"=Bionic Commando Rearmed
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F1C9C7F7-0D56-40B2-A276-152762D39BCA}"=Adobe Setup
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}"=Autodesk 3ds Max 2009 32-bit
"{FFC1ADE3-944B-4231-894E-3903C37271D2}"=Adobe Setup
"53F13DB4D9611FD63BE580F06F0729BF236ABE68"=Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip"=7-Zip 4.57
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Flex Builder 3"=Adobe Flex Builder 3
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90"=Adobe Premiere Pro CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_5d83aea83f5009a0d267d337e3f55fe"=Adobe After Effects CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_71c180716438072ebd356ce2549df41"=Adobe Premiere Pro CS3 Third Party Content
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232"=Adobe Dreamweaver CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390"=Adobe Flash CS3 Professional
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"AIM Search"=AIM Search
"AIM Toolbar"=AIM Toolbar 5.0
"AIM_6"=AIM 6
"AIMTunes"=AIMTunes
"Audacity_is1"=Audacity 1.2.6
"Audio MP3 Sound Recorder"=Audio MP3 Sound Recorder
"basiegaxorz123_is1"=BasiEgaXorz v1.23 (ASMX Assembler Version)
"Bink and Smacker"=Bink and Smacker
"BootSkin"=BootSkin
"CamStudio"=CamStudio
"Cave Story Deluxe"=Cave Story Deluxe
"CDisplay_is1"=CDisplay 1.8
"CEDP Stealer 6.0 for Messenger"=CEDP Stealer 6.0 for Messenger
"Cheat Engine 5.4_is1"=Cheat Engine 5.4
"Colour Spy_is1"=Colour Spy 1.5
"dBpowerAMP Music Converter"=dBpowerAMP Music Converter
"DesktopX"=DesktopX
"Dexpot"=Dexpot 1.4
"DriverGuide Toolkit"=DriverGuide Toolkit
"EVEREST Ultimate Edition_is1"=EVEREST Ultimate Edition v4.50
"FBX Plugin 2006.11.1 for Max 2008"=FBX Plugin 2006.11.1 for Max 2008
"FBX Plugin 2009.0 for Max 2009"=FBX Plugin 2009.0 for Max 2009
"Fiddler2"=Fiddler2 (remove only)
"FlashGet"=FlashGet 1.9.6.1073
"Fraps"=Fraps (remove only)
"Frontbase Image To Icon_is1"=Frontbase Image To Icon 2.1
"Game Maker 7.0"=Game Maker 7.0
"getPlus®_dll"=getPlus®_dll
"GoldWave v5.20"=GoldWave v5.20
"HyperCam 2"=HyperCam 2
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}"=TBS WMP Plug-in
"Jailbreak Source_is1"=Jailbreak Source v0.4.1
"Jonny RPG"=Jonny RPG
"KB888111WXPSP2"=High Definition Audio Driver Package - KB888111
"LimeWire"=LimeWire PRO 4.17.3
"LimeWire Turbo Accelerator"=LimeWire Turbo Accelerator
"Magic ISO Maker v5.4 (build 0256)"=Magic ISO Maker v5.4 (build 0256)
"MagicDisc 2.6.93"=MagicDisc 2.6.93
"ManyCam"=ManyCam 2.2 (remove only)
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.1)"=Mozilla Firefox (3.0.1)
"Mozilla Thunderbird (2.0.0.14)"=Mozilla Thunderbird (2.0.0.14)
"MsgPlus! Plugin"=Messenger Plus! 3
"MS-MPEG4"=Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"MSNINST"=MSN
"Notepad++"=Notepad++
"NVIDIA Drivers"=NVIDIA Drivers
"OpenAL"=OpenAL
"PFConfig"=PFConfig 1.0.216
"Platform Studio_is1"=Platform Studio 3.2 Standard Edition
"PunkBusterSvc"=PunkBuster Services
"QuickShot_is1"=QuickShot 1.52
"RapidLeecher"=RapidLeecher
"RealPlayer 6.0"=RealPlayer
"RegistryBooster 2_is1"=Uniblue RegistryBooster 2
"RocketDock_is1"=RocketDock 1.3.5
"RPG Maker VX 1.02"=RPG Maker VX 1.02
"RPG Maker VX RTP =XWareM2 Group=_is1"=RPG Maker VX RTP
"RPG Maker VX RTP_is1"=RPG Maker VX RTP
"RPG Maker VX_is1"=RPG Maker VX
"ScreenshotCaptor_is1"=Screenshot Captor 2.37.03
"SopCast"=SopCast 3.0.3
"Steam App 211"=Source SDK
"Steam App 2130"=Dark Messiah Might and Magic Multi-Player
"Steam App 218"=Source SDK Base - Orange Box
"Steam App 220"=Half-Life 2
"Steam App 4000"=Garry's Mod
"Steam App 440"=Team Fortress 2
"Steam App 70"=Half-Life
"StyleXP"=StyleXP (remove only)
"Super Mario: Blue Twilight DX (v1.04.1)"=Super Mario: Blue Twilight DX (v1.04.1)
"SysMetrix"=SysMetrix 3.41
"System Restore Control"=System Restore Control
"SystemRequirementsLab"=System Requirements Lab
"Thoosje Sidebar V2.3"=Thoosje Sidebar V2.3
"TopDesk"=TopDesk 1.4.2
"ViewpointMediaPlayer"=Viewpoint Media Player
"VistaMizer"=VistaMizer 2.2.1.0
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Live Toolbar"=Windows Live Toolbar
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"Winstep Xtreme_is1"=Winstep Xtreme 8.5
"Wyvern Client"=Wyvern Client
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"xvid"=XviD MPEG-4 Video Codec
"zbattle.net_is1"=zbattle.net 1.09 SR-1 beta
"ZD Soft Game Recorder"=ZD Soft Game Recorder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in"=Adobe Acrobat Connect Add-in
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA
"Google Chrome"=Google Chrome
"ijji FireFox Launcher"=ijji FireFox Launcher 1.0
"Science and Industry 2 - Beta 1.1"=Science and Industry 2 - Beta 1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in"=Adobe Acrobat Connect Add-in
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA
"Google Chrome"=Google Chrome
"ijji FireFox Launcher"=ijji FireFox Launcher 1.0
"Science and Industry 2 - Beta 1.1"=Science and Industry 2 - Beta 1.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/24/2008 12:16:42 AM | Computer Name = FALLEN-96160EF0 | Source = Application Hang | ID = 1002
Description = Hanging application GLB19C.tmp, version 7.0.483.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2008 12:17:36 AM | Computer Name = FALLEN-96160EF0 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2008 1:47:26 AM | Computer Name = FALLEN-96160EF0 | Source = Application Error | ID = 1000
Description = Faulting application d.exe, version 0.0.0.0, faulting module urlmon.dll,
version 6.0.2900.5628, fault address 0x0001bed7.

Error - 9/25/2008 2:12:45 AM | Computer Name = FALLEN-96160EF0 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/25/2008 2:12:46 AM | Computer Name = FALLEN-96160EF0 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2008 11:13:08 PM | Computer Name = FALLEN-96160EF0 | Source = Google Update | ID = 20
Description =

Error - 9/29/2008 7:37:17 PM | Computer Name = FALLEN-96160EF0 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3180, faulting module
unknown, version 0.0.0.0, fault address 0x06ff96f6.

Error - 10/1/2008 10:34:13 PM | Computer Name = FALLEN-96160EF0 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2008 11:47:33 PM | Computer Name = FALLEN-96160EF0 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2008 1:52:16 AM | Computer Name = FALLEN-96160EF0 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/2/2008 9:29:02 PM | Computer Name = FALLEN-96160EF0 | Source = NtServicePack | ID = 921877
Description = Windows XP Service Pack 3 installation failed. Access is denied.

Error - 10/2/2008 9:52:29 PM | Computer Name = FALLEN-96160EF0 | Source = NtServicePack | ID = 921878
Description = Windows XP Service Pack 3 installation failed, leaving Windows XP
partially updated. Service Pack 3 installation did not complete.

Error - 10/2/2008 9:53:57 PM | Computer Name = FALLEN-96160EF0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 10/2/2008 9:54:11 PM | Computer Name = FALLEN-96160EF0 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 10/2/2008 9:54:41 PM | Computer Name = FALLEN-96160EF0 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 10/2/2008 10:34:07 PM | Computer Name = FALLEN-96160EF0 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 10/2/2008 10:34:37 PM | Computer Name = FALLEN-96160EF0 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 10/3/2008 2:20:20 AM | Computer Name = FALLEN-96160EF0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 10/3/2008 6:49:03 PM | Computer Name = FALLEN-96160EF0 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/3/2008 6:49:03 PM | Computer Name = FALLEN-96160EF0 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

I started download updates for kaspersky Online and my computer crashed now every time I try to get on it gives me this error.

Program has failed to start. Program has failed to start. Close the Kaspersky Online Scanner

7.0 window and open it again to install the program.

[ERROR:java.lang.NullPointerException]

I hope you can help.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:50 PM

Posted 03 October 2008 - 08:31 PM

Hello, FallenAnzel.
No problem with Kaspersky.. we can deal with things in other ways :thumbsup:

We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
Javaâ„¢ 6 Update 5

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\XDva090.sys
    c:\program,files\premieropinion
    C:\WINDOWS\system32\tuvWmlMG
    C:\!KillBox
    :services
    XDva090
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DCE8929-CC5F-48F5-9626-8359BCCB7CBE}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{{C14E6230-757D-4246-81CE-B34E2940C722}]
    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"=-
    "AVG7_Run"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqNDVmj]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{C14E6230-757D-4246-81CE-B34E2940C722}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A new OTViewIt Main.txt

Billy3

Edited by Billy O'Neal, 03 October 2008 - 08:33 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 FallenAnzel

FallenAnzel
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:C.A.
  • Local time:10:50 PM

Posted 04 October 2008 - 03:02 PM

Pocket Killbox version 2.0.0.881
Running on Windows XP as Fallen(Administrator)
was started @ Sunday, September 21, 2008, 11:25 PM

# 1 [Files to Delete]
Path = C:\Program Files\Common Files\BitDefender\BitDefender Firewall
*This File could not be Deleted

# 2 [Files to Delete]
Path = C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfirewall.txt
*This File could not be Deleted

Killbox Closed(Exit) @ 11:26:35 PM
__________________________________________________

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3494 (20081003)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=b42858de9889624395ff81601e758130
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-04 08:10:50
# local_time=2008-10-04 01:10:50 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=649851
# found=2
# scan_time=4012
C:\Documents and Settings\Fallen\My Documents\LimeWire\Shared\Modest Mouse - We Were Dead Before The Ship Even Sank.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 0A0A0B47E35D557D949DC5288E100D51
C:\WINDOWS\system32\msxml71.dll Win32/Adware.BHO.NDL application (unable to clean - deleted) 00000000000000000000000000000000


OTviewIt.txt:

