[code] OTScanIt logfile created on: 8/24/2008 6:20:48 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Users\Damian\Desktop\OTScanIt Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.84% Memory free 4.00 Gb Paging File | 3.01 Gb Available in Paging File | 75.35% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99.23 Gb Total Space | 55.66 Gb Free Space | 56.09% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.80 Gb Free Space | 57.96% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SHIMMY Current User Name: Damian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] wltrysvc.exe -> %SystemRoot%\System32\WLTRYSVC.EXE -> [Ver = | Size = 24064 bytes | Modified Date = 12/12/2007 1:02:14 AM | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ] apoint.exe -> %ProgramFiles%\DellTPad\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 7.0.101.207 | Size = 167936 bytes | Modified Date = 10/25/2007 1:31:20 PM | Attr = ] oem02mon.exe -> %SystemRoot%\OEM02Mon.exe -> Creative Technology Ltd. [Ver = 1.01.01.00 | Size = 36864 bytes | Modified Date = 8/28/2007 12:51:42 AM | Attr = ] hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1253 | Size = 154136 bytes | Modified Date = 12/14/2007 10:53:54 PM | Attr = ] igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1253 | Size = 133656 bytes | Modified Date = 12/14/2007 10:53:58 PM | Attr = ] dellwmgr.exe -> %ProgramFiles%\Dell\Dell Webcam Manager\DellWMgr.exe -> Creative Technology Ltd. [Ver = 1.3.5.0 | Size = 118784 bytes | Modified Date = 7/27/2007 5:43:34 PM | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.5.0.1017 | Size = 174872 bytes | Modified Date = 3/21/2007 2:00:00 PM | Attr = ] wltray.exe -> %SystemRoot%\System32\WLTRAY.EXE -> Dell Inc. [Ver = 4.170.25.12 | Size = 3444736 bytes | Modified Date = 12/12/2007 1:02:12 AM | Attr = ] googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 8/1/2008 10:40:34 PM | Attr = ] pcmservice.exe -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 12/21/2007 11:58:06 AM | Attr = ] sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:24 PM | Attr = ] sttray.exe -> %ProgramFiles%\Sigmatel\C-Major Audio\WDM\sttray.exe -> IDT, Inc. [Ver = 1.0.5614.0 nd654 cp1 | Size = 405504 bytes | Modified Date = 11/12/2007 6:07:24 AM | Attr = ] igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 7.14.10.1253 | Size = 252440 bytes | Modified Date = 12/14/2007 10:54:04 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 8/23/2008 6:05:50 PM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 7:02:14 PM | Attr = ] quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc. [Ver = 8, 2, 17, 0 | Size = 1180952 bytes | Modified Date = 9/7/2007 5:27:08 PM | Attr = ] aestsrv.exe -> %SystemRoot%\System32\AEstSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.2 | Size = 73728 bytes | Modified Date = 11/12/2007 6:07:16 AM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.5.0.1017 | Size = 355096 bytes | Modified Date = 3/21/2007 2:00:04 PM | Attr = ] roxwatch9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 11/5/2006 12:13:00 PM | Attr = ] googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 8/1/2008 10:40:34 PM | Attr = ] sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:30 PM | Attr = ] stacsv.exe -> %SystemRoot%\System32\stacsv.exe -> IDT, Inc. [Ver = 1.0.5614.0 nd654 cp1 | Size = 102400 bytes | Modified Date = 11/12/2007 6:07:20 AM | Attr = ] xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 7:39:20 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ] apmsgfwd.exe -> %ProgramFiles%\DellTPad\ApMsgFwd.exe -> Alps Electric Co., Ltd. [Ver = 7, 0, 0, 18 | Size = 50736 bytes | Modified Date = 9/7/2007 1:49:56 AM | Attr = ] hidfind.exe -> %ProgramFiles%\DellTPad\hidfind.exe -> Alps Electric Co., Ltd. [Ver = 7.0.0.26 | Size = 40960 bytes | Modified Date = 9/7/2007 1:50:02 AM | Attr = ] apntex.exe -> %ProgramFiles%\DellTPad\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 7.0.1.27 | Size = 49152 bytes | Modified Date = 9/7/2007 1:49:56 AM | Attr = ] bcmwltry.exe -> %SystemRoot%\System32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.170.25.12 | Size = 2506752 bytes | Modified Date = 12/12/2007 1:01:26 AM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 7:06:33 PM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 8/4/2008 8:10:38 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AESTFilters) Andrea ST Filters Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\AEstSrv.exe -> Andrea Electronics Corporation [Ver = 1.0.32.2 | Size = 73728 bytes | Modified Date = 11/12/2007 6:07:16 AM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 7:06:33 PM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 8/1/2008 10:40:34 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 8/23/2008 6:05:49 PM | Attr = ] (IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.5.0.1017 | Size = 355096 bytes | Modified Date = 3/21/2007 2:00:04 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 4:24:18 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.238 | Size = 3220856 bytes | Modified Date = 8/4/2008 11:20:16 AM | Attr = ] (LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found (RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 880640 bytes | Modified Date = 11/5/2006 12:15:12 PM | Attr = ] (RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.64 | Size = 159744 bytes | Modified Date = 11/5/2006 12:13:00 PM | Attr = ] (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:30 PM | Attr = ] (STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\stacsv.exe -> IDT, Inc. [Ver = 1.0.5614.0 nd654 cp1 | Size = 102400 bytes | Modified Date = 11/12/2007 6:07:20 AM | Attr = ] (stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 9/14/2006 3:54:34 PM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 8/4/2008 8:10:38 PM | Attr = ] (Symantec RemoteAssist) Symantec RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\Support Controls\ssrc.exe -> Symantec, Inc. [Ver = 6.9.2894.0 | Size = 394704 bytes | Modified Date = 1/29/2008 4:09:02 PM | Attr = ] (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE -> [Ver = | Size = 24064 bytes | Modified Date = 12/12/2007 1:02:14 AM | Attr = ] (XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 8/4/2006 7:39:20 PM | Attr = ] [Driver Services - Non-Microsoft Only] (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 11/2/2006 4:51:38 AM | Attr = ] (adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 11/2/2006 4:51:32 AM | Attr = ] (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 11/2/2006 4:50:35 AM | Attr = ] (adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 11/2/2006 4:51:00 AM | Attr = ] (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 11/2/2006 4:50:11 AM | Attr = ] (aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 17592 bytes | Modified Date = 2/11/2008 1:44:11 PM | Attr = ] (ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.7.0.93 built by: WinDDK | Size = 164400 bytes | Modified Date = 12/26/2007 8:02:52 PM | Attr = ] (arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 4:50:09 AM | Attr = ] (arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 4:50:10 AM | Attr = ] (BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BCM42RLY.sys -> File not found (BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\BCMWL6.SYS -> Broadcom Corp. [Ver = 4.170.25.17 | Size = 1044984 bytes | Modified Date = 12/12/2007 1:02:00 AM | Attr = ] (blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 11/2/2006 3:24:45 AM | Attr = ] (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 11/2/2006 3:24:46 AM | Attr = ] (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 11/2/2006 3:25:24 AM | Attr = ] (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 11/2/2006 3:24:44 AM | Attr = ] (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 11/2/2006 3:24:44 AM | Attr = ] (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 11/2/2006 3:24:47 AM | Attr = ] (CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found (cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_ldr.070416-1510) | Size = 19128 bytes | Modified Date = 2/11/2008 1:44:11 PM | Attr = ] (COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23888 bytes | Modified Date = 7/30/2008 5:42:12 PM | Attr = ] (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\e1e6032.sys -> Intel Corporation [Ver = 9.6.8.0 built by: WinDDK | Size = 200704 bytes | Modified Date = 11/2/2006 2:30:55 AM | Attr = ] (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 11/2/2006 2:30:54 AM | Attr = ] (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 108.2.1.3 | Size = 371248 bytes | Modified Date = 8/20/2008 3:00:00 AM | Attr = ] (elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 11/2/2006 4:51:34 AM | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 108.2.1.3 | Size = 99376 bytes | Modified Date = 8/20/2008 3:00:00 AM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ] (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 11/2/2006 4:50:10 AM | Attr = ] (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 986624 bytes | Modified Date = 11/2/2006 9:43:30 PM | Attr = ] (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 206848 bytes | Modified Date = 11/2/2006 9:42:18 PM | Attr = ] (iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\iaStor.sys -> Intel Corporation [Ver = 7.5.0.1017 | Size = 304920 bytes | Modified Date = 9/6/2007 11:43:26 AM | Attr = ] (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 11/2/2006 4:51:25 AM | Attr = ] (IDSvix86) Symantec Intrusion Prevention Driver [Kernel | System | Running] -> %AllUsersProfile%\Symantec\Definitions\SymcData\ipsdefs\20080818.001\IDSvix86.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 261680 bytes | Modified Date = 3/20/2008 3:37:22 PM | Attr = ] (igfx) igfx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\igdkmd32.sys -> Intel Corporation [Ver = 7.14.10.1253 | Size = 1674240 bytes | Modified Date = 12/14/2007 10:53:56 PM | Attr = ] (iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 11/2/2006 4:50:17 AM | Attr = ] (IntcHdmiAddService) Intel(R) High Definition Audio HDMI Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\IntcHdmi.sys -> Intel(R) Corporation [Ver = 6.10.01.2025 built by: WinDDK | Size = 111104 bytes | Modified Date = 12/14/2007 10:54:26 PM | Attr = ] (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 4:50:07 AM | Attr = ] (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 4:50:09 AM | Attr = ] (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 4:50:04 AM | Attr = ] (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 4:50:05 AM | Attr = ] (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 4:50:10 AM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 6/19/2006 4:26:58 PM | Attr = ] (megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 11/2/2006 4:49:53 AM | Attr = ] (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 11/2/2006 4:49:59 AM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %AllUsersProfile%\Symantec\Definitions\VirusDefs\20080824.021\naveng.sys -> Symantec Corporation [Ver = 20081.2.0.36 | Size = 89104 bytes | Modified Date = 8/20/2008 3:00:00 AM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %AllUsersProfile%\Symantec\Definitions\VirusDefs\20080824.021\navex15.sys -> Symantec Corporation [Ver = 20081.2.0.36 | Size = 873552 bytes | Modified Date = 8/20/2008 3:00:00 AM | Attr = ] (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 11/2/2006 4:50:19 AM | Attr = ] (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 11/2/2006 2:36:50 AM | Attr = ] (nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 88680 bytes | Modified Date = 11/2/2006 4:50:24 AM | Attr = ] (nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 40040 bytes | Modified Date = 11/2/2006 4:50:13 AM | Attr = ] (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found (OEM02Dev) Creative Camera OEM002 Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\OEM02Dev.sys -> Creative Technology Ltd. [Ver = 1.03.01.00 | Size = 235648 bytes | Modified Date = 10/10/2007 5:03:00 PM | Attr = ] (OEM02Vfx) Creative Camera OEM002 Video VFX Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\OEM02Vfx.sys -> EyePower Games Pte. Ltd. [Ver = 1.61.00.00 | Size = 7424 bytes | Modified Date = 8/28/2007 12:51:44 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.40a | Size = 36528 bytes | Modified Date = 7/24/2006 4:00:00 AM | Attr = ] (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 11/2/2006 4:51:45 AM | Attr = ] (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 11/2/2006 4:50:35 AM | Attr = ] (R300) R300 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\atikmdag.sys -> ATI Technologies Inc. [Ver = 7.01.01.523 | Size = 2028032 bytes | Modified Date = 11/2/2006 2:36:43 AM | Attr = ] (rimmptsk) rimmptsk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rimmptsk.sys -> REDC [Ver = 6.00.02.03 | Size = 39936 bytes | Modified Date = 9/6/2007 11:35:14 AM | Attr = ] (rimsptsk) rimsptsk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rimsptsk.sys -> REDC [Ver = 6.00.01.10 | Size = 42496 bytes | Modified Date = 9/6/2007 11:35:12 AM | Attr = ] (rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rixdptsk.sys -> REDC [Ver = 6.00.01.12 | Size = 37376 bytes | Modified Date = 9/6/2007 11:35:16 AM | Attr = ] (secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/2/2006 1:37:21 AM | Attr = ] (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 11/2/2006 4:50:10 AM | Attr = ] (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 11/2/2006 4:50:16 AM | Attr = ] (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 4.1.0.12 | Size = 447024 bytes | Modified Date = 1/16/2008 11:05:42 PM | Attr = ] (SRTSP) SRTSP [File_System | System | Running] -> %SystemRoot%\System32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 279088 bytes | Modified Date = 1/31/2008 8:51:16 PM | Attr = ] (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 317616 bytes | Modified Date = 1/31/2008 8:51:16 PM | Attr = ] (SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\System32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 43696 bytes | Modified Date = 1/31/2008 8:51:16 PM | Attr = ] (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\stwrt.sys -> IDT, Inc. [Ver = 6.10.5614.0 nd654 cp1 built by: WinDDK | Size = 330240 bytes | Modified Date = 11/12/2007 6:07:28 AM | Attr = ] (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 11/2/2006 4:50:05 AM | Attr = ] (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 13616 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 8/4/2008 10:41:54 PM | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 96432 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ] (SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\SymIMV.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 24112 bytes | Modified Date = 6/13/2008 2:14:02 PM | Attr = ] (SYMNDISV) SYMNDISV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symndisv.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 41008 bytes | Modified Date = 6/13/2008 2:13:40 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 22320 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\System32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 184240 bytes | Modified Date = 6/13/2008 2:13:40 PM | Attr = ] (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 11/2/2006 4:49:56 AM | Attr = ] (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 11/2/2006 4:50:03 AM | Attr = ] (uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 11/2/2006 4:51:25 AM | Attr = ] (UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 11/2/2006 4:50:35 AM | Attr = ] (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 11/2/2006 4:50:45 AM | Attr = ] (viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 20152 bytes | Modified Date = 2/11/2008 1:44:11 PM | Attr = ] (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 11/2/2006 4:50:41 AM | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 659968 bytes | Modified Date = 11/2/2006 9:42:08 PM | Attr = ] (XAudio) XAudio [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.sys -> Conexant Systems, Inc. [Ver = 1.00.00 built by: WinDDK | Size = 8192 bytes | Modified Date = 8/4/2006 7:39:10 PM | Attr = ] (yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\yk60x86.sys -> Marvell [Ver = 10.51.1.3 built by: WinDDK | Size = 298496 bytes | Modified Date = 12/6/2007 9:51:00 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ] Apoint -> %ProgramFiles%\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 7.0.101.207 | Size = 167936 bytes | Modified Date = 10/25/2007 1:31:20 PM | Attr = ] AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:24 PM | Attr = ] Broadcom Wireless Manager UI -> %SystemRoot%\System32\WLTRAY.EXE [C:\Windows\system32\WLTRAY.exe] -> Dell Inc. [Ver = 4.170.25.12 | Size = 3444736 bytes | Modified Date = 12/12/2007 1:02:12 AM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.4.2 | Size = 51048 bytes | Modified Date = 1/25/2008 8:47:22 PM | Attr = ] DELL Webcam Manager -> %ProgramFiles%\Dell\Dell Webcam Manager\DellWMgr.exe ["C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s] -> Creative Technology Ltd. [Ver = 1.3.5.0 | Size = 118784 bytes | Modified Date = 7/27/2007 5:43:34 PM | Attr = ] DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:24 PM | Attr = ] dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 10/9/2007 7:57:14 PM | Attr = ] Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 8/1/2008 10:40:34 PM | Attr = ] HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> Intel Corporation [Ver = 7.14.10.1253 | Size = 154136 bytes | Modified Date = 12/14/2007 10:53:54 PM | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe ["C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"] -> Intel Corporation [Ver = 7.5.0.1017 | Size = 174872 bytes | Modified Date = 3/21/2007 2:00:00 PM | Attr = ] IgfxTray -> %SystemRoot%\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> Intel Corporation [Ver = 7.14.10.1253 | Size = 137752 bytes | Modified Date = 12/14/2007 10:54:06 PM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 10/3/2006 12:37:04 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ] OEM02Mon.exe -> %SystemRoot%\OEM02Mon.exe [C:\Windows\OEM02Mon.exe] -> Creative Technology Ltd. [Ver = 1.01.01.00 | Size = 36864 bytes | Modified Date = 8/28/2007 12:51:42 AM | Attr = ] PCMService -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 12/21/2007 11:58:06 AM | Attr = ] Persistence -> %SystemRoot%\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> Intel Corporation [Ver = 7.14.10.1253 | Size = 133656 bytes | Modified Date = 12/14/2007 10:53:58 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ] SigmatelSysTrayApp -> %ProgramFiles%\Sigmatel\C-Major Audio\WDM\sttray.