Hi Sage5! Thanks in advance for any help you can give me. Here is the OTViewIt.Txt information:
OTViewIt logfile created on: 9/5/2008 7:48:05 PM - Run 2
OTViewIt by OldTimer - Version 1.0.2.1 beta Folder = C:\Documents and Settings\Skrunt\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.41 Mb Total Physical Memory | 659.25 Mb Available Physical Memory | 64.48% Memory free
3.88 Gb Paging File | 3.63 Gb Available in Paging File | 93.61% Paging File free
Paging file location(s): G:\pagefile.sys 3048 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 8.83 Gb Free Space | 44.17% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 10.00 Gb Total Space | 9.38 Gb Free Space | 93.83% Space Free | Partition Type: NTFS
Drive F: | 263.67 Gb Total Space | 223.71 Gb Free Space | 84.85% Space Free | Partition Type: NTFS
Drive G: | 4.41 Gb Total Space | 1.40 Gb Free Space | 31.83% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HAL
Current User Name: Skrunt
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
===== Processes - Non-Microsoft Only =====
[06/23/2008 09:40 AM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[11/14/2006 05:21 PM | 16,270,848 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\RTHDCPL.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[04/19/2007 01:26 PM | 00,484,904 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[12/02/2004 07:23 PM | 00,102,400 | ---- | M] (Creative Technology Ltd) - E:\creative\Detector\CTDetect.exe
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - E:\Spybot - Search & Destroy\TeaTimer.exe
[12/09/2005 06:17 PM | 00,118,784 | ---- | M] (Nikon Corporation) - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[07/04/2008 06:52 AM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe
[12/13/1999 02:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE
[11/23/2005 07:58 AM | 00,765,952 | ---- | M] (Diskeeper Corporation) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[04/19/2007 01:35 PM | 00,075,304 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[12/05/2007 02:41 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[01/04/2007 04:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe
[10/06/2006 12:09 PM | 00,192,512 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxsrvc.exe
[09/05/2008 07:41 PM | 01,305,600 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Skrunt\Desktop\OTViewIt_beta.exe
===== Win32 Services - Non-Microsoft Only =====
[06/23/2008 09:40 AM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (aawservice [Auto | Running])
[07/04/2008 06:52 AM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe (avg8wd [Auto | Running])
[12/13/1999 02:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Service for CDROM Access [Auto | Running])
[11/23/2005 07:58 AM | 00,765,952 | ---- | M] (Diskeeper Corporation) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper [Auto | Running])
[08/03/2004 08:07 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe (dmadmin [On_Demand | Stopped])
[04/14/2008 10:31 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (FLEXnet Licensing Service [On_Demand | Stopped])
[04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT [On_Demand | Stopped])
[04/19/2007 01:35 PM | 00,075,304 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService [Auto | Running])
[12/05/2007 02:41 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe (NVSvc [Auto | Running])
File not found - h:\Program Files\ThreatFire\TFService.exe (ThreatFire [Auto | Stopped])
[01/04/2007 04:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Manager Service [Auto | Running])
===== Driver Services - Non-Microsoft Only =====
File not found - C:\DOCUME~1\Skrunt\LOCALS~1\Temp\Amsmpu4p.sys (Amsmpu4p [On_Demand | Stopped])
[07/04/2008 06:52 AM | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgldx86.sys (AvgLdx86 [System | Stopped])
[07/04/2008 06:52 AM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgmfx86.sys (AvgMfx86 [System | Running])
[08/03/2004 08:07 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot [Disabled | Stopped])
[08/03/2004 08:07 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys (dmio [Boot | Running])
[08/03/2004 08:07 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys (dmload [Boot | Running])