OTViewIt logfile created on: 10/4/2008 12:56:47 PM - Run 3
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Fallen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 576.36 Mb Available Physical Memory | 56.31% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.13% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 11.82 Gb Free Space | 15.42% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.92% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FALLEN-96160EF0
Current User Name: Fallen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/24 11:31:06 | 00,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
[2008/07/22 03:11:25 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/03/22 21:34:30 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/09/06 14:31:35 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/09/06 13:11:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/05/12 17:55:07 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2005/08/15 16:48:19 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WtSrv.exe
[2007/11/27 16:46:32 | 00,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
[2008/07/02 07:39:09 | 01,155,072 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
[2005/05/10 18:31:22 | 00,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\stardock\SDMCP.exe
[2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/04/13 17:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2008/06/23 01:04:07 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/06/20 21:42:20 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2008/09/06 13:11:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Fallen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2008/10/03 23:55:11 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/04 00:04:50 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fallen\Desktop\OTViewIt(2).exe

========== (O23) Win32 Services ==========

[2008/07/22 03:11:25 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/03/22 21:34:30 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/04/13 17:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/03/21 14:44:18 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/09/06 13:11:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c912e355531d1a [Auto | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/09/06 14:31:35 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/07/02 07:39:09 | 01,155,072 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/05/12 17:55:07 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
[2006/05/24 11:31:06 | 00,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService [Auto | Running])
[2008/06/27 01:56:26 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2008/09/15 02:50:47 | 01,261,568 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -- (VSSERV [Auto | Stopped])
[2005/08/15 16:48:19 | 00,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WtSrv.exe -- (WinTabService [Auto | Running])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2007/11/27 16:46:32 | 00,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])

========== Driver Services ==========

[2007/02/06 00:22:45 | 00,068,672 | R--- | M] (2Wire, Inc.) -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP [On_Demand | Running])
[2005/06/20 22:08:44 | 02,324,480 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2008/01/25 15:40:56 | 00,156,688 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
[2008/01/16 14:12:10 | 00,008,320 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
[2008/04/13 11:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2004/03/12 22:41:28 | 00,156,800 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d346bus.sys -- (d346bus [Boot | Running])
[2004/03/12 22:41:42 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d346prt.sys -- (d346prt [Boot | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/09/21 23:48:37 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [On_Demand | Stopped])
[2008/01/14 03:06:32 | 00,021,632 | ---- | M] (ManyCam LLC.) -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam [On_Demand | Running])
[2008/02/18 17:29:16 | 00,096,256 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])
[2008/04/13 11:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/04/13 11:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2008/04/13 11:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2007/12/05 01:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/08/18 17:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2005/04/06 03:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped])
[2005/04/06 03:22:30 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/02/28 05:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2008/04/13 11:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2007/07/12 00:32:44 | 00,012,800 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
[2006/02/28 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/03/21 13:30:04 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 11:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2008/05/20 16:21:39 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/04/13 11:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2005/10/31 14:44:39 | 00,010,880 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper [System | Running])
[2005/08/15 16:48:19 | 00,015,370 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\Tablet2k.sys -- (Tablet2k [On_Demand | Stopped])
[2005/08/15 16:48:19 | 00,023,202 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k [On_Demand | Stopped])
[2007/07/10 07:00:42 | 00,036,736 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
[2005/08/15 16:48:19 | 00,011,090 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid [On_Demand | Stopped])
[2008/04/13 11:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/13 11:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
[2008/02/20 20:17:32 | 00,040,928 | ---- | M] () -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv [System | Running])
[2008/02/20 20:17:40 | 00,027,776 | ---- | M] (innotek GmbH) -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon [System | Running])
[2001/12/19 11:45:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom [System | Running])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2008/04/13 11:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2007/08/28 17:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/?wl=true

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=msn

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}" (HKLM) -- C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/?wl=true

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=msn

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}" (HKLM) -- C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (687 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (HKLM) -- C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} (HKLM) -- C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{77D7E795-33C5-4323-974D-A2A49AB75517} (HKLM) -- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll (Google Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
{C14E6230-757D-4246-81CE-B34E2940C722} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{C333CF63-767F-4831-94AC-E683D962C63C} (HKLM) -- C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (HKLM) -- C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll (Google Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{F156768E-81EF-470C-9057-481BA8380DBA} (HKLM) -- C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}" (HKLM) -- C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" (BitDefender)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"BitTorrent"="C:\Program Files\BitTorrent\BitTorrent.exe" ()
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" ()
"Screenshot Captor"="C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun (DonationCoder)
"Steam"="c:\program files\steam\steam.exe" -silent (Valve Corporation)
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (Veoh Networks)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE File not found
""= File not found
"BitTorrent"="C:\Program Files\BitTorrent\BitTorrent.exe" ()
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" ()
"Screenshot Captor"="C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun (DonationCoder)
"Steam"="c:\program files\steam\steam.exe" -silent (Valve Corporation)
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (Veoh Networks)

========== (O4) Startup Folders ==========

[2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[2007/10/21 17:26:52 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Fallen\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1454471165-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AIM Search: c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html [2006/09/07 13:59:50 | 00,000,747 | ---- | M] ()
&Download All with FlashGet: C:\Program Files\FlashGet\JC_ALL.HTM [2007/05/18 09:13:10 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\FlashGet\JC_LINK.HTM [2007/05/18 09:13:10 | 00,001,898 | ---- | M] ()
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 12:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/06/20 14:37:18 | 09,068,544 | R--- | M] (Microsoft Corporation)
Sothink SWF Catcher: C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm [2008/04/22 16:00:00 | 00,000,191 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}: &Gears Settings -- C:\Program Files\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll (Google Inc.)
{3369AF0D-62E9-4bda-8103-B4C75499B578}: AIM Toolbar -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E}: Fiddler2 -- C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E}: Fiddler2 -- C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: FlashGet -- C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: FlashGet -- C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: Sothink SWF Catcher -- C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: Sothink SWF Catcher -- C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1205905127053 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{08BEAF95-D4F5-4D42-978A-B1A61A3C9562} (Servers: | Description: )
{358639AC-1FBE-410A-AF09-653F851B1492} (Servers: | Description: )
{4609EAF6-0642-4433-947C-DF4EAFAA79E2} (Servers: | Description: 2Wire PC Port)
{4957592D-018E-43D4-8912-1E5259807DFD} (Servers: | Description: 2Wire PC Port)
{508F9565-6E9B-431A-8F52-EC8AC44635E3} (Servers: | Description: 2Wire PC Port)
{A32F8AEC-562F-4CE9-A41C-03BDDA5EE924} (Servers: | Description: 2Wire PC Port)
{E69C78D6-3655-4246-A83A-3CFEE09A2A8B} (Servers: | Description: 1394 Net Adapter)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UIHost"=C:\Program Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE
>File not found --
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
MCPClient: "DllName" = C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll -- C:\Program Files\Common Files\stardock\MCPStub.dll (Stardock)
PremierOpinion: "DllName" = C:\Program Files\PremierOpinion\pmls.dll -- C:\Program Files\PremierOpinion\pmls.dll File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\tuvWmlMG,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

Autodesk []
[2008/04/13 14:46:06 | 00,000,000 | ---D | M] -- C:\Autodesk -- [ NTFS ]

AUTOEXEC.BAT []
[2008/03/18 23:16:48 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | open=OblivionLauncher.exe | icon=Oblivion.ico | ]
[2005/11/21 10:26:21 | 00,000,057 | R--- | M] () -- D:\autorun.inf -- [ UDF ]