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe] -> IDT, Inc. [Ver = 1.0.5614.0 nd654 cp1 | Size = 405504 bytes | Modified Date = 11/12/2007 6:07:24 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 7:56:24 PM | Attr = ] igndlm.exe -> %ProgramFiles%\Download Manager\DLM.exe [C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork] -> IGN Entertainment [Ver = 2.3.6.108 | Size = 1103480 bytes | Modified Date = 3/5/2007 4:57:48 PM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 8/23/2008 6:05:50 PM | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.806.10245 | Size = 113664 bytes | Modified Date = 8/1/2008 10:40:35 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2927104 bytes | Modified Date = 1/19/2008 2:33:10 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 25088 bytes | Modified Date = 1/19/2008 2:33:33 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 11580416 bytes | Modified Date = 4/23/2008 11:58:20 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 242688 bytes | Modified Date = 1/19/2008 2:32:57 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1253 | Size = 204800 bytes | Modified Date = 12/14/2007 10:53:56 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> TORiSAN CD-ROM CDR_C36 -> -> File not found NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 1/19/2008 12:49:51 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_DVD+-RW_TS-L632H_______________D300____\5&5c326da&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 4:43:36 PM | Attr = ] < HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> ::1 localhost -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> www.google.com -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 40 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 31 range(s) found. -> GD [:Range = 127.0.0.1] -> http = Local intranet | -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 8/4/2008 8:11:46 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/23/2008 6:05:46 PM | Attr = R ] {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.3 | Size = 98304 bytes | Modified Date = 11/9/2006 10:56:48 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/23/2008 6:05:46 PM | Attr = R ] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 0, 25 | Size = 405504 bytes | Modified Date = 4/16/2004 7:43:12 PM | Attr = ] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/23/2008 6:05:46 PM | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> [Ver = 2, 5, 0, 25 | Size = 200704 bytes | Modified Date = 4/16/2004 7:42:08 PM | Attr = ] Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> [Ver = 2, 5, 0, 25 | Size = 200704 bytes | Modified Date = 4/16/2004 7:42:08 PM | Attr = ] Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> [Ver = 2, 5, 0, 25 | Size = 200704 bytes | Modified Date = 4/16/2004 7:42:08 PM | Attr = ] Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> [Ver = 2, 5, 0, 25 | Size = 200704 bytes | Modified Date = 4/16/2004 7:42:08 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {13538EA0-26FD-4981-AE76-9E3CA017F7C4} -> (Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller) -> {E7B44AD6-7076-414A-9900-43204041EE3E} -> (Dell Wireless 1395 WLAN Mini-Card) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab[CDownloadCtrl Object] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniff.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniff.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniff.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniffdlgs.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniffdlgs.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniffdlgs.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/DLMControl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/DLMControl.dll\\.Owner -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/DLMControl.dll\\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ecmldr32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ecmldr32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ecmldr32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi.vxd\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi.vxd\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi.vxd\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/rufsi.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> -> [Files/Folders - Created Within 60 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 8/23/2008 5:58:07 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2137042944 bytes | Created Date = 8/4/2008 7:42:09 PM | Attr = HS] PerfLogs -> %SystemDrive%\PerfLogs -> [Folder | Created Date = 7/6/2008 12:34:59 PM | Attr = ] Apfiltr.sys -> %SystemRoot%\System32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.7.0.93 built by: WinDDK | Size = 164400 bytes | Created Date = 8/10/2008 7:58:09 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/23/2008 5:26:44 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/23/2008 5:26:43 PM | Attr = ] Msft_User_WpdFs_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 7/10/2008 11:29:38 PM | Attr = H ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Created Date = 8/4/2008 8:08:34 PM | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 8/4/2008 8:08:34 PM | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Created Date = 8/4/2008 8:08:34 