[12/20/2005 07:23 PM | 00,023,872 | ---- | M] (Your Corporation) - C:\Program Files\LiveUpdate\FXDrv32.sys (FXDrv32 [On_Demand | Stopped])
[01/07/2005 05:07 PM | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\Hdaudbus.sys (HDAudBus [On_Demand | Running])
[10/06/2006 02:24 PM | 01,181,824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\igxpmp32.sys (ialm [On_Demand | Stopped])
[11/15/2006 02:34 PM | 04,225,920 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys (IntcAzAudAddService [On_Demand | Running])
[01/19/2006 03:01 AM | 00,017,280 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctpdusb.sys (Jukebox3 [On_Demand | Stopped])
[08/02/2006 11:45 AM | 00,114,560 | ---- | M] (Mars Semiconductor Corp.) - C:\WINDOWS\system32\drivers\mr7910.sys (mr7910 [On_Demand | Stopped])
[12/05/2007 02:41 AM | 07,435,392 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys (nv [On_Demand | Running])
[06/19/2008 05:24 PM | 00,028,544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys (pavboot [Boot | Running])
[05/23/2006 04:00 PM | 00,010,368 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys (pfc [On_Demand | Running])
[08/03/2004 08:07 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys (Ptilink [On_Demand | Running])
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv [Auto | Running])
[04/24/2008 04:52 PM | 00,051,520 | ---- | M] (PC Tools) - C:\WINDOWS\system32\drivers\TfFsMon.sys (TfFsMon [Boot | Running])
[04/24/2008 04:52 PM | 00,033,088 | ---- | M] (PC Tools) - C:\WINDOWS\system32\drivers\TfNetMon.sys (TfNetMon [On_Demand | Stopped])
[04/24/2008 04:52 PM | 00,038,208 | ---- | M] (PC Tools) - C:\WINDOWS\system32\drivers\TfSysMon.sys (TfSysMon [Boot | Running])
[03/15/2006 08:51 AM | 00,244,608 | ---- | M] (Marvell) - C:\WINDOWS\system32\drivers\yk51x86.sys (yukonwxp [On_Demand | Running])
========== Run Keys ==========
[05/03/2005 06:43 PM | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) - ALCMTR.EXE ("Alcmtr" HKLM:Run)
File not found - C:\PROGRA~1\AVG\AVG8\avgtray.exe ("AVG8_TRAY" HKLM:Run)
[11/22/2005 05:38 PM | 00,221,184 | ---- | M] (Diskeeper Corporation) - "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" ("DiskeeperSystray" HKLM:Run)
[10/06/2006 12:13 PM | 00,114,688 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe ("HotKeysCmds" HKLM:Run)
[10/06/2006 12:11 PM | 00,098,304 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxtray.exe ("IgfxTray" HKLM:Run)
[12/05/2007 02:41 AM | 08,523,776 | ---- | M] (NVIDIA Corporation) - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup ("NvCplDaemon" HKLM:Run)
[12/05/2007 02:41 AM | 00,081,920 | ---- | M] (NVIDIA Corporation) - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ("NvMediaCenter" HKLM:Run)
[12/05/2007 02:41 AM | 01,626,112 | ---- | M] () - nwiz.exe /install ("nwiz" HKLM:Run)
[10/06/2006 12:10 PM | 00,094,208 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe ("Persistence" HKLM:Run)
[11/14/2006 05:21 PM | 16,270,848 | ---- | M] (Realtek Semiconductor Corp.) - RTHDCPL.EXE ("RTHDCPL" HKLM:Run)
[05/16/2006 06:04 PM | 02,879,488 | ---- | M] (Realtek Semiconductor Corp.) - SkyTel.EXE ("SkyTel" HKLM:Run)
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" ("SunJavaUpdateSched" HKLM:Run)
File not found - h:\Program Files\ThreatFire\TFTray.exe ("ThreatFire" HKLM:Run)
[12/02/2004 07:23 PM | 00,102,400 | ---- | M] (Creative Technology Ltd) - E:\creative\Detector\CTDetect.exe /R ("Creative Detector" HKCU:Run)
[04/19/2007 01:26 PM | 00,484,904 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden ("LightScribe Control Panel" HKCU:Run)
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - E:\Spybot - Search & Destroy\TeaTimer.exe ("SpybotSD TeaTimer" HKCU:Run)
[12/02/2004 07:23 PM | 00,102,400 | ---- | M] (Creative Technology Ltd) - E:\creative\Detector\CTDetect.exe /R ("Creative Detector" HKU\S-1-5-21-57989841-1220945662-839522115-1003:Run)
[04/19/2007 01:26 PM | 00,484,904 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden ("LightScribe Control Panel" HKU\S-1-5-21-57989841-1220945662-839522115-1003:Run)
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - E:\Spybot - Search & Destroy\TeaTimer.exe ("SpybotSD TeaTimer" HKU\S-1-5-21-57989841-1220945662-839522115-1003:Run)
