OTViewIt logfile created on: 8/25/2008 6:06:03 PM - Run 7 OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Users\Damian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4RNRL23 Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.00% Memory free 4.00 Gb Paging File | 2.82 Gb Available in Paging File | 70.55% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99.23 Gb Total Space | 55.94 Gb Free Space | 56.37% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.80 Gb Free Space | 57.96% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SHIMMY Current User Name: Damian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user ===== Processes - Non-Microsoft Only ===== [12/12/2007 01:02 AM | 00,024,064 | ---- | M] () - C:\Windows\System32\WLTRYSVC.EXE [12/12/2007 01:01 AM | 02,506,752 | ---- | M] (Dell Inc.) - C:\Windows\System32\BCMWLTRY.EXE [01/25/2008 08:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [10/25/2007 01:31 PM | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\Apoint.exe [08/28/2007 12:51 AM | 00,036,864 | ---- | M] (Creative Technology Ltd.) - C:\Windows\OEM02Mon.exe [12/14/2007 10:53 PM | 00,154,136 | ---- | M] (Intel Corporation) - C:\Windows\System32\hkcmd.exe [12/14/2007 10:53 PM | 00,133,656 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxpers.exe [07/27/2007 05:43 PM | 00,118,784 | ---- | M] (Creative Technology Ltd.) - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [03/21/2007 02:00 PM | 00,174,872 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [12/12/2007 01:02 AM | 03,444,736 | ---- | M] (Dell Inc.) - C:\Windows\System32\WLTRAY.EXE [08/01/2008 10:40 PM | 00,029,744 | ---- | M] (Google) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [12/21/2007 11:58 AM | 00,184,320 | ---- | M] (CyberLink Corp.) - C:\Program Files\Dell\MediaDirect\PCMService.exe [12/14/2007 10:54 PM | 00,252,440 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxsrvc.exe [10/09/2007 07:56 PM | 00,202,544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [11/12/2007 06:07 AM | 00,405,504 | ---- | M] (IDT, Inc.) - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [01/25/2008 08:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [08/23/2008 06:05 PM | 00,171,448 | ---- | M] (Google Inc.) - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [11/03/2006 07:02 PM | 00,050,688 | ---- | M] (Avanquest Software ) - C:\Program Files\Digital Line Detect\DLG.exe [09/07/2007 05:27 PM | 01,180,952 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\QuickSet\quickset.exe [11/12/2007 06:07 AM | 00,073,728 | ---- | M] (Andrea Electronics Corporation) - C:\Windows\System32\AEstSrv.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [07/