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/23/2008 6:02:57 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/23/2008 6:02:57 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 8/23/2008 6:02:57 PM | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\korwbrkr.lex -> [Ver = | Size = 11967524 bytes | Created Date = 7/31/2008 3:01:18 AM | Attr = ] SmitfraudFix -> %SystemRoot%\System32\SmitfraudFix -> [Folder | Created Date = 8/22/2008 12:35:58 AM | Attr = ] StructuredQuerySchema.bin -> %SystemRoot%\System32\StructuredQuerySchema.bin -> [Ver = | Size = 106605 bytes | Created Date = 7/31/2008 3:01:24 AM | Attr = ] StructuredQuerySchemaTrivial.bin -> %SystemRoot%\System32\StructuredQuerySchemaTrivial.bin -> [Ver = | Size = 18904 bytes | Created Date = 7/31/2008 3:01:24 AM | Attr = ] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 311217362 bytes | Created Date = 7/5/2008 10:53:55 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 7/5/2008 10:54:25 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 8/4/2008 7:09:35 PM | Attr = ] Norton AntiVirus - Run Full System Scan - Damian.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Damian.job -> [Ver = | Size = 482 bytes | Created Date = 8/4/2008 8:13:46 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Created Date = 8/10/2008 5:56:44 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Created Date = 8/5/2008 5:58:12 PM | Attr = ] Symantec -> %AllUsersProfile%\Symantec -> [Folder | Created Date = 8/4/2008 7:58:46 PM | Attr = ] Symantec Temporary Files -> %AllUsersProfile%\Symantec Temporary Files -> [Folder | Created Date = 8/4/2008 7:50:22 PM | Attr = ] Download Manager -> %AppData%\Download Manager -> [Folder | Created Date = 8/10/2008 5:55:50 PM | Attr = ] IGN_DLM -> %AppData%\IGN_DLM -> [Folder | Created Date = 7/27/2008 7:32:05 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 8/10/2008 5:56:48 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 8/5/2008 5:58:00 PM | Attr = ] Adobe -> %UserProfile%\AppData\Local\Adobe -> [Folder | Created Date = 8/23/2008 7:56:52 PM | Attr = ] Apple -> %UserProfile%\AppData\Local\Apple -> [Folder | Created Date = 8/22/2008 9:04:08 PM | Attr = ] Apple Computer -> %UserProfile%\AppData\Local\Apple Computer -> [Folder | Created Date = 8/22/2008 8:54:18 PM | Attr = ] d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 1356 bytes | Created Date = 8/3/2008 12:58:06 AM | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 1882021 bytes | Created Date = 8/4/2008 10:43:15 PM | Attr = H ] {6448F0A6-6813-11D6-A77B-00B0D0160070} -> %UserProfile%\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160070} -> [Folder | Created Date = 8/23/2008 5:58:03 PM | Attr = ] Symantec -> %UserProfile%\Documents\Symantec -> [Folder | Created Date = 8/4/2008 8:57:01 PM | Attr = ] Download Manager.lnk -> %SystemDrive%\Users\Public\Desktop\Download Manager.lnk -> [Ver = | Size = 831 bytes | Created Date = 7/27/2008 7:33:25 PM | Attr = ] iTunes.lnk -> %SystemDrive%\Users\Public\Desktop\iTunes.lnk -> [Ver = | Size = 1804 bytes | Created Date = 8/20/2008 7:26:37 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 820 bytes | Created Date = 8/23/2008 5:26:44 PM | Attr = ] Norton AntiVirus.lnk -> %SystemDrive%\Users\Public\Desktop\Norton AntiVirus.lnk -> [Ver = | Size = 2199 bytes | Created Date = 8/4/2008 8:12:34 PM | Attr = ] QuickTime Player.lnk -> %SystemDrive%\Users\Public\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1728 bytes | Created Date = 8/20/2008 7:24:48 PM | Attr = ] dad_logo.bmp -> %UserProfile%\Desktop\dad_logo.bmp -> [Ver = | Size = 921654 bytes | Created Date = 7/31/2008 8:37:22 PM | Attr = ] Fallow(draft one).pdf -> %UserProfile%\Desktop\Fallow(draft one).pdf -> [Ver = | Size = 150553 bytes | Created Date = 7/9/2008 11:09:57 PM | Attr = ] Fallow_new.BK -> %UserProfile%\Desktop\Fallow_new.BK -> [Ver = | Size = 152086 bytes | Created Date = 8/21/2008 9:31:00 PM | Attr = ] Fallow_new.SCW -> %UserProfile%\Desktop\Fallow_new.SCW -> [Ver = | Size = 152014 bytes | Created Date = 8/21/2008 9:31:00 PM | Attr = ] Fallow_v2.pdf -> %UserProfile%\Desktop\Fallow_v2.pdf -> [Ver = | Size = 152815 bytes | Created Date = 8/11/2008 9:00:39 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Fallow_v2.pdf:Zone.Identifier Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg -> %UserProfile%\Desktop\Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg -> [Ver = | Size = 72212 bytes | Created Date = 8/2/2008 2:12:32 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1876 bytes | Created Date = 8/10/2008 8:33:21 PM | Attr = ] logoTemp.jpg -> %UserProfile%\Desktop\logoTemp.jpg -> [Ver = | Size = 30887 bytes | Created Date = 7/31/2008 8:40:21 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\logoTemp.jpg:Zone.Identifier mom_photos -> %UserProfile%\Desktop\mom_photos -> [Folder | Created Date = 7/24/2008 7:48:13 PM | Attr = ] Notes for Pretensions.doc -> %UserProfile%\Desktop\Notes for Pretensions.doc -> [Ver = | Size = 32256 bytes | Created Date = 8/11/2008 9:08:22 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/24/2008 5:57:33 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/24/2008 5:56:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 8/10/2008 7:16:53 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 8/23/2008 6:00:18 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 8/4/2008 7:58:45 PM | Attr = ] Apple Software Update -> %ProgramFiles%\Apple Software Update -> [Folder | Created Date = 8/20/2008 7:27:28 PM | Attr = ] Applications -> %ProgramFiles%\Applications -> [Folder | Created Date = 8/3/2008 8:24:41 PM | Attr = ] Download Manager -> %ProgramFiles%\Download Manager -> [Folder | Created Date = 7/27/2008 7:33:25 PM | Attr = ] Enigma Software Group -> %ProgramFiles%\Enigma Software Group -> [Folder | Created Date = 8/4/2008 6:47:44 PM | Attr = ] iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 8/20/2008 7:26:28 PM | Attr = ] iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 8/20/2008 7:26:26 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 