autorun.inf [[autorun] | OPEN=Start.exe | shellexecute=Start.exe | shell=Auto | shell\Auto=&Autoplay | shell\Auto\command=Start.exe | ]
[2008/09/09 22:35:02 | 00,000,115 | -HS- | M] () -- E:\autorun.inf -- [ FAT ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}\Shell\AutoRun\command]
""=H:\TrueCrypt\TrueCrypt.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}\Shell\dismount\command]
""=H:\TrueCrypt\TrueCrypt.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}\Shell\mount\command]
""=H:\TrueCrypt\TrueCrypt.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}\Shell\open\command]
""=H:\TrueCrypt\TrueCrypt.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Fallen\My Documents\*.tmp files]
[2008/10/04 00:04:49 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fallen\Desktop\OTViewIt(2).exe
[2008/10/04 00:02:22 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2008/10/03 23:56:12 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fallen\My Documents\OTMoveIt3(3).exe
[2008/10/03 23:54:06 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fallen\My Documents\OTMoveIt3(2).exe
[2008/10/03 23:10:40 | 00,098,684 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\pedo-bear-seal-of-approval.thumbnail.png
[2008/10/03 18:52:54 | 00,001,696 | ---- | C] () -- C:\Documents and Settings\Fallen\Desktop\Launch VeohTV.lnk
[2008/10/03 18:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Application Data\Bitdefender
[2008/10/03 18:52:13 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2008/10/03 18:51:04 | 21,440,208 | ---- | C] (Veoh Networks, Inc. ) -- C:\Documents and Settings\Fallen\My Documents\VeohSetup-3.9.8.1082.exe
[2008/10/03 18:32:43 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/03 18:32:20 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fallen\Desktop\OTMoveIt3.exe
[2008/10/03 16:08:27 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fallen\My Documents\OTViewIt.exe
[2008/10/03 15:54:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2008/10/02 18:03:54 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/10/02 18:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/10/02 18:01:44 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\WindowsXP-KB936929-SP3-x86-ENU.exe
[2008/10/02 18:01:32 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/10/02 18:01:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/10/02 17:57:42 | 25,740,144 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\wmp11-windowsxp-x86-enu.exe
[2008/10/01 20:46:43 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Unorginal!.fla
[2008/10/01 16:44:13 | 00,327,337 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\sonic.rar
[2008/10/01 16:43:53 | 00,037,486 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\alexkidd.rar
[2008/10/01 16:18:17 | 01,044,480 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Sega Project.fla
[2008/10/01 15:58:43 | 01,381,271 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\133985_rayfrard.mp3
[2008/10/01 15:51:56 | 02,732,951 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\162678_DV_Two_Sided.mp3
[2008/10/01 15:50:11 | 04,331,645 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\169856_DV_The_Days_We_Remember.mp3
[2008/09/30 22:39:02 | 04,891,216 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\Silverlight.2.0.exe
[2008/09/30 21:09:57 | 01,152,235 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ActRaiser 2.7z
[2008/09/30 18:14:43 | 00,173,896 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links Adv Re.swf
[2008/09/30 17:39:38 | 00,045,380 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ootganondorf.png
[2008/09/30 17:21:09 | 00,007,403 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\-577917066Advanced_Vcam.fla.zip
[2008/09/30 16:36:52 | 00,041,860 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv_Scene 1.swf
[2008/09/30 16:35:15 | 00,000,000 | ---D | C] -- C:\Program Files\Sprite Builder
[2008/09/30 16:34:48 | 00,936,034 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\spritebuildersetup.exe
[2008/09/30 16:29:08 | 08,666,624 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv. RE.fla
[2008/09/30 15:44:21 | 02,686,349 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\89111_Ordon_Mix_1.mp3
[2008/09/30 15:42:58 | 00,256,023 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Older link.png
[2008/09/29 19:49:06 | 00,026,598 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Chasing_The_Rainbow.mp3
[2008/09/29 19:48:25 | 00,037,515 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\America - 02 - I Need You.mp3
[2008/09/29 19:05:44 | 00,004,505 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Flash_V--_redesig-10378.zip
[2008/09/29 18:42:56 | 00,084,524 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Duck Tales (U).zip
[2008/09/29 18:22:44 | 00,160,651 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Dick Kids (MC Kids Hack).zip
[2008/09/29 18:22:21 | 00,084,332 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Dick Tracy (U).zip
[2008/09/28 16:38:20 | 00,001,113 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\fs.gif
[2008/09/28 16:21:09 | 01,632,465 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\156593_Windmill_song.mp3
[2008/09/28 16:18:21 | 00,002,204 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\links adv.gif
[2008/09/28 15:58:56 | 00,160,002 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv.swf
[2008/09/28 15:22:32 | 00,001,635 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\aos-winged_skeleton.gif
[2008/09/28 14:13:22 | 00,001,944 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_north.gif
[2008/09/28 13:56:34 | 00,073,216 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Template.fla
[2008/09/28 13:46:04 | 00,001,421 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Marle_battlestance_right.gif
[2008/09/28 13:36:56 | 02,706,620 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\147112_The_Legend_of_Zelda___A_Li.mp3
[2008/09/28 13:32:41 | 03,402,105 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\97234_Epic_but_Lost.mp3
[2008/09/28 13:32:12 | 01,622,851 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\157645_fairy_fountain.mp3
[2008/09/28 13:26:50 | 00,022,696 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\loud_Exp-Ivan-8050_hifi.mp3
[2008/09/28 13:25:47 | 00,008,286 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Explosio-Public_D-wav-201.zip
[2008/09/28 13:12:48 | 00,026,578 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Explosion1.gif
[2008/09/28 13:06:47 | 00,416,911 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\173370_random_stuff.mp3
[2008/09/28 13:06:15 | 07,429,141 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\107386_Falling_Farther__Trance_Re.mp3
[2008/09/28 13:04:56 | 03,543,374 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\170276_Burn_The_Skies.mp3
[2008/09/28 12:33:24 | 00,001,404 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Marle_walk_down.gif
[2008/09/28 12:26:11 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Marle_cry_up.gif
[2008/09/28 12:25:49 | 00,001,079 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Marle_happy.gif
[2008/09/28 12:14:13 | 02,841,620 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\138780_Zelda___ALTTP___Town__Rema.mp3
[2008/09/28 12:04:43 | 00,002,087 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_south.gif
[2008/09/28 12:04:28 | 00,002,218 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_west.gif
[2008/09/28 12:04:09 | 00,002,225 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_east.gif
[2008/09/28 11:55:12 | 00,057,933 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LuccasParentsRoom.gif
[2008/09/28 11:41:55 | 00,810,757 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\113801_SDZeta___Forest.mp3
[2008/09/28 11:39:42 | 00,792,367 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\158366_song_of_storms.mp3
[2008/09/28 11:38:13 | 00,047,237 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv_Part3.swf
[2008/09/28 11:29:13 | 00,010,462 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\museum6.png
[2008/09/27 19:09:34 | 00,277,970 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\links adv.3.swf
[2008/09/27 18:21:49 | 00,070,041 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ng_alternate_preloader.zip
[2008/09/27 18:20:16 | 08,993,574 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv3.swf
[2008/09/27 18:18:11 | 00,268,811 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links ad3.swf
[2008/09/27 17:33:07 | 00,008,321 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\AC_RunActiveContent.js
[2008/09/27 17:33:07 | 00,002,011 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv.html
[2008/09/27 17:00:26 | 00,001,492 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_shieldA_south.gif
[2008/09/27 16:59:09 | 00,002,160 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkG_walk_south.gif
[2008/09/27 16:49:52 | 00,019,171 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ZombieMale_exploding.gif
[2008/09/27 16:47:41 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkGB1_slash_right.gif
[2008/09/27 16:43:02 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkGN_walk_front.gif
[2008/09/27 16:32:12 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\LinkGN_walk_right.gif
[2008/09/27 16:29:03 | 00,003,974 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ZombieMale_rise.gif
[2008/09/27 16:12:13 | 00,040,379 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Explosion2.gif
[2008/09/27 16:08:07 | 00,073,883 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\animation-skill-monsterrider-effect1.png
[2008/09/27 16:06:14 | 00,061,362 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\animation-skill-echoofhero-effect.png
[2008/09/27 15:48:10 | 00,004,288 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WeakGreenSoldier_look_left.gif
[2008/09/27 15:33:17 | 00,000,404 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WeakGreenSoldier_up.gif
[2008/09/27 15:11:12 | 00,122,827 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\tooltips.zip
[2008/09/27 15:04:30 | 00,001,453 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Test.html
[2008/09/27 15:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\My Documents\Scripts
[2008/09/27 15:01:07 | 00,371,056 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\afe.zip
[2008/09/27 15:00:59 | 04,574,042 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\advancedae.zip
[2008/09/27 14:49:11 | 00,319,359 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Movie.flv
[2008/09/27 14:48:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\My Documents\ImTOO Software Studio
[2008/09/27 14:48:09 | 00,548,864 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\prototype.fla
[2008/09/27 14:48:09 | 00,000,956 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ScrollBar.as
[2008/09/27 14:48:09 | 00,000,438 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ScrollBox.as
[2008/09/27 14:48:09 | 00,000,309 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ScrollBarEvent.as
[2008/09/27 14:47:36 | 00,477,135 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\oopscroll2.zip
[2008/09/27 14:47:23 | 05,639,009 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\as3preloader.zip
[2008/09/27 14:46:43 | 00,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2008/09/27 14:45:57 | 14,509,928 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\flv-converter-standard-41214.exe
[2008/09/27 14:45:38 | 02,617,323 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Pazera_Free_FLV_to_AVI_Converter.zip
[2008/09/27 14:42:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_7(2).zip
[2008/09/27 14:42:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_7.zip
[2008/09/27 14:41:25 | 00,178,710 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_8.zip
[2008/09/27 14:21:06 | 00,069,120 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\OS_bobble_v1.1.fla
[2008/09/27 14:20:10 | 00,055,940 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\saltas.zip
[2008/09/27 13:56:07 | 00,011,335 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\~449208_inquisitive_dave.flp
[2008/09/27 13:56:01 | 00,014,520 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\DaveTheGuy.as
[2008/09/27 13:56:01 | 00,003,026 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Wizard.as
[2008/09/27 13:56:01 | 00,002,941 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ClockCounter.as
[2008/09/27 13:56:01 | 00,002,875 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MusicManager.as
[2008/09/27 13:56:01 | 00,002,838 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\SoundEffectManager.as
[2008/09/27 13:56:01 | 00,002,688 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\TransitionHold.as
[2008/09/27 13:56:01 | 00,002,571 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Chicken.as
[2008/09/27 13:56:01 | 00,002,485 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WizardFull.as
[2008/09/27 13:56:01 | 00,001,954 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\FloatyPlat.as
[2008/09/27 13:56:01 | 00,001,070 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\SoundHolderFirstLevel.as
[2008/09/27 13:56:01 | 00,001,064 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MusicHolderFirstLevel.as
[2008/09/27 13:56:01 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\AnimatedObject.as
[2008/09/27 13:56:01 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WaterElectric.as
[2008/09/27 13:56:01 | 00,000,413 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WaterEffect.as
[2008/09/27 13:56:01 | 00,000,201 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WaterFallClip.as
[2008/09/27 13:56:01 | 00,000,201 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\CrackEyesClip.as
[2008/09/27 13:56:01 | 00,000,199 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\FloatyPlatform.as
[2008/09/27 13:56:01 | 00,000,195 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\GuyRunning.as
[2008/09/27 13:56:01 | 00,000,193 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\FaderHold.as
[2008/09/27 13:56:01 | 00,000,191 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\TimerClip.as
[2008/09/27 13:56:01 | 00,000,189 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\AntDust.as
[2008/09/27 13:56:01 | 00,000,183 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Cloudy.as
[2008/09/27 13:56:01 | 00,000,182 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Tsicken.as
[2008/09/27 13:56:01 | 00,000,177 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Guy.as
[2008/09/27 13:56:00 | 00,003,042 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\GameData.as
[2008/09/27 13:56:00 | 00,002,865 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MessageWrite.as
[2008/09/27 13:56:00 | 00,002,772 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Gator.as
[2008/09/27 13:56:00 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\WhirlyBolt.as
[2008/09/27 13:56:00 | 00,000,494 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Clip_Start.as
[2008/09/27 13:55:00 | 13,946,880 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\~449208_inquisitive_dave.fla
[2008/09/27 13:50:15 | 05,489,088 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\449208_inquisitive_dave.swf
[2008/09/27 13:26:45 | 81,225,728 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Links adv. 3.fla
[2008/09/26 19:41:36 | 00,028,081 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\avgn_pic.jpg
[2008/09/26 19:39:59 | 00,061,827 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Street-Fighter-Quotes-1.0(2).plsc
[2008/09/26 19:33:38 | 00,022,537 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MSN_Text_Flooder.zip
[2008/09/26 19:32:09 | 00,013,583 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Msn_spam.zip
[2008/09/26 16:18:07 | 00,260,207 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 6 (U).zip
[2008/09/26 16:17:52 | 00,267,592 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 5 (U).zip
[2008/09/26 16:17:38 | 00,294,825 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 4 (U).zip
[2008/09/26 16:16:58 | 00,223,414 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 3 (U) [!].zip
[2008/09/26 16:16:46 | 00,135,874 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 2 (U).zip
[2008/09/25 18:02:06 | 00,432,694 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\crysis 2.jpg
[2008/09/25 18:01:53 | 00,661,244 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\wallpaper.jpg
[2008/09/25 18:00:34 | 00,372,394 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\123.jpg
[2008/09/24 20:35:07 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Fallen\My Documents\My Webs
[2008/09/24 20:34:10 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MLA_Template_for_CA_Myth_of_origin.doc
[2008/09/24 20:33:48 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Geography_Creat-A-Myth_Rubric.xls
[2008/09/23 21:21:33 | 00,000,000 | ---D | C] -- C:\Program Files\PrevxCSI
[2008/09/23 21:20:56 | 00,618,040 | ---- | C] (Prevx) -- C:\Documents and Settings\Fallen\My Documents\PREVXCSIFREE.EXE
[2008/09/23 21:19:15 | 49,996,376 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Fallen\My Documents\avg_free_stf_en_8_169a1359(2).exe
[2008/09/23 20:57:51 | 00,210,416 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\zaSetup_en(2).exe
[2008/09/23 20:42:13 | 07,281,784 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\windows-kb890830-v2.2.exe
[2008/09/23 20:16:01 | 00,007,071 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Free-Stuff.html
[2008/09/23 20:00:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\My Documents\images
[2008/09/23 19:45:44 | 01,857,468 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Template.psd
[2008/09/23 19:39:22 | 00,887,904 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\psd_tut1.zip
[2008/09/23 19:04:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/09/23 19:04:16 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/09/23 19:04:15 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/09/23 19:04:15 | 00,352,855 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/09/23 19:03:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/09/23 19:01:05 | 00,210,416 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\zaSetup_en.exe
[2008/09/23 16:06:39 | 00,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crysis WARHEAD.lnk