========== Startup Folders ==========
[04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[12/09/2005 06:17 PM | 00,118,784 | ---- | M] (Nikon Corporation) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
File not found - C:\Documents and Settings\Skrunt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = H:\Program Files\ERUNT\AUTOBACK.EXE
========== Internet Explorer ==========
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL =
http://www.microsoft...p...&ar=msnhomeHKEY_LOCAL_MACHINE\: Main\\Default_Search_URL =
http://www.microsoft...amp;ar=iesearchHKEY_LOCAL_MACHINE\: Main\\Local Page = %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\: Main\\Search Page =
http://www.microsoft...amp;ar=iesearchHKEY_LOCAL_MACHINE\: Main\\Start Page =
http://www.microsoft...p...ER}&ar=homeHKEY_LOCAL_MACHINE\: Search\\CustomizeSearch =
http://ie.search.msn...st/srchcust.htmHKEY_LOCAL_MACHINE\: Search\\SearchAssistant =
http://ie.search.msn...st/srchasst.htmHKEY_CURRENT_USER\: Main\\Local Page = C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\: Main\\Search Page =
http://www.microsoft...amp;ar=iesearchHKEY_CURRENT_USER\: Main\\Start Page =
http://www.microsoft...p...&ar=msnhomeHKEY_CURRENT_USER\: ProxyEnable = 0
HKEY_USERS\.DEFAULT\: ProxyEnable = 0
HKEY_USERS\S-1-5-18\: ProxyEnable = 0
HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\: Main\\Local Page = C:\WINDOWS\system32\blank.htm
HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\: Main\\Search Page =
http://www.microsoft...amp;ar=iesearchHKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\: Main\\Start Page =
http://www.microsoft...p...&ar=msnhomeHKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\: ProxyEnable = 0
========== BHO's ==========
[12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (HKLM: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3})
File not found C:\Program Files\AVG\AVG8\avgssie.dll (HKLM: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0})
[06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (HKLM: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43})
File not found Reg Error: Key does not exist or could not be opened. (HKLM: {7E853D72-626A-48EC-A868-BA8D5E23E045})
========== *AppInit_DLLs* ==========
= avgrsstx.dll
>[07/04/2008 06:52 AM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\avgrsstx.dll
========== Winlogon Notify Settings ==========
[10/06/2006 12:09 PM | 00,155,648 | ---- | M] (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll ("DllName")
========== Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
[HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
========== HKLM Security Providers ==========
========== Safeboot Options ==========
"AlternateShell" = cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[05/19/2007 06:55 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]
Autorun []
[10/15/2005 01:42 AM | 00,253,952 | R--- | M] (Firaxis Games) D:\Autorun.exe [ CDFS ]
autorun.exe [MZ | ]
[10/15/2005 01:42 AM | 00,253,952 | R--- | M] (Firaxis Games) D:\autorun.exe [ CDFS ]
autorun.inf [[autorun] | OPEN=autorun.exe | ICON=Autorun\Civ4Installer.ico | LABEL=Sid Meier's Civilization 4 | | [appdata] | Mutex=Civ4 21031 | InstallFile=setup.exe | PlayFile=Civilization4.exe | RegKey=INSTALLDIR | | [0x09] | ;English | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. All Rights Reserved. Manufactured and marketed by Take Two Interactive, New York, NY. All trademarks are the property of their respective owners. | ExecPos=117,201 | InstallImage=Autorun\BTN01-Install.bmp | InstallHilite=Autorun\BTN01-Install_OVER.bmp | PlayImage=Autorun\BTN01-Play.bmp | PlayHilite=Autorun\BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\BTN02-ReadMe.bmp | ReadmeHilite=Autorun\BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\English\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\BTN03-Exit.bmp | ExitHilite=Autorun\BTN03-Exit_OVER.bmp | | [0x0c] | ;French | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. Tous droits réservés. Fabriqué et commercialisé par Take Two Interactive, New York, NY. Toutes les marques commerciales sont la propriété de leurs détenteurs