8/10/2008 5:56:44 PM | Attr = ] Norton AntiVirus -> %ProgramFiles%\Norton AntiVirus -> [Folder | Created Date = 8/4/2008 8:09:11 PM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 8/20/2008 7:24:28 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 8/5/2008 5:58:00 PM | Attr = ] Symantec -> %ProgramFiles%\Symantec -> [Folder | Created Date = 8/4/2008 8:08:18 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 8/10/2008 8:33:20 PM | Attr = ] [Files/Folders - Modified Within 60 days] Boot -> %SystemDrive%\Boot -> [Folder | Modified Date = 7/6/2008 12:46:32 PM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/24/2008 10:22:08 AM | Attr = HS] DELL -> %SystemDrive%\DELL -> [Folder | Modified Date = 8/10/2008 7:58:08 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2137042944 bytes | Modified Date = 8/24/2008 10:22:10 AM | Attr = HS] PerfLogs -> %SystemDrive%\PerfLogs -> [Folder | Modified Date = 7/6/2008 12:34:59 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/20/2008 7:27:28 PM | Attr = R ] ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 8/10/2008 5:56:44 PM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/23/2008 6:26:55 PM | Attr = HS] Windows -> %SystemRoot% -> [Folder | Modified Date = 8/21/2008 3:36:42 PM | Attr = ] coh_mon.cat -> %SystemRoot%\System32\drivers\coh_mon.cat -> [Ver = | Size = 10537 bytes | Modified Date = 7/30/2008 5:28:04 PM | Attr = ] COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf -> [Ver = | Size = 706 bytes | Modified Date = 7/30/2008 5:28:04 PM | Attr = ] COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23888 bytes | Modified Date = 7/30/2008 5:42:12 PM | Attr = ] en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 7/6/2008 12:38:42 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/4/2008 6:36:39 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:01:14 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:01:18 PM | Attr = ] Msft_User_WpdFs_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 7/10/2008 11:29:38 PM | Attr = H ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Modified Date = 8/4/2008 10:41:54 PM | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 8/4/2008 10:41:54 PM | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 8/4/2008 10:41:54 PM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 8/10/2008 9:11:09 PM | Attr = ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3552 bytes | Modified Date = 8/24/2008 2:22:25 PM | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3552 bytes | Modified Date = 8/24/2008 2:22:25 PM | Attr = H ] AdvancedInstallers -> %SystemRoot%\System32\AdvancedInstallers -> [Folder | Modified Date = 7/6/2008 12:38:46 PM | Attr = ] ar-SA -> %SystemRoot%\System32\ar-SA -> [Folder | Modified Date = 7/6/2008 12:38:37 PM | Attr = ] axaltocm.dll -> %SystemRoot%\System32\axaltocm.dll -> Gemalto, Inc. [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 82432 bytes | Modified Date = 7/6/2008 11:22:56 AM | Attr = ] Boot -> %SystemRoot%\System32\Boot -> [Folder | Modified Date = 7/6/2008 12:35:00 PM | Attr = ] catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 8/20/2008 7:22:24 PM | Attr = ] catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 8/14/2008 8:39:37 PM | Attr = ] CodeIntegrity -> %SystemRoot%\System32\CodeIntegrity -> [Folder | Modified Date = 8/10/2008 10:43:20 PM | Attr = ] com -> %SystemRoot%\System32\com -> [Folder | Modified Date = 7/6/2008 12:38:59 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 8/10/2008 10:43:25 PM | Attr = ] cs-CZ -> %SystemRoot%\System32\cs-CZ -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] da-DK -> %SystemRoot%\System32\da-DK -> [Folder | Modified Date = 7/6/2008 12:38:58 PM | Attr = ] de-DE -> %SystemRoot%\System32\de-DE -> [Folder | Modified Date = 7/6/2008 12:38:49 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/23/2008 5:26:44 PM | Attr = ] el-GR -> %SystemRoot%\System32\el-GR -> [Folder | Modified Date = 7/6/2008 12:38:49 PM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 7/6/2008 12:38:43 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 8/14/2008 8:54:25 PM | Attr = ] es-ES -> %SystemRoot%\System32\es-ES -> [Folder | Modified Date = 7/6/2008 12:38:43 PM | Attr = ] fi-FI -> %SystemRoot%\System32\fi-FI -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 334072 bytes | Modified Date = 7/6/2008 12:41:36 PM | Attr = ] fr-FR -> %SystemRoot%\System32\fr-FR -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] he-IL -> %SystemRoot%\System32\he-IL -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] hu-HU -> %SystemRoot%\System32\hu-HU -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] ifxcardm.dll -> %SystemRoot%\System32\ifxcardm.dll -> Infineon Technologies AG [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 101888 bytes | Modified Date = 7/6/2008 11:22:57 AM | Attr = ] it-IT -> %SystemRoot%\System32\it-IT -> [Folder | Modified Date = 7/6/2008 12:38:49 PM | Attr = ] ja-JP -> %SystemRoot%\System32\ja-JP -> [Folder | Modified Date = 7/6/2008 12:38:42 PM | Attr = ] ko-KR -> %SystemRoot%\System32\ko-KR -> [Folder | Modified Date = 7/6/2008 12:38:58 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 8/10/2008 9:08:28 PM | Attr = ] manifeststore -> %SystemRoot%\System32\manifeststore -> [Folder | Modified Date = 7/6/2008 12:38:43 PM | Attr = ] migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 8/14/2008 8:54:23 PM | Attr = ] migwiz -> %SystemRoot%\System32\migwiz -> [Folder | Modified Date = 7/6/2008 12:38:35 PM | Attr = ] Msdtc -> %SystemRoot%\System32\Msdtc -> [Folder | Modified Date = 8/10/2008 10:43:20 PM | Attr = ] nb-NO -> %SystemRoot%\System32\nb-NO -> [Folder | Modified Date = 7/6/2008 12:38:37 PM | Attr = ] NDF -> %SystemRoot%\System32\NDF -> [Folder | Modified Date = 7/7/2008 8:55:03 PM | Attr = ] nl-NL -> %SystemRoot%\System32\nl-NL -> [Folder | Modified Date = 7/6/2008 12:38:37 PM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 7/6/2008 12:38:49 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 101350 