[2008/09/23 15:55:57 | 00,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/23 15:55:53 | 00,000,000 | ---D | C] -- C:\ProgramData
[2008/09/23 15:54:39 | 00,868,080 | ---- | C] (Sony DADC Austria AG) -- C:\Documents and Settings\Fallen\My Documents\PAUL(2).DLL
[2008/09/22 20:38:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Fallen\Desktop\HijackThis.lnk
[2008/09/22 20:38:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/22 20:28:33 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Fallen\My Documents\HJTInstall.exe
[2008/09/22 18:07:39 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Fallen\Desktop\Spybot - Search & Destroy.lnk
[2008/09/22 18:07:25 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/09/22 18:04:08 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Fallen\My Documents\spybotsd160.exe
[2008/09/22 17:59:07 | 00,000,928 | ---- | C] () -- C:\Documents and Settings\Fallen\Desktop\Kaspersky Anti-Virus 2009.lnk
[2008/09/21 23:51:19 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/09/21 23:51:19 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/09/21 23:50:43 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2008/09/21 23:50:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/09/21 23:50:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/09/21 23:25:44 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Fallen\My Documents\KillBox.exe
[2008/09/21 23:04:54 | 49,996,376 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Fallen\My Documents\avg_free_stf_en_8_169a1359.exe
[2008/09/21 21:34:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\My Documents\My Games
[2008/09/21 21:33:01 | 06,153,760 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/09/21 21:33:01 | 00,540,704 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/09/21 21:33:01 | 00,049,156 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/09/21 21:33:01 | 00,002,928 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/09/21 21:30:00 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/09/21 21:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/09/21 21:14:43 | 33,138,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Fallen\My Documents\kav8.0.0.454en.exe
[2008/09/21 19:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\SopCast
[2008/09/21 19:46:32 | 01,363,514 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\clip0006.avi
[2008/09/21 19:46:05 | 09,678,704 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\clip0005.avi
[2008/09/21 19:43:18 | 03,168,382 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\SopCast.zip
[2008/09/21 19:32:49 | 00,000,000 | ---D | C] -- C:\Program Files\SAV
[2008/09/21 19:15:58 | 04,522,490 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\ashley tisdale - never gonna give you up.mp3
[2008/09/21 18:26:39 | 00,000,000 | ---D | C] -- C:\Program Files\GameSpy
[2008/09/21 18:11:49 | 00,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crysis.lnk
[2008/09/21 11:59:08 | 00,198,061 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\001.jpg
[2008/09/20 19:01:32 | 01,315,628 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\DarkWing Duck - Theme.wav
[2008/09/20 19:00:43 | 00,601,744 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\2 Stupid Dogs - Theme.wav
[2008/09/20 18:59:48 | 01,442,348 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\MagicBus - Theme.wav
[2008/09/20 18:58:35 | 01,351,090 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Gargoyles - Theme.wav
[2008/09/20 18:57:02 | 00,635,084 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Cow & Chicken - Theme.wav
[2008/09/20 16:16:06 | 00,075,264 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Sam and Max.fla
[2008/09/19 19:16:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Application Data\GarageGames
[2008/09/15 19:41:57 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\The Story of Creation.doc
[2008/09/15 18:47:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/15 18:46:32 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2008/09/15 18:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2008/09/15 18:46:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2008/09/15 18:45:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2008/09/15 18:45:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008/09/15 18:39:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Desktop\Microsoft Office
[2008/09/15 15:17:52 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/15 15:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/15 15:17:20 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/15 15:17:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/12 15:42:26 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/09/12 15:41:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/11 23:16:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/11 23:16:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/11 23:16:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/11 23:16:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/11 23:13:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/11 23:11:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/09/11 23:08:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/11 23:07:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/09/11 21:09:36 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/09/11 21:09:34 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/09/11 21:09:34 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/09/11 21:09:33 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/09/11 21:09:33 | 00,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2008/09/11 21:09:33 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2008/09/11 21:09:33 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/09/11 21:09:33 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/09/11 21:09:32 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/09/11 21:09:32 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/09/11 21:09:32 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/09/11 21:09:32 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/09/11 21:09:32 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/09/11 21:09:32 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/09/11 21:09:31 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/09/11 21:09:31 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/09/11 21:09:31 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/09/11 21:09:31 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2008/09/11 21:09:30 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/09/11 21:09:29 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/11 21:09:29 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/09/11 21:09:29 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/09/11 21:09:29 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/09/11 21:09:29 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/09/11 21:09:29 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/09/11 21:09:29 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/09/11 21:09:29 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/09/11 21:09:29 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/09/11 21:09:29 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/09/11 21:09:29 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/09/11 21:09:24 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/09/11 21:09:24 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/09/11 21:09:24 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/09/11 21:09:24 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/11 21:09:24 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/09/11 21:09:22 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/11 21:09:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/11 21:09:19 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/11 21:09:19 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/11 21:09:19 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/11 21:09:18 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/09/11 21:09:18 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/09/11 21:09:18 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/09/11 21:09:18 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/09/11 21:09:18 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/09/11 21:09:18 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/09/11 21:09:16 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/09/11 21:09:16 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/09/11 21:09:16 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/09/11 21:09:16 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/09/11 21:09:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/11 21:09:11 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/11 21:09:10 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2008/09/11 21:09:10 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/11 21:09:10 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/09/11 21:09:10 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/09/11 21:09:07 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/11 21:09:07 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/11 21:09:04 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/09/11 21:09:03 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/11 21:09:03 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2008/09/11 21:09:03 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/11 21:09:03 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/11 21:09:02 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/11 21:09:01 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/11 21:09:00 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/11 21:09:00 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/11 21:08:59 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/11 21:08:58 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/09/11 21:08:58 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/09/11 21:08:58 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/09/11 21:08:58 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/09/11 21:08:58 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/09/11 21:08:58 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/09/11 21:08:58 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/09/11 21:08:58 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/09/11 21:08:58 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/09/11 21:08:58 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/09/11 21:08:58 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/09/11 21:08:58 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/09/11 21:08:58 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/09/11 21:08:58 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/09/11 21:08:58 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/09/11 21:08:58 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/09/11 21:08:55 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/11 21:08:52 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/09/11 21:08:49 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/09/11 21:08:49 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/09/11 21:08:48 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/11 21:08:47 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/11 21:08:47 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/11 21:08:47 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/11 21:08:45 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/11 21:08:45 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/11 21:08:43 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/11 21:08:43 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/11 21:08:33 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2008/09/11 21:08:32 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/09/11 21:08:32 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/09/11 21:08:32 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/09/11 21:08:30 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/11 21:08:30 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/11 21:08:30 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/11 21:08:30 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/11 21:08:27 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/09/11 21:08:17 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2008/09/11 21:08:17 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/11 21:08:16 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/11 21:08:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/11 21:08:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/11 21:08:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/11 21:08:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/11 21:08:09 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/11 21:08:06 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/11 21:08:06 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/11 21:08:04 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/11 21:08:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/11 21:08:01 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/09/11 21:07:59 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/11 21:07:59 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/11 21:07:59 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/11 21:07:59 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/11 21:07:59 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/11 21:07:59 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/11 21:07:59 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/11 21:07:59 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/11 21:07:56 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/11 21:07:56 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/11 21:07:56 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/11 21:07:56 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/11 21:07:56 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/11 21:07:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/11 21:07:56 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/11 21:07:55 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2008/09/11 21:07:54 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/11 21:07:54 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/11 21:07:54 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/11 21:07:52 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/11 21:07:51 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/09/11 21:07:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/11 21:07:51 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/09/11 21:07:51 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/09/11 21:07:51 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/09/11 21:07:50 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2008/09/11 21:07:50 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/09/11 21:07:50 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/09/11 21:07:49 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/09/11 21:07:49 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/09/11 21:07:49 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/09/11 21:07:46 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/11 21:07:46 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/11 21:07:46 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/11 21:07:46 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/11 21:07:46 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/09/11 21:07:45 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/11 21:07:44 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/11 21:07:40 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/11 21:07:39 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/11 21:07:39 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/11 21:07:37 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/11 18:44:13 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2008/09/10 22:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2008/09/10 20:38:25 | 00,340,772 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Normal Picture.jpg
[2008/09/09 22:00:40 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/09/09 16:56:30 | 11,895,220 | ---- | C] (PortableTurk.com) -- C:\Documents and Settings\Fallen\Desktop\LimeWire PRO 4.18.6.exe
[2008/09/09 16:56:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Application Data\Thinstall
[2008/09/08 15:49:57 | 00,001,142 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/08 15:49:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fallen\Local Settings\Application Data\Downloaded Installations
[2008/09/08 15:32:22 | 00,000,000 | ---D | C] -- C:\Program Files\EA Games
[2008/09/08 15:32:21 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2008/09/08 15:32:21 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2008/09/08 15:32:21 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2008/09/08 15:32:20 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2008/09/08 15:32:18 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2008/09/08 15:32:15 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2008/09/08 15:31:50 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2008/09/08 15:31:49 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2008/09/08 15:31:45 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2008/09/08 15:31:45 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2008/09/08 15:31:42 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2008/09/08 15:25:33 | 00,000,000 | ---D | C] -- C:\Program Files\RADVideo
[2008/09/08 15:13:41 | 00,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2008/09/08 15:09:24 | 00,286,208 | ---- | C] () -- C:\WINDOWS\System\binkw32.dll
[2008/09/08 15:08:34 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\d3dx9_36.dll
[2008/09/04 17:15:37 | 00,042,581 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Tom green.swf
[2008/09/04 17:13:11 | 00,886,784 | ---- | C] () -- C:\Documents and Settings\Fallen\My Documents\Tom green.fla
[2008/09/04 16:35:38 | 00,000,019 | ---- | C] () -- C:\WINDOWS\win96.INI
[2008/09/04 16:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\Super Mario Blue Twilight DX
[2008/09/04 16:21:20 | 00,000,000 | ---D | C] -- C:\Jonny RPG