respectifs. | ExecPos=117,201 | InstallImage=Autorun\FR_BTN01-Install.bmp | InstallHilite=Autorun\FR_BTN01-Install_OVER.bmp | PlayImage=Autorun\FR_BTN01-Play.bmp | PlayHilite=Autorun\FR_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\FR_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\FR_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\French\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\FR_BTN03-Exit.bmp | ExitHilite=Autorun\FR_BTN03-Exit_OVER.bmp | | [0x10] | ;Italian | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. Tutti i diritti riservati. Prodotto e distribuito da Take Two Interactive, New York, NY. Tutti i marchi sono di proprietà dei rispettivi detentori. | ExecPos=117,201 | InstallImage=Autorun\IT_BTN01-Install.bmp | InstallHilite=Autorun\IT_BTN01-Install_OVER.bmp | PlayImage=Autorun\IT_BTN01-Play.bmp | PlayHilite=Autorun\IT_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\IT_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\IT_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Italian\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\IT_BTN03-Exit.bmp | ExitHilite=Autorun\IT_BTN03-Exit_OVER.bmp | | [0x07] | ;German | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=© 2005 Firaxis Games, Inc. Alle Rechte vorbehalten. Herstellung und Vermarktung durch Take Two Interactive, New York, NY. Alle Warenzeichen sind Eigentum der jeweiligen Inhaber. | ExecPos=117,201 | InstallImage=Autorun\GE_BTN01-Install.bmp | InstallHilite=Autorun\GE_BTN01-Install_OVER.bmp | PlayImage=Autorun\GE_BTN01-Play.bmp | PlayHilite=Autorun\GE_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\GE_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\GE_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\German\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\GE_BTN03-Exit.bmp | ExitHilite=Autorun\GE_BTN03-Exit_OVER.bmp | | [0x0a] | ;Spanish | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. Todos los derechos reservados. Creado y distribuido por Take Two Interactive, New York, NY. Todas las marcas comerciales pertenecen a sus respectivos propietarios. | ExecPos=117,201 | InstallImage=Autorun\SP_BTN01-Install.bmp | InstallHilite=Autorun\SP_BTN01-Install_OVER.bmp | PlayImage=Autorun\SP_BTN01-Play.bmp | PlayHilite=Autorun\SP_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\SP_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\SP_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Spanish\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\SP_BTN03-Exit.bmp | ExitHilite=Autorun\SP_BTN03-Exit_OVER.bmp | ]
[10/15/2005 01:42 AM | 00,004,118 | R--- | M] () D:\autorun.inf [ CDFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48057f01-af4b-11dc-b787-0015588abe45}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{735eca17-116f-11dc-b606-0015588abe45}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96d32d38-4fdc-11dc-b6cc-0015588abe45}\Shell]
"" = Shell01
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ad877f2-7b8b-11dd-a456-806d6172696f}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae23686-1109-11dc-b605-0015588abe45}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f930a27e-06d9-11dc-b5d9-0015588abe45}\Shell]
"" = None
========== DNS Name Servers ==========
{186D2133-7EB7-4953-A4F7-1E2A7E98C062} (Servers: | Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller)
========== Hosts File ==========
HOSTS File = (253869 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
========== Files/Folders - Created Within 30 days ==========
[08/26/2008 06:01 PM | 00,000,211 | -HS- | C] () - C:\BOOT.BAK
[08/27/2008 09:02 PM | ---D | C] - C:\Config.Msi
[08/27/2008 09:19 PM | ---D | C] - C:\LiveUpdate_Temp
[08/27/2008 09:19 PM | -H-D | C] - C:\$AVG8.VAULT$
[08/27/2008 09:19 PM | ---D | C] - C:\WINDOWS\System32\drivers\Avg
[08/28/2008 04:56 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/28/2008 04:56 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/28/2008 05:23 PM | 00,012,608 | ---- | C] (PC Tools) - C:\WINDOWS\System32\drivers\TfKbMon.sys
[08/28/2008 05:23 PM | 00,033,088 | ---- | C] (PC Tools) - C:\WINDOWS\System32\drivers\TfNetMon.sys
[08/28/2008 05:23 PM | 00,038,208 | ---- | C] (PC Tools) - C:\WINDOWS\System32\drivers\TfSysMon.sys