bytes | Modified Date = 8/24/2008 10:28:25 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 595684 bytes | Modified Date = 8/24/2008 10:28:25 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 690960 bytes | Modified Date = 8/24/2008 10:28:25 AM | Attr = ] pl-PL -> %SystemRoot%\System32\pl-PL -> [Folder | Modified Date = 7/6/2008 12:38:43 PM | Attr = ] pt-BR -> %SystemRoot%\System32\pt-BR -> [Folder | Modified Date = 7/6/2008 12:38:35 PM | Attr = ] pt-PT -> %SystemRoot%\System32\pt-PT -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] ro-RO -> %SystemRoot%\System32\ro-RO -> [Folder | Modified Date = 7/6/2008 12:38:42 PM | Attr = ] ru-RU -> %SystemRoot%\System32\ru-RU -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] setup -> %SystemRoot%\System32\setup -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] SLUI -> %SystemRoot%\System32\SLUI -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] SmitfraudFix -> %SystemRoot%\System32\SmitfraudFix -> [Folder | Modified Date = 8/22/2008 12:36:03 AM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 8/10/2008 10:43:20 PM | Attr = ] sv-SE -> %SystemRoot%\System32\sv-SE -> [Folder | Modified Date = 7/6/2008 12:38:45 PM | Attr = ] sysprep -> %SystemRoot%\System32\sysprep -> [Folder | Modified Date = 7/6/2008 12:38:48 PM | Attr = ] Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 8/20/2008 7:27:31 PM | Attr = ] tr-TR -> %SystemRoot%\System32\tr-TR -> [Folder | Modified Date = 7/6/2008 12:38:39 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 8/10/2008 10:43:19 PM | Attr = ] WDI -> %SystemRoot%\System32\WDI -> [Folder | Modified Date = 8/4/2008 11:29:31 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 7/6/2008 12:38:58 PM | Attr = ] zh-CN -> %SystemRoot%\System32\zh-CN -> [Folder | Modified Date = 7/6/2008 12:38:43 PM | Attr = ] zh-TW -> %SystemRoot%\System32\zh-TW -> [Folder | Modified Date = 7/6/2008 12:38:43 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 8/14/2008 8:36:46 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 7/6/2008 12:54:25 PM | Attr = R S] Boot -> %SystemRoot%\Boot -> [Folder | Modified Date = 7/6/2008 12:35:01 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 8/24/2008 5:54:35 PM | Attr = S] DigitalLocker -> %SystemRoot%\DigitalLocker -> [Folder | Modified Date = 7/6/2008 12:39:00 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/5/2008 7:27:03 PM | Attr = S] IME -> %SystemRoot%\IME -> [Folder | Modified Date = 7/6/2008 12:39:00 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/24/2008 10:28:25 AM | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/23/2008 6:05:57 PM | Attr = HS] L2Schemas -> %SystemRoot%\L2Schemas -> [Folder | Modified Date = 7/6/2008 12:39:00 PM | Attr = ] Logs -> %SystemRoot%\Logs -> [Folder | Modified Date = 7/14/2008 7:11:10 PM | Attr = ] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 311217362 bytes | Modified Date = 8/21/2008 3:35:28 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 7/6/2008 12:54:29 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 8/21/2008 3:35:37 PM | Attr = ] MSAgent -> %SystemRoot%\MSAgent -> [Folder | Modified Date = 7/6/2008 12:39:01 PM | Attr = ] PolicyDefinitions -> %SystemRoot%\PolicyDefinitions -> [Folder | Modified Date = 7/31/2008 3:07:48 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/24/2008 6:01:28 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 8/4/2008 7:09:35 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 8/4/2008 9:06:52 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 8/10/2008 6:46:01 PM | Attr = H ] registration -> %SystemRoot%\registration -> [Folder | Modified Date = 8/10/2008 10:43:19 PM | Attr = ] rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 8/14/2008 9:11:09 PM | Attr = ] Scwriter.ini -> %SystemRoot%\Scwriter.ini -> [Ver = | Size = 4610 bytes | Modified Date = 8/6/2008 12:53:56 AM | Attr = ] servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 7/6/2008 12:39:08 PM | Attr = ] System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 8/24/2008 10:28:25 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/10/2008 10:43:20 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/24/2008 6:21:21 PM | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 7/6/2008 12:46:29 PM | Attr = RH ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 8/14/2008 9:05:45 PM | Attr = ] Norton AntiVirus - Run Full System Scan - Damian.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Damian.job -> [Ver = | Size = 482 bytes | Modified Date = 8/4/2008 10:45:07 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/24/2008 10:22:26 AM | Attr = H ] User_Feed_Synchronization-{3AC8466D-0FC7-4549-A531-DFFC20110FF6}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{3AC8466D-0FC7-4549-A531-DFFC20110FF6}.job -> [Ver = | Size = 420 bytes | Modified Date = 8/23/2008 9:38:34 PM | Attr = H ] C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader -> [Folder | Modified Date = 11/2/2006 8:01:44 AM | Attr = ] qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 8/24/2008 6:00:57 PM | Attr = ] qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 8/24/2008 5:56:06 PM | Attr = ] C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 2/21/2008 9:29:17 PM | Attr = ] opa11.