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Fallen\My Documents\*.tmp files]
[2008/10/04 12:35:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/04 12:00:00 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008/10/04 00:04:50 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fallen\Desktop\OTViewIt(2).exe
[2008/10/03 23:56:12 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fallen\My Documents\OTMoveIt3(3).exe
[2008/10/03 23:54:06 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fallen\My Documents\OTMoveIt3(2).exe
[2008/10/03 23:10:40 | 00,098,684 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\pedo-bear-seal-of-approval.thumbnail.png
[2008/10/03 21:03:38 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\Fallen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/03 18:52:54 | 00,001,696 | ---- | M] () -- C:\Documents and Settings\Fallen\Desktop\Launch VeohTV.lnk
[2008/10/03 18:51:43 | 21,440,208 | ---- | M] (Veoh Networks, Inc. ) -- C:\Documents and Settings\Fallen\My Documents\VeohSetup-3.9.8.1082.exe
[2008/10/03 18:32:20 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fallen\Desktop\OTMoveIt3.exe
[2008/10/03 16:32:03 | 00,000,590 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\My Sharing Folders.lnk
[2008/10/03 16:22:41 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2008/10/03 16:22:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 16:22:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/03 16:08:28 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fallen\My Documents\OTViewIt.exe
[2008/10/03 15:57:21 | 06,153,760 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/03 15:57:21 | 00,540,704 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/03 15:57:21 | 00,049,156 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/03 15:57:21 | 00,002,928 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/03 15:48:33 | 00,352,855 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/03 15:48:27 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/02 22:01:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/02 18:12:27 | 33,180,5736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\WindowsXP-KB936929-SP3-x86-ENU.exe
[2008/10/02 18:03:34 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/02 18:01:32 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/10/02 17:58:30 | 25,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\wmp11-windowsxp-x86-enu.exe
[2008/10/01 20:46:44 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Unorginal!.fla
[2008/10/01 16:44:14 | 00,327,337 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\sonic.rar
[2008/10/01 16:43:53 | 00,037,486 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\alexkidd.rar
[2008/10/01 16:43:16 | 01,044,480 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Sega Project.fla
[2008/10/01 15:58:55 | 01,381,271 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\133985_rayfrard.mp3
[2008/10/01 15:52:17 | 02,732,951 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\162678_DV_Two_Sided.mp3
[2008/10/01 15:50:49 | 04,331,645 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\169856_DV_The_Days_We_Remember.mp3
[2008/10/01 15:05:57 | 08,666,624 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv. RE.fla
[2008/10/01 15:04:47 | 00,160,002 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv.swf
[2008/09/30 22:56:57 | 02,279,434 | -HS- | M] () -- C:\Documents and Settings\Fallen\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Fallen\My Documents\Thumbs.db:encryptable
[2008/09/30 22:39:22 | 04,891,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\Silverlight.2.0.exe
[2008/09/30 21:10:10 | 01,152,235 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ActRaiser 2.7z
[2008/09/30 18:14:46 | 00,173,896 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links Adv Re.swf
[2008/09/30 17:39:39 | 00,045,380 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ootganondorf.png
[2008/09/30 17:25:48 | 00,041,860 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv_Scene 1.swf
[2008/09/30 17:21:10 | 00,007,403 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\-577917066Advanced_Vcam.fla.zip
[2008/09/30 16:34:55 | 00,936,034 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\spritebuildersetup.exe
[2008/09/30 15:44:40 | 02,686,349 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\89111_Ordon_Mix_1.mp3
[2008/09/30 15:42:59 | 00,256,023 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Older link.png
[2008/09/29 19:49:06 | 00,026,598 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Chasing_The_Rainbow.mp3
[2008/09/29 19:48:27 | 00,037,515 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\America - 02 - I Need You.mp3
[2008/09/29 19:05:44 | 00,004,505 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Flash_V--_redesig-10378.zip
[2008/09/29 18:42:56 | 00,084,524 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Duck Tales (U).zip
[2008/09/29 18:22:45 | 00,160,651 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Dick Kids (MC Kids Hack).zip
[2008/09/29 18:22:22 | 00,084,332 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Dick Tracy (U).zip
[2008/09/29 16:38:22 | 81,225,728 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv. 3.fla
[2008/09/29 14:12:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/28 16:38:21 | 00,001,113 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\fs.gif
[2008/09/28 16:21:09 | 01,632,465 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\156593_Windmill_song.mp3
[2008/09/28 16:18:23 | 00,002,204 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\links adv.gif
[2008/09/28 16:04:20 | 08,993,574 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv3.swf
[2008/09/28 15:22:33 | 00,001,635 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\aos-winged_skeleton.gif
[2008/09/28 14:13:22 | 00,001,944 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_north.gif
[2008/09/28 13:56:35 | 00,073,216 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Template.fla
[2008/09/28 13:46:04 | 00,001,421 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Marle_battlestance_right.gif
[2008/09/28 13:37:01 | 02,706,620 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\147112_The_Legend_of_Zelda___A_Li.mp3
[2008/09/28 13:32:50 | 03,402,105 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\97234_Epic_but_Lost.mp3
[2008/09/28 13:32:14 | 01,622,851 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\157645_fairy_fountain.mp3
[2008/09/28 13:26:51 | 00,022,696 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\loud_Exp-Ivan-8050_hifi.mp3
[2008/09/28 13:25:47 | 00,008,286 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Explosio-Public_D-wav-201.zip
[2008/09/28 13:12:48 | 00,026,578 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Explosion1.gif
[2008/09/28 13:06:47 | 00,416,911 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\173370_random_stuff.mp3
[2008/09/28 13:06:35 | 07,429,141 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\107386_Falling_Farther__Trance_Re.mp3
[2008/09/28 13:05:05 | 03,543,374 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\170276_Burn_The_Skies.mp3
[2008/09/28 12:33:24 | 00,001,404 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Marle_walk_down.gif
[2008/09/28 12:26:11 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Marle_cry_up.gif
[2008/09/28 12:25:49 | 00,001,079 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Marle_happy.gif
[2008/09/28 12:14:22 | 02,841,620 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\138780_Zelda___ALTTP___Town__Rema.mp3
[2008/09/28 12:04:43 | 00,002,087 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_south.gif
[2008/09/28 12:04:28 | 00,002,218 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_west.gif
[2008/09/28 12:04:09 | 00,002,225 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_walk_east.gif
[2008/09/28 11:55:12 | 00,057,933 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LuccasParentsRoom.gif
[2008/09/28 11:52:11 | 00,047,237 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv_Part3.swf
[2008/09/28 11:41:55 | 00,810,757 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\113801_SDZeta___Forest.mp3
[2008/09/28 11:39:42 | 00,792,367 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\158366_song_of_storms.mp3
[2008/09/28 11:29:14 | 00,010,462 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\museum6.png
[2008/09/27 19:09:37 | 00,277,970 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\links adv.3.swf
[2008/09/27 18:21:49 | 00,070,041 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ng_alternate_preloader.zip
[2008/09/27 18:18:19 | 00,268,811 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links ad3.swf
[2008/09/27 17:33:07 | 00,002,011 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Links adv.html
[2008/09/27 17:00:26 | 00,001,492 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkA_shieldA_south.gif
[2008/09/27 16:59:10 | 00,002,160 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkG_walk_south.gif
[2008/09/27 16:49:52 | 00,019,171 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ZombieMale_exploding.gif
[2008/09/27 16:47:41 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkGB1_slash_right.gif
[2008/09/27 16:43:03 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkGN_walk_front.gif
[2008/09/27 16:32:12 | 00,001,556 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\LinkGN_walk_right.gif
[2008/09/27 16:29:04 | 00,003,974 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ZombieMale_rise.gif
[2008/09/27 16:12:13 | 00,040,379 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Explosion2.gif
[2008/09/27 16:08:07 | 00,073,883 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\animation-skill-monsterrider-effect1.png
[2008/09/27 16:06:14 | 00,061,362 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\animation-skill-echoofhero-effect.png
[2008/09/27 15:48:10 | 00,004,288 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WeakGreenSoldier_look_left.gif
[2008/09/27 15:33:18 | 00,000,404 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WeakGreenSoldier_up.gif
[2008/09/27 15:11:12 | 00,122,827 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\tooltips.zip
[2008/09/27 15:07:32 | 00,001,365 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\index.html
[2008/09/27 15:04:30 | 00,001,453 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Test.html
[2008/09/27 15:01:07 | 00,371,056 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\afe.zip
[2008/09/27 15:01:06 | 04,574,042 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\advancedae.zip
[2008/09/27 14:49:13 | 00,319,359 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Movie.flv
[2008/09/27 14:47:37 | 00,477,135 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\oopscroll2.zip
[2008/09/27 14:47:33 | 05,639,009 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\as3preloader.zip
[2008/09/27 14:46:24 | 14,509,928 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\flv-converter-standard-41214.exe
[2008/09/27 14:45:50 | 02,617,323 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Pazera_Free_FLV_to_AVI_Converter.zip
[2008/09/27 14:42:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_7(2).zip
[2008/09/27 14:42:29 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_7.zip
[2008/09/27 14:41:25 | 00,178,710 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\video_basics_8.zip
[2008/09/27 14:21:06 | 00,069,120 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\OS_bobble_v1.1.fla
[2008/09/27 14:20:11 | 00,055,940 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\saltas.zip
[2008/09/27 13:56:07 | 13,946,880 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\~449208_inquisitive_dave.fla
[2008/09/27 13:56:07 | 00,011,335 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\~449208_inquisitive_dave.flp
[2008/09/27 13:56:01 | 00,014,520 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\DaveTheGuy.as
[2008/09/27 13:56:01 | 00,003,026 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Wizard.as
[2008/09/27 13:56:01 | 00,002,941 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ClockCounter.as
[2008/09/27 13:56:01 | 00,002,875 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MusicManager.as
[2008/09/27 13:56:01 | 00,002,838 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\SoundEffectManager.as
[2008/09/27 13:56:01 | 00,002,688 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\TransitionHold.as
[2008/09/27 13:56:01 | 00,002,571 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Chicken.as
[2008/09/27 13:56:01 | 00,002,485 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WizardFull.as
[2008/09/27 13:56:01 | 00,001,954 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\FloatyPlat.as
[2008/09/27 13:56:01 | 00,001,070 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\SoundHolderFirstLevel.as
[2008/09/27 13:56:01 | 00,001,064 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MusicHolderFirstLevel.as
[2008/09/27 13:56:01 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\AnimatedObject.as
[2008/09/27 13:56:01 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WaterElectric.as
[2008/09/27 13:56:01 | 00,000,413 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WaterEffect.as
[2008/09/27 13:56:01 | 00,000,201 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WaterFallClip.as
[2008/09/27 13:56:01 | 00,000,201 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\CrackEyesClip.as
[2008/09/27 13:56:01 | 00,000,199 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\FloatyPlatform.as
[2008/09/27 13:56:01 | 00,000,195 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\GuyRunning.as
[2008/09/27 13:56:01 | 00,000,193 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\FaderHold.as
[2008/09/27 13:56:01 | 00,000,191 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\TimerClip.as
[2008/09/27 13:56:01 | 00,000,189 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\AntDust.as
[2008/09/27 13:56:01 | 00,000,183 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Cloudy.as
[2008/09/27 13:56:01 | 00,000,182 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Tsicken.as
[2008/09/27 13:56:01 | 00,000,177 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Guy.as
[2008/09/27 13:56:00 | 00,022,013 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\NewgroundsAPI.as
[2008/09/27 13:56:00 | 00,003,042 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\GameData.as
[2008/09/27 13:56:00 | 00,002,865 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MessageWrite.as
[2008/09/27 13:56:00 | 00,002,772 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Gator.as
[2008/09/27 13:56:00 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\WhirlyBolt.as
[2008/09/27 13:56:00 | 00,000,494 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Clip_Start.as
[2008/09/27 13:50:16 | 05,489,088 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\449208_inquisitive_dave.swf
[2008/09/26 19:41:36 | 00,028,081 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\avgn_pic.jpg
[2008/09/26 19:39:59 | 00,061,827 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Street-Fighter-Quotes-1.0(2).plsc
[2008/09/26 19:33:38 | 00,022,537 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MSN_Text_Flooder.zip
[2008/09/26 19:32:10 | 00,013,583 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Msn_spam.zip
[2008/09/26 16:18:07 | 00,260,207 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 6 (U).zip
[2008/09/26 16:17:52 | 00,267,592 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 5 (U).zip
[2008/09/26 16:17:38 | 00,294,825 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 4 (U).zip
[2008/09/26 16:16:58 | 00,223,414 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 3 (U) [!].zip
[2008/09/26 16:16:46 | 00,135,874 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Mega Man 2 (U).zip
[2008/09/25 18:02:06 | 00,432,694 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\crysis 2.jpg
[2008/09/25 18:01:53 | 00,661,244 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\wallpaper.jpg
[2008/09/25 18:00:35 | 00,372,394 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\123.jpg
[2008/09/24 20:34:10 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MLA_Template_for_CA_Myth_of_origin.doc
[2008/09/24 20:33:48 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Geography_Creat-A-Myth_Rubric.xls
[2008/09/23 21:21:46 | 49,996,376 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Fallen\My Documents\avg_free_stf_en_8_169a1359(2).exe
[2008/09/23 21:20:59 | 00,618,040 | ---- | M] (Prevx) -- C:\Documents and Settings\Fallen\My Documents\PREVXCSIFREE.EXE
[2008/09/23 20:57:51 | 00,210,416 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\zaSetup_en(2).exe
[2008/09/23 20:42:27 | 07,281,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fallen\My Documents\windows-kb890830-v2.2.exe
[2008/09/23 20:23:33 | 00,007,071 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Free-Stuff.html
[2008/09/23 20:00:13 | 01,857,468 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Template.psd
[2008/09/23 19:39:22 | 00,887,904 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\psd_tut1.zip
[2008/09/23 19:01:05 | 00,210,416 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\zaSetup_en.exe
[2008/09/23 16:11:30 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
[2008/09/23 16:06:39 | 00,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crysis WARHEAD.lnk
[2008/09/23 15:55:57 | 00,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/23 15:55:33 | 00,001,142 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/23 15:54:39 | 00,868,080 | ---- | M] (Sony DADC Austria AG) -- C:\Documents and Settings\Fallen\My Documents\PAUL(2).DLL
[2008/09/22 20:38:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Fallen\Desktop\HijackThis.lnk
[2008/09/22 20:28:34 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Fallen\My Documents\HJTInstall.exe
[2008/09/22 18:07:39 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Fallen\Desktop\Spybot - Search & Destroy.lnk
[2008/09/22 18:06:13 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Fallen\My Documents\spybotsd160.exe
[2008/09/22 16:58:44 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/09/21 23:51:19 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/09/21 23:51:15 | 00,000,928 | ---- | M] () -- C:\Documents and Settings\Fallen\Desktop\Kaspersky Anti-Virus 2009.lnk
[2008/09/21 23:48:37 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/09/21 23:25:45 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Fallen\My Documents\KillBox.exe
[2008/09/21 23:16:53 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2008/09/21 23:09:12 | 49,996,376 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Fallen\My Documents\avg_free_stf_en_8_169a1359.exe
[2008/09/21 23:00:47 | 00,000,135 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\New
[2008/09/21 22:26:50 | 01,474,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/21 21:17:34 | 33,138,928 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Fallen\My Documents\kav8.0.0.454en.exe
[2008/09/21 19:46:35 | 01,363,514 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\clip0006.avi
[2008/09/21 19:46:30 | 09,678,704 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\clip0005.avi
[2008/09/21 19:43:54 | 03,168,382 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\SopCast.zip
[2008/09/21 19:16:12 | 04,522,490 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\ashley tisdale - never gonna give you up.mp3
[2008/09/21 19:04:34 | 00,039,744 | ---- | M] () -- C:\Documents and Settings\Fallen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/21 18:12:48 | 00,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/09/21 18:12:42 | 00,669,184 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2008/09/21 18:11:49 | 00,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crysis.lnk
[2008/09/21 11:59:09 | 00,198,061 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\001.jpg
[2008/09/21 00:08:44 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\sdd.hls
[2008/09/20 19:01:47 | 01,315,628 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\DarkWing Duck - Theme.wav
[2008/09/20 19:00:57 | 00,601,744 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\2 Stupid Dogs - Theme.wav
[2008/09/20 19:00:00 | 01,442,348 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\MagicBus - Theme.wav
[2008/09/20 18:58:59 | 01,351,090 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Gargoyles - Theme.wav
[2008/09/20 18:58:10 | 00,635,084 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Cow & Chicken - Theme.wav
[2008/09/20 16:16:07 | 00,075,264 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Sam and Max.fla
[2008/09/18 23:14:33 | 06,167,552 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\movie 2.fla
[2008/09/15 19:42:05 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\The Story of Creation.doc
[2008/09/15 18:47:41 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2008/09/15 18:46:33 | 00,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2008/09/15 15:17:52 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/09/14 14:11:39 | 03,709,286 | -H-- | M] () -- C:\Documents and Settings\Fallen\Local Settings\Application Data\IconCache.db
[2008/09/12 15:44:00 | 00,433,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/12 15:44:00 | 00,067,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/12 15:43:59 | 00,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/12 15:42:50 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Fallen\My Documents\desktop.ini
[2008/09/12 15:42:41 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/11 23:11:20 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/11 18:44:13 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2008/09/10 20:38:26 | 00,340,772 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Normal Picture.jpg
[2008/09/06 13:32:58 | 11,895,220 | ---- | M] (PortableTurk.com) -- C:\Documents and Settings\Fallen\Desktop\LimeWire PRO 4.18.6.exe
[2008/09/06 12:50:50 | 00,000,019 | ---- | M] () -- C:\WINDOWS\win96.INI
[2008/09/04 17:22:17 | 00,886,784 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Tom green.fla
[2008/09/04 17:21:45 | 00,042,581 | ---- | M] () -- C:\Documents and Settings\Fallen\My Documents\Tom green.swf
< End of report >