[08/28/2008 05:23 PM | 00,051,520 | ---- | C] (PC Tools) - C:\WINDOWS\System32\drivers\TfFsMon.sys
[08/28/2008 08:33 PM | 00,028,544 | ---- | C] (Panda Security, S.L.) - C:\WINDOWS\System32\drivers\pavboot.sys
[08/24/2008 07:42 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[08/24/2008 07:42 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[08/24/2008 07:42 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[6 C:\WINDOWS\*.tmp files]
[08/28/2008 04:53 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/28/2008 04:56 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/28/2008 05:23 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\PC Tools
[08/28/2008 05:24 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:1CA73D29
[08/08/2008 07:26 PM | ---D | C] - C:\Documents and Settings\Skrunt\Application Data\MSNInstaller
[08/24/2008 07:45 AM | ---D | C] - C:\Documents and Settings\Skrunt\Application Data\OpenOffice.org2
[08/28/2008 04:56 PM | ---D | C] - C:\Documents and Settings\Skrunt\Application Data\Malwarebytes
[08/07/2008 01:32 PM | ---D | C] - C:\Documents and Settings\Skrunt\Local Settings\Application Data\Nova Development
[08/31/2008 10:44 AM | ---D | C] - C:\Documents and Settings\Skrunt\Local Settings\Application Data\NOS
[08/20/2008 02:08 PM | 00,025,088 | ---- | C] () - C:\Documents and Settings\Skrunt\My Documents\Social Committe.doc
[08/20/2008 03:11 PM | ---D | C] - C:\Documents and Settings\Skrunt\My Documents\NNO
[08/28/2008 04:56 PM | 00,000,565 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/28/2008 05:24 PM | 00,000,520 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[08/31/2008 10:47 AM | 00,001,745 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[08/08/2008 02:01 PM | 00,018,432 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Member Contact List(2).xls
[08/10/2008 07:08 PM | 00,039,929 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\13275lg.jpg
[08/11/2008 05:24 PM | 00,023,040 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Lantana2009BoardBudget.xls
[08/20/2008 01:05 PM | 00,184,010 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\NNO_AWARD_tips_08.pdf
[08/24/2008 06:41 AM | 00,023,040 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Lantana2009BoardBudget(2).xls
[08/24/2008 06:48 AM | 00,224,050 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\AM packet 2008.pdf
[08/25/2008 01:10 PM | 00,040,807 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Fall08NLC_syllabus.pdf
[08/26/2008 12:03 PM | 00,127,488 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\bondingjeopardy.ppt
[08/27/2008 09:19 PM | ---D | C] - C:\Documents and Settings\Skrunt\Desktop\Fall 2006
[08/27/2008 09:22 PM | ---D | C] - C:\Documents and Settings\Skrunt\Desktop\Scrap
[08/28/2008 04:42 PM | 00,000,811 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\HijackThis.lnk
[08/28/2008 04:47 PM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\Skrunt\Desktop\ATF_Cleaner.exe
[08/28/2008 04:53 PM | 00,000,501 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\ERUNT.lnk
[08/28/2008 04:53 PM | 00,000,514 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\NTREGOPT.lnk
[08/29/2008 09:02 AM | 00,093,389 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\eBayISAPI.dll
[08/29/2008 09:02 AM | ---D | C] - C:\Documents and Settings\Skrunt\Desktop\eBayISAPI_files
[09/01/2008 11:54 PM | 00,042,136 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Chem 1406 Syllabus.pdf
[09/02/2008 11:18 PM | 00,022,016 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\1405ScheduleMWF(2).xls
[09/05/2008 07:41 PM | 01,305,600 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Skrunt\Desktop\OTViewIt_beta.exe
[08/31/2008 10:47 AM | 00,001,762 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[08/28/2008 04:53 PM | 00,000,658 | ---- | C] () - C:\Documents and Settings\Skrunt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/28/2008 04:56 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/24/2008 07:42 AM | ---D | C] - C:\Program Files\OpenOffice.org 2.4
[08/27/2008 09:18 PM | ---D | C] - C:\Program Files\AVG
[08/27/2008 09:18 PM | ---D | C] - C:\Program Files\LightScribe
[08/27/2008 09:18 PM | ---D | C] - C:\Program Files\Marvell