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2/21/2008 9:29:17 PM | Attr = ] C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData -> [Folder | Modified Date = 2/23/2008 11:03:20 AM | Attr = ] PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 5244 bytes | Modified Date = 8/24/2008 12:15:04 AM | Attr = ] PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 8/24/2008 12:15:05 AM | Attr = ] PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 8/24/2008 12:15:04 AM | Attr = ] PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 4440 bytes | Modified Date = 8/24/2008 12:15:04 AM | Attr = ] PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 4140 bytes | Modified Date = 8/24/2008 12:15:05 AM | Attr = ] PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 107068 bytes | Modified Date = 8/24/2008 12:15:04 AM | Attr = ] C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures -> [Folder | Modified Date = 2/21/2008 8:37:37 PM | Attr = ] Damian.dat -> C:\ProgramData\Microsoft\User Account Pictures\Damian.dat -> [Ver = | Size = 0 bytes | Modified Date = 2/21/2008 8:37:37 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Modified Date = 8/10/2008 5:56:44 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Modified Date = 8/5/2008 5:58:12 PM | Attr = ] Symantec -> %AllUsersProfile%\Symantec -> [Folder | Modified Date = 8/4/2008 11:25:28 PM | Attr = ] Symantec Temporary Files -> %AllUsersProfile%\Symantec Temporary Files -> [Folder | Modified Date = 8/4/2008 7:50:23 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 7/6/2008 11:13:28 AM | Attr = ] Download Manager -> %AppData%\Download Manager -> [Folder | Modified Date = 8/10/2008 5:55:50 PM | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 8/23/2008 7:56:16 PM | Attr = ] IGN_DLM -> %AppData%\IGN_DLM -> [Folder | Modified Date = 7/27/2008 10:30:05 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 8/10/2008 5:56:48 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 8/10/2008 8:02:54 PM | Attr = S] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 7/13/2008 10:00:31 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 8/23/2008 5:59:06 PM | Attr = ] Adobe -> %UserProfile%\AppData\Local\Adobe -> [Folder | Modified Date = 8/23/2008 7:57:00 PM | Attr = ] Apple -> %UserProfile%\AppData\Local\Apple -> [Folder | Modified Date = 8/22/2008 9:04:08 PM | Attr = ] Apple Computer -> %UserProfile%\AppData\Local\Apple Computer -> [Folder | Modified Date = 8/22/2008 8:54:18 PM | Attr = ] d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 1356 bytes | Modified Date = 8/4/2008 7:39:08 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 25600 bytes | Modified Date = 7/10/2008 11:31:12 PM | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 1882021 bytes | Modified Date = 8/14/2008 8:35:34 PM | Attr = H ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Modified Date = 8/24/2008 6:01:27 PM | Attr = ] VirtualStore -> %UserProfile%\AppData\Local\VirtualStore -> [Folder | Modified Date = 8/14/2008 7:06:30 PM | Attr = ] {6448F0A6-6813-11D6-A77B-00B0D0160070} -> %UserProfile%\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160070} -> [Folder | Modified Date = 8/23/2008 5:58:03 PM | Attr = ] desktop.ini -> %SystemDrive%\Users\Public\Documents\desktop.ini -> [Ver = | Size = 280 bytes | Modified Date = 7/6/2008 12:46:29 PM | Attr = HS] Symantec -> %UserProfile%\Documents\Symantec -> [Folder | Modified Date = 8/4/2008 8:57:01 PM | Attr = ] various_things -> %UserProfile%\Documents\various_things -> [Folder | Modified Date = 7/10/2008 8:57:45 PM | Attr = ] desktop.ini -> %SystemDrive%\Users\Public\Desktop\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 7/6/2008 12:46:29 PM | Attr = HS] Download Manager.lnk -> %SystemDrive%\Users\Public\Desktop\Download Manager.lnk -> [Ver = | Size = 831 bytes | Modified Date = 7/27/2008 7:33:25 PM | Attr = ] iTunes.lnk -> %SystemDrive%\Users\Public\Desktop\iTunes.lnk -> [Ver = | Size = 1804 bytes | Modified Date = 8/20/2008 7:26:37 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 820 bytes | Modified Date = 8/23/2008 5:26:44 PM | Attr = ] Norton AntiVirus.lnk -> %SystemDrive%\Users\Public\Desktop\Norton AntiVirus.lnk -> [Ver = | Size = 2199 bytes | Modified Date = 8/4/2008 8:12:34 PM | Attr = ] QuickTime Player.lnk -> %SystemDrive%\Users\Public\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1728 bytes | Modified Date = 8/20/2008 7:24:48 PM | Attr = ] camera backup 4 22 08 -> %UserProfile%\Desktop\camera backup 4 22 08 -> [Folder | Modified Date = 7/10/2008 11:32:06 PM | Attr = ] dad_logo.bmp -> %UserProfile%\Desktop\dad_logo.bmp -> [Ver = | Size = 921654 bytes | Modified Date = 7/31/2008 8:37:22 PM | Attr = ] Fallow(draft one).pdf -> %UserProfile%\Desktop\Fallow(draft one).pdf -> [Ver = | Size = 150553 bytes | Modified Date = 7/10/2008 9:02:51 PM | Attr = ] Fallow_new.BK -> %UserProfile%\Desktop\Fallow_new.BK -> [Ver = | Size = 152086 bytes | Modified Date = 8/24/2008 3:14:33 PM | Attr = ] Fallow_new.SCW -> %UserProfile%\Desktop\Fallow_new.SCW -> [Ver = | Size = 152014 bytes | Modified Date = 8/24/2008 3:21:43 PM | Attr = ] Fallow_v2.pdf -> %UserProfile%\Desktop\Fallow_v2.pdf -> [Ver = | Size = 152815 bytes | Modified Date = 8/11/2008 9:00:40 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Fallow_v2.pdf:Zone.Identifier Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg -> %UserProfile%\Desktop\Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg -> [Ver = | Size = 72212 bytes | Modified Date = 8/2/2008 2:12:32 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1876 bytes | Modified Date = 8/10/2008 8:33:21 PM | Attr = ] logoTemp.jpg -> %UserProfile%\Desktop\logoTemp.jpg -> [Ver = | Size = 30887 bytes | Modified Date = 7/31/2008 8:40:21 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\logoTemp.jpg:Zone.Identifier Microsoft Office Word 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2609 bytes | Modified Date = 8/11/2008 9:01:52 PM | Attr = ] mom_photos -> %UserProfile%\Desktop\mom_photos -> [Folder | Modified Date = 7/24/2008 8:09:21 PM | Attr = ] Notes for Pretensions.doc -> %UserProfile%\Desktop\Notes for Pretensions.doc -> [Ver = | Size = 32256 bytes | Modified Date = 8/11/2008 10:18:11 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/24/2008 6:00:10 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/24/2008 5:56:28 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier desktop.ini -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 7/6/2008 12:46:29 PM | Attr = HS] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 8/10/2008 7:16:53 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 8/23/2008 6:00:18 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 8/10/2008 8:13:27 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 7/6/2008 12:39:08 PM | Attr = ] < End of report > [/code]