Edited by FallenAnzel, 04 October 2008 - 03:02 PM.


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:50 PM

Posted 04 October 2008 - 03:27 PM

Hello, FallenAnzel.
Well.. don't know where the killbox log came from...
Can you post the OTMoveIt3 report please?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 FallenAnzel

FallenAnzel
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:C.A.
  • Local time:10:50 PM

Posted 04 October 2008 - 03:28 PM

Hello, FallenAnzel.
Well.. don't know where the killbox log came from...
Can you post the OTMoveIt3 report please?

Billy3


That is all I can find in that file.

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:50 PM

Posted 04 October 2008 - 03:31 PM

Hello, FallenAnzel.
The report should have popped up after the OTMoveIt instructions above. Let's try this again... (Just wondering how 'cause I haven't seen KillBox used in months....)

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\XDva090.sys
    c:\program files\premieropinion
    C:\WINDOWS\system32\tuvWmlMG
    C:\!KillBox
    :services
    XDva090
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DCE8929-CC5F-48F5-9626-8359BCCB7CBE}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{{C14E6230-757D-4246-81CE-B34E2940C722}]
    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"=-
    "AVG7_Run"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqNDVmj]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{C14E6230-757D-4246-81CE-B34E2940C722}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log

Billy3

Edited by Billy O'Neal, 04 October 2008 - 03:31 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 FallenAnzel

FallenAnzel
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:C.A.
  • Local time:10:50 PM

Posted 04 October 2008 - 07:22 PM

I start the program move the files and then it freezes
When i go the folder you tell me to there are other folders with a bunch of numbers on them but they are all empty.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:50 PM

Posted 04 October 2008 - 08:32 PM

Hello, FallenAnzel.
Alright then. Time to pull out some bigger guns :D

We need to run ComboFix.In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 FallenAnzel

FallenAnzel
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:C.A.
  • Local time:10:50 PM

Posted 04 October 2008 - 10:06 PM

ComboFix 08-10-04.07 - Fallen 2008-10-04 19:51:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.474 [GMT -7:00]
Running from: C:\Documents and Settings\Fallen\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Fallen\Application Data\.#
C:\Documents and Settings\Fallen\Cookies\fallen@live[2].txt
C:\Documents and Settings\Fallen\My Documents\My Music\My Music.url
C:\Program Files\SAV
C:\Program Files\SAV\sav0.dat
C:\Program Files\SAV\sav1.dat
C:\WINDOWS\BMbf4ef0e7.txt
C:\WINDOWS\BMbf4ef0e7.xml
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\msssc.dll
E:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.