[08/27/2008 09:19 PM | ---D | C] - C:\Program Files\Yahoo! Games
[08/27/2008 09:20 PM | ---D | C] - C:\Program Files\Messenger
[08/27/2008 09:20 PM | ---D | C] - C:\Program Files\Shutterfly
[08/28/2008 08:32 PM | ---D | C] - C:\Program Files\Panda Security
========== Files - Modified Within 30 days ==========
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2 C:\WINDOWS\System32\*.tmp files]
[08/29/2008 07:56 AM | 00,296,456 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/30/2008 06:51 AM | 00,060,828 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/30/2008 06:51 AM | 00,400,794 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/30/2008 06:51 AM | 00,466,028 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[09/05/2008 10:09 AM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\*.tmp files]
[08/27/2008 08:54 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/28/2008 05:36 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/29/2008 11:07 PM | 00,000,594 | ---- | M] () - C:\WINDOWS\win.ini
[09/05/2008 03:46 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[09/05/2008 03:46 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/05/2008 07:17 PM | 00,000,256 | ---- | M] () - C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[09/01/2008 10:53 AM | 00,000,020 | -H-- | M] () - C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[08/30/2008 08:35 AM | 00,090,136 | ---- | M] () - C:\Documents and Settings\Skrunt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/20/2008 02:08 PM | 00,025,088 | ---- | M] () - C:\Documents and Settings\Skrunt\My Documents\Social Committe.doc
[08/28/2008 04:56 PM | 00,000,565 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/28/2008 05:24 PM | 00,000,520 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[08/31/2008 10:47 AM | 00,001,745 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[08/08/2008 02:01 PM | 00,018,432 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Member Contact List(2).xls
[08/10/2008 07:08 PM | 00,039,929 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\13275lg.jpg
[08/10/2008 09:50 PM | 00,026,112 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\bike milage 2008.xls
[08/11/2008 05:24 PM | 00,023,040 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Lantana2009BoardBudget.xls
[08/20/2008 01:05 PM | 00,184,010 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\NNO_AWARD_tips_08.pdf
[08/24/2008 06:41 AM | 00,023,040 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Lantana2009BoardBudget(2).xls
[08/24/2008 06:48 AM | 00,224,050 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\AM packet 2008.pdf
[08/25/2008 01:10 PM | 00,040,807 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Fall08NLC_syllabus.pdf
[08/26/2008 12:04 PM | 00,127,488 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\bondingjeopardy.ppt
[08/28/2008 04:42 PM | 00,000,811 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\HijackThis.lnk
[08/28/2008 04:47 PM | 00,050,688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Skrunt\Desktop\ATF_Cleaner.exe
[08/28/2008 04:53 PM | 00,000,501 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\ERUNT.lnk
[08/28/2008 04:53 PM | 00,000,514 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\NTREGOPT.lnk
[08/29/2008 09:02 AM | 00,093,389 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\eBayISAPI.dll
[09/01/2008 11:54 PM | 00,042,136 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Chem 1406 Syllabus.pdf
[09/02/2008 11:18 PM | 00,022,016 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\1405ScheduleMWF(2).xls
[09/03/2008 10:34 AM | 00,002,497 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Microsoft Office Word 2003.lnk
[09/03/2008 10:35 AM | 00,174,080 | -HS- | M] () - C:\Documents and Settings\Skrunt\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
[09/05/2008 07:41 PM | 01,305,600 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Skrunt\Desktop\OTViewIt_beta.exe
[08/31/2008 10:47 AM | 00,001,762 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[08/28/2008 04:53 PM | 00,000,658 | ---- | M] () - C:\Documents and Settings\Skrunt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
< End of report >