2008-10-04 17:21 . 2008-10-04 17:21 3,072 --ahs---- C:\Thumbs.db
2008-10-04 00:02 . 2008-10-04 01:10 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-10-03 18:52 . 2008-10-03 18:52 <DIR> d-------- C:\Program Files\Veoh Networks
2008-10-03 18:52 . 2008-10-03 18:52 <DIR> d-------- C:\Documents and Settings\Fallen\Application Data\Bitdefender
2008-10-03 18:32 . 2008-10-03 18:32 <DIR> d-------- C:\_OTMoveIt
2008-10-03 15:54 . 2008-10-03 15:56 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-02 18:27 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-10-02 18:03 . 2008-10-03 15:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-10-02 18:01 . 2008-10-03 15:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-30 16:35 . 2008-10-03 15:55 <DIR> d-------- C:\Program Files\Sprite Builder
2008-09-28 23:14 . 2008-09-28 23:14 307,200 --a------ C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2008-09-27 14:46 . 2008-09-27 14:46 <DIR> d-------- C:\Program Files\ImTOO
2008-09-23 21:21 . 2008-10-03 15:56 <DIR> d-------- C:\Program Files\PrevxCSI
2008-09-23 19:04 . 2008-10-03 15:56 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-09-23 19:04 . 2008-09-23 19:04 <DIR> d-------- C:\Program Files\Zone Labs
2008-09-23 19:04 . 2008-10-03 15:48 352,855 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-09-23 19:03 . 2008-10-03 15:55 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-09-23 15:55 . 2008-09-23 15:55 <DIR> d-------- C:\ProgramData
2008-09-22 20:38 . 2008-09-22 20:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 18:07 . 2008-09-22 18:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-21 23:51 . 2008-09-22 16:58 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-21 23:51 . 2008-09-21 23:51 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-21 23:50 . 2008-09-21 23:50 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-21 23:50 . 2008-09-23 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-21 23:50 . 2008-09-21 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-21 21:33 . 2008-10-03 15:57 6,153,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-21 21:33 . 2008-10-03 15:57 540,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-21 21:33 . 2008-10-03 15:57 49,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-21 21:33 . 2008-10-03 15:57 2,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-21 21:18 . 2008-09-21 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-21 19:58 . 2008-09-21 19:59 <DIR> d-------- C:\Program Files\SopCast
2008-09-21 18:26 . 2008-09-21 18:26 <DIR> d-------- C:\Program Files\GameSpy
2008-09-19 19:16 . 2008-09-19 19:16 <DIR> d-------- C:\Documents and Settings\Fallen\Application Data\GarageGames
2008-09-15 18:47 . 2008-09-15 18:47 376 --a------ C:\WINDOWS\ODBC.INI
2008-09-15 18:46 . 2008-09-15 18:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-15 18:45 . 2008-09-15 18:46 <DIR> d-------- C:\WINDOWS\ShellNew
2008-09-15 15:17 . 2008-09-15 15:17 <DIR> d-------- C:\Program Files\iTunes
2008-09-15 15:17 . 2008-09-15 15:17 <DIR> d-------- C:\Program Files\iPod
2008-09-15 15:17 . 2008-09-15 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 15:42 . 2008-04-13 17:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-11 23:16 . 2008-09-11 23:16 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-11 23:16 . 2008-09-11 23:16 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-11 23:16 . 2008-09-11 23:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-11 23:16 . 2008-09-11 23:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-11 23:13 . 2008-09-11 23:17 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-11 23:07 . 2008-10-03 15:55 <DIR> d-------- C:\WINDOWS\EHome
2008-09-11 21:08 . 2008-04-13 17:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-11 21:07 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-10 22:01 . 2008-09-10 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-09-09 22:00 . 2008-10-02 22:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-09 16:56 . 2008-09-09 16:56 <DIR> d-------- C:\Documents and Settings\Fallen\Application Data\Thinstall
2008-09-09 16:56 . 2008-09-09 16:56 <DIR> d-------- C:\Documents and Settings\Atalay\Belgelerim
2008-09-09 16:56 . 2008-09-09 16:56 <DIR> d-------- C:\Documents and Settings\Atalay
2008-09-08 15:49 . 2008-09-23 15:55 1,142 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-08 15:32 . 2008-09-08 15:32 <DIR> d-------- C:\Program Files\EA Games
2008-09-08 15:32 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-09-08 15:32 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-08 15:32 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-09-08 15:32 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-09-08 15:32 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-09-08 15:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-09-08 15:31 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-09-08 15:31 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-09-08 15:31 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-09-08 15:31 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-09-08 15:31 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-09-08 15:25 . 2008-09-08 15:25 <DIR> d-------- C:\Program Files\RADVideo
2008-09-08 15:13 . 2000-07-31 13:28 286,208 --a------ C:\WINDOWS\system32\binkw32.dll
2008-09-08 15:09 . 2000-07-31 13:28 286,208 --a------ C:\WINDOWS\system\binkw32.dll
2008-09-08 15:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system\d3dx9_36.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-06 15:05 . 2008-09-06 15:05 <DIR> d-------- C:\Documents and Settings\Fallen\Local Setting
2008-09-06 14:30 . 2008-09-06 14:30 410,976 --a------ C:\WINDOWS\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 03:00 --------- d-----w C:\Documents and Settings\Fallen\Application Data\BitTorrent
2008-10-05 02:59 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-10-05 02:59 --------- d-----w C:\Program Files\Steam
2008-10-05 02:59 --------- d-----w C:\Program Files\ScreenshotCaptor
2008-10-05 02:17 --------- d-----w C:\Documents and Settings\Fallen\Application Data\LimeWire
2008-10-04 01:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 22:55 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-28 22:22 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-09-28 00:54 --------- d-----w C:\Program Files\CamStudio
2008-09-23 22:55 --------- d-----w C:\Program Files\Electronic Arts
2008-09-23 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 23:42 --------- d-----w C:\Program Files\PremierOpinion
2008-09-22 06:17 --------- d-----w C:\Program Files\FlashGet
2008-09-22 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-22 02:36 --------- d-----w C:\Documents and Settings\Fallen\Application Data\AVG7
2008-09-22 01:12 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-09-22 01:12 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-21 18:29 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-21 18:01 --------- d-----w C:\Program Files\Google
2008-09-15 22:16 --------- d-----w C:\Program Files\QuickTime
2008-09-15 22:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-15 22:11 --------- d-----w C:\Program Files\Bonjour
2008-09-06 21:30 --------- d-----w C:\Program Files\Java
2008-09-06 19:47 --------- d-----w C:\Program Files\Super Mario Blue Twilight DX
2008-09-04 02:32 --------- d-----w C:\Program Files\Camtech
2008-09-02 04:27 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-02 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\BCR
2008-09-02 04:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-02 04:23 --------- d-----w C:\Program Files\AGEIA Technologies
2008-09-02 04:21 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-09-02 04:21 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-02 04:21 --------- d-----w C:\Program Files\OpenAL
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 01:25 --------- d-----w C:\Program Files\DivX
2008-08-24 18:32 --------- d-----w C:\Program Files\Cave Story Deluxe
2008-08-24 02:08 952 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-08-24 02:08 88 --sh--r C:\Documents and Settings\All Users\Application Data\5E2B651015.sys
2008-08-24 01:10 --------- d-----w C:\Program Files\Enterbrain
2008-08-24 00:40 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-16 02:34 --------- d-----w C:\Documents and Settings\Fallen\Application Data\Apple Computer
2008-08-15 23:27 --------- d-----w C:\Program Files\Apple Software Update
2008-08-15 17:00 --------- d-----w C:\Program Files\The Specialists
2008-08-14 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-13 02:58 --------- d-----w C:\Program Files\Project64 1.6
2008-08-13 00:08 141,612 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2008-08-12 03:59 --------- d-----w C:\Program Files\SilverAge Software
2008-08-11 04:17 --------- d-----w C:\Program Files\MSN Messenger
2008-08-11 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-11 04:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-09 22:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 21:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-08 02:43 --------- d-----w C:\Program Files\SysMetrix
2008-08-07 08:27 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-30 03:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-22 00:45 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-09 04:02 0 ---ha-w C:\Documents and Settings\Fallen\jagex_runescape_preferences.dat
2008-07-08 06:41 22,328 ---ha-w C:\Documents and Settings\Fallen\Application Data\PnkBstrK.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
1995-05-28 17:11 19,456 ---ha-w C:\Documents and Settings\Fallen\QUESTW.EXE
1995-03-26 01:03 228,016 ---ha-w C:\Documents and Settings\Fallen\SMALPLAY.EXE
1995-03-25 20:18 15,616 ---ha-w C:\Documents and Settings\Fallen\WINPLAY.EXE
1995-01-01 04:27 572,928 ---ha-w C:\Documents and Settings\Fallen\AB.EXE
1995-01-01 04:24 134,400 ---ha-w C:\Documents and Settings\Fallen\ABDC.EXE
1995-01-01 04:17 58,986 ---ha-w C:\Documents and Settings\Fallen\AB.DAT
1994-10-19 07:13 90,608 ---ha-w C:\Documents and Settings\Fallen\ABLINK.EXE
1994-06-10 04:49 250,624 ---ha-w C:\Documents and Settings\Fallen\PLAY.EXE
1994-06-10 04:47 250,624 ---ha-w C:\Documents and Settings\Fallen\ABDEBUG.EXE
1994-06-03 06:44 200,960 ---ha-w C:\Documents and Settings\Fallen\ABMAKE.EXE
1994-06-01 04:40 143,104 ---ha-w C:\Documents and Settings\Fallen\ABCOM.EXE
1994-01-03 05:19 67,584 ---ha-w C:\Documents and Settings\Fallen\ABLIB.EXE
1992-10-27 14:00 85,998 ---ha-w C:\Documents and Settings\Fallen\RTM.EXE
2008-04-15 21:35 277,891 --sha-w C:\WINDOWS\system32\GMlmWvut.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-08-14 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Steam"="c:\program files\steam\steam.exe" [2008-08-24 1271032]
"Screenshot Captor"="C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" [2007-10-07 6422016]
"BitTorrent"="C:\Program Files\BitTorrent\BitTorrent.exe" [2008-02-27 587568]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-23 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\Fallen\Start Menu\Programs\Startup\
Thoosje Vista Sidebar.lnk - C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe"
"Screenshot Captor"="C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 156800]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 5248]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 40928]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 27776]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-06 147456]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S2 gupdate1c912e355531d1a;Google Update Service (gupdate1c912e355531d1a);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-27 355584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}]
\Shell\AutoRun\command - H:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "client.tc"
\Shell\dismount\command - H:\TrueCrypt\TrueCrypt.exe /q /d
\Shell\mount\command - H:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "client.tc"
\Shell\open\command - H:\TrueCrypt\TrueCrypt.exe /e /m rm /v "client.tc"
.
Contents of the 'Scheduled Tasks' folder

2008-10-05 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-09-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-10-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-06 13:11]

2008-10-05 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Fallen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 13:11]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Fallen\Application Data\Mozilla\Firefox\Profiles\siqmc9yh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig
FF -: plugin - C:\Documents and Settings\Fallen\Application Data\Mozilla\Firefox\Profiles\siqmc9yh.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF -: plugin - C:\Documents and Settings\Fallen\Application Data\Mozilla\Firefox\Profiles\siqmc9yh.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF -: plugin - C:\Documents and Settings\Fallen\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 19:59:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\COMMON~1\stardock\SDMCP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\drivers\WtSrv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-10-04 20:06:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-05 03:06:02

Pre-Run: 12,344,385,536 bytes free
Post-Run: 12,472,266,752 bytes free

330 --- E O F --- 2008-09-18 05:03:26

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:50 PM

Posted 04 October 2008 - 10:25 PM

Hello, FallenAnzel.
When you run ComboFix this time it should ask to upload a file. Please follow the onscreen instructions when it attempts to do so.

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    http://www.bleepingcomputer.com/forums/t/170885/bad-viruss/
    
    suspect::[54]
    C:\Documents and Settings\Fallen\QUESTW.EXE
    C:\Documents and Settings\Fallen\SMALPLAY.EXE
    C:\Documents and Settings\Fallen\WINPLAY.EXE
    C:\Documents and Settings\Fallen\AB.EXE
    C:\Documents and Settings\Fallen\ABDC.EXE
    C:\Documents and Settings\Fallen\AB.DAT
    C:\Documents and Settings\Fallen\ABLINK.EXE
    C:\Documents and Settings\Fallen\PLAY.EXE
    C:\Documents and Settings\Fallen\ABDEBUG.EXE
    C:\Documents and Settings\Fallen\ABMAKE.EXE
    C:\Documents and Settings\Fallen\ABCOM.EXE
    C:\Documents and Settings\Fallen\ABLIB.EXE
    C:\Documents and Settings\Fallen\RTM.EXE
    
    file::
    C:\WINDOWS\system32\GMlmWvut.ini2
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 FallenAnzel

FallenAnzel
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:C.A.
  • Local time:10:50 PM

Posted 04 October 2008 - 10:38 PM

ComboFix 08-10-04.07 - Fallen 2008-10-04 20:33:19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.637 [GMT -7:00]
Running from: C:\Documents and Settings\Fallen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fallen\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\GMlmWvut.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\GMlmWvut.ini2

.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.

2008-10-04 17:21 . 2008-10-04 17:21 3,072 --ahs---- C:\Thumbs.db
2008-10-04 00:02 . 2008-10-04 01:10 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-10-03 18:52 . 2008-10-03 18:52 <DIR> d-------- C:\Program Files\Veoh Networks
2008-10-03 18:52 . 2008-10-03 18:52 <DIR> d-------- C:\Documents and Settings\Fallen\Application Data\Bitdefender
2008-10-03 18:32 . 2008-10-03 18:32 <DIR> d-------- C:\_OTMoveIt
2008-10-03 15:54 . 2008-10-03 15:56 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-02 18:27 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-10-02 18:03 . 2008-10-03 15:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-10-02 18:01 . 2008-10-03 15:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-30 16:35 . 2008-10-03 15:55 <DIR> d-------- C:\Program Files\Sprite Builder
2008-09-28 23:14 . 2008-09-28 23:14 307,200 --a------ C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2008-09-27 14:46 . 2008-09-27 14:46 <DIR> d-------- C:\Program Files\ImTOO
2008-09-23 21:21 . 2008-10-03 15:56 <DIR> d-------- C:\Program Files\PrevxCSI
2008-09-23 19:04 . 2008-10-03 15:56 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-09-23 19:04 . 2008-09-23 19:04 <DIR> d-------- C:\Program Files\Zone Labs
2008-09-23 19:04 . 2008-10-03 15:48 352,855 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-09-23 19:03 . 2008-10-03 15:55 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-09-23 15:55 . 2008-09-23 15:55 <DIR> d-------- C:\ProgramData
2008-09-22 20:38 . 2008-09-22 20:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 18:07 . 2008-09-22 18:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-21 23:51 . 2008-09-22 16:58 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-21 23:51 . 2008-09-21 23:51 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-21 23:50 . 2008-09-21 23:50 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-21 23:50 . 2008-09-23 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-21 23:50 . 2008-09-21 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-21 21:33 . 2008-10-03 15:57 6,153,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-21 21:33 . 2008-10-03 15:57 540,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-21 21:33 . 2008-10-03 15:57 49,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-21 21:33 . 2008-10-03 15:57 2,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-21 21:18 . 2008-09-21 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-21 19:58 . 2008-09-21 19:59 <DIR> d-------- C:\Program Files\SopCast
2008-09-21 18:26 . 2008-09-21 18:26 <DIR> d-------- C:\Program Files\GameSpy
2008-09-19 19:16 . 2008-09-19 19:16 <DIR> d-------- C:\Documents and Settings\Fallen\Application Data\GarageGames
2008-09-15 18:47 . 2008-09-15 18:47 376 --a------ C:\WINDOWS\ODBC.INI
2008-09-15 18:46 . 2008-09-15 18:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-15 18:45 . 2008-09-15 18:46 <DIR> d-------- C:\WINDOWS\ShellNew
2008-09-15 15:17 . 2008-09-15 15:17 <DIR> d-------- C:\Program Files\iTunes
2008-09-15 15:17 . 2008-09-15 15:17 <DIR> d-------- C:\Program Files\iPod
2008-09-15 15:17 . 2008-09-15 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 15:42 . 2008-04-13 17:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-11 23:16 . 2008-09-11 23:16 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-11 23:16 . 2008-09-11 23:16 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-11 23:16 . 2008-09-11 23:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-11 23:16 . 2008-09-11 23:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-11 23:13 . 2008-09-11 23:17 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-11 23:07 . 2008-10-03 15:55 <DIR> d-------- C:\WINDOWS\EHome
2008-09-11 21:08 . 2008-04-13 17:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-11 21:07 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-10 22:01 . 2008-09-10 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-09-09 22:00 . 2008-10-02 22:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-09 16:56 . 2008-09-09 16:56 <DIR> d-------- C:\Documents and Settings\Fallen\Application Data\Thinstall
2008-09-09 16:56 . 2008-09-09 16:56 <DIR> d-------- C:\Documents and Settings\Atalay\Belgelerim
2008-09-09 16:56 . 2008-09-09 16:56 <DIR> d-------- C:\Documents and Settings\Atalay
2008-09-08 15:49 . 2008-09-23 15:55 1,142 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-08 15:32 . 2008-09-08 15:32 <DIR> d-------- C:\Program Files\EA Games
2008-09-08 15:32 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-09-08 15:32 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-08 15:32 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-09-08 15:32 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-09-08 15:32 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-09-08 15:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-09-08 15:31 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-09-08 15:31 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-09-08 15:31 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-09-08 15:31 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-09-08 15:31 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-09-08 15:25 . 2008-09-08 15:25 <DIR> d-------- C:\Program Files\RADVideo
2008-09-08 15:13 . 2000-07-31 13:28 286,208 --a------ C:\WINDOWS\system32\binkw32.dll
2008-09-08 15:09 . 2000-07-31 13:28 286,208 --a------ C:\WINDOWS\system\binkw32.dll
2008-09-08 15:08 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system\d3dx9_36.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-06 15:05 . 2008-09-06 15:05 <DIR> d-------- C:\Documents and Settings\Fallen\Local Setting
2008-09-06 14:30 . 2008-09-06 14:30 410,976 --a------ C:\WINDOWS\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 03:30 --------- d-----w C:\Documents and Settings\Fallen\Application Data\LimeWire
2008-10-05 03:00 --------- d-----w C:\Documents and Settings\Fallen\Application Data\BitTorrent
2008-10-05 02:59 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-10-05 02:59 --------- d-----w C:\Program Files\Steam
2008-10-05 02:59 --------- d-----w C:\Program Files\ScreenshotCaptor
2008-10-04 01:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 22:55 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-28 22:22 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-09-28 00:54 --------- d-----w C:\Program Files\CamStudio
2008-09-23 22:55 --------- d-----w C:\Program Files\Electronic Arts
2008-09-23 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 23:42 --------- d-----w C:\Program Files\PremierOpinion
2008-09-22 06:17 --------- d-----w C:\Program Files\FlashGet
2008-09-22 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-22 02:36 --------- d-----w C:\Documents and Settings\Fallen\Application Data\AVG7
2008-09-22 01:12 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-09-22 01:12 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-21 18:29 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-21 18:01 --------- d-----w C:\Program Files\Google
2008-09-15 22:16 --------- d-----w C:\Program Files\QuickTime
2008-09-15 22:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-15 22:11 --------- d-----w C:\Program Files\Bonjour
2008-09-06 21:30 --------- d-----w C:\Program Files\Java
2008-09-06 19:47 --------- d-----w C:\Program Files\Super Mario Blue Twilight DX
2008-09-04 02:32 --------- d-----w C:\Program Files\Camtech
2008-09-02 04:27 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-02 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\BCR
2008-09-02 04:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-02 04:23 --------- d-----w C:\Program Files\AGEIA Technologies
2008-09-02 04:21 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-09-02 04:21 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-02 04:21 --------- d-----w C:\Program Files\OpenAL
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 01:25 --------- d-----w C:\Program Files\DivX
2008-08-24 18:32 --------- d-----w C:\Program Files\Cave Story Deluxe
2008-08-24 02:08 952 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-08-24 02:08 88 --sh--r C:\Documents and Settings\All Users\Application Data\5E2B651015.sys
2008-08-24 01:10 --------- d-----w C:\Program Files\Enterbrain
2008-08-24 00:40 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-16 02:34 --------- d-----w C:\Documents and Settings\Fallen\Application Data\Apple Computer
2008-08-15 23:27 --------- d-----w C:\Program Files\Apple Software Update
2008-08-15 17:00 --------- d-----w C:\Program Files\The Specialists
2008-08-14 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-13 02:58 --------- d-----w C:\Program Files\Project64 1.6
2008-08-13 00:08 141,612 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2008-08-12 03:59 --------- d-----w C:\Program Files\SilverAge Software
2008-08-11 04:17 --------- d-----w C:\Program Files\MSN Messenger
2008-08-11 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-11 04:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-09 22:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 21:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-08 02:43 --------- d-----w C:\Program Files\SysMetrix
2008-08-07 08:27 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-30 03:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-22 00:45 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-09 04:02 0 ---ha-w C:\Documents and Settings\Fallen\jagex_runescape_preferences.dat
2008-07-08 06:41 22,328 ---ha-w C:\Documents and Settings\Fallen\Application Data\PnkBstrK.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
1995-05-28 17:11 19,456 ---ha-w C:\Documents and Settings\Fallen\QUESTW.EXE
1995-03-26 01:03 228,016 ---ha-w C:\Documents and Settings\Fallen\SMALPLAY.EXE
1995-03-25 20:18 15,616 ---ha-w C:\Documents and Settings\Fallen\WINPLAY.EXE
1995-01-01 04:27 572,928 ---ha-w C:\Documents and Settings\Fallen\AB.EXE
1995-01-01 04:24 134,400 ---ha-w C:\Documents and Settings\Fallen\ABDC.EXE
1995-01-01 04:17 58,986 ---ha-w C:\Documents and Settings\Fallen\AB.DAT
1994-10-19 07:13 90,608 ---ha-w C:\Documents and Settings\Fallen\ABLINK.EXE
1994-06-10 04:49 250,624 ---ha-w C:\Documents and Settings\Fallen\PLAY.EXE
1994-06-10 04:47 250,624 ---ha-w C:\Documents and Settings\Fallen\ABDEBUG.EXE
1994-06-03 06:44 200,960 ---ha-w C:\Documents and Settings\Fallen\ABMAKE.EXE
1994-06-01 04:40 143,104 ---ha-w C:\Documents and Settings\Fallen\ABCOM.EXE
1994-01-03 05:19 67,584 ---ha-w C:\Documents and Settings\Fallen\ABLIB.EXE
1992-10-27 14:00 85,998 ---ha-w C:\Documents and Settings\Fallen\RTM.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-08-14 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Steam"="c:\program files\steam\steam.exe" [2008-08-24 1271032]
"Screenshot Captor"="C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" [2007-10-07 6422016]
"BitTorrent"="C:\Program Files\BitTorrent\BitTorrent.exe" [2008-02-27 587568]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-23 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\Fallen\Start Menu\Programs\Startup\
Thoosje Vista Sidebar.lnk - C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe"
"Screenshot Captor"="C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 156800]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 5248]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 40928]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 27776]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-06 147456]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S2 gupdate1c912e355531d1a;Google Update Service (gupdate1c912e355531d1a);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-27 355584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1781cd42-10c4-11dd-ab9b-000d726a57e2}]
\Shell\AutoRun\command - H:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "client.tc"
\Shell\dismount\command - H:\TrueCrypt\TrueCrypt.exe /q /d
\Shell\mount\command - H:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "client.tc"
\Shell\open\command - H:\TrueCrypt\TrueCrypt.exe /e /m rm /v "client.tc"

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP111
.
Contents of the 'Scheduled Tasks' folder

2008-10-05 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-09-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-10-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-06 13:11]

2008-10-05 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Fallen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 13:11]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 20:34:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-04 20:36:18
ComboFix-quarantined-files.txt 2008-10-05 03:35:37
ComboFix2.txt 2008-10-05 03:06:12

Pre-Run: 12,496,097,280 bytes free
Post-Run: 12,474,982,400 bytes free

275 --- E O F --- 2008-09-18 05:03:26

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:50 PM

Posted 05 October 2008 - 09:22 AM

Hello, FallenAnzel.
Hmm.. didn't seem to work. Trying to get a sample of this because it looks new....

Not 100% positive these are malware so I want to get them checked out before deletion ;)

We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
    http://www.bleepingcomputer.com/forums/t/170885/bad-viruss/
  • Where it says "Browse to the file you want to submit", copy and paste in
    C:\Documents and Settings\Fallen\PLAY.EXE
  • Press the Posted Image button.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 FallenAnzel

FallenAnzel
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:C.A.
  • Local time:10:50 PM

Posted 05 October 2008 - 02:50 PM

Alright I sent it. I am not sure if the malware is still here I think I stopped it from starting up with spybot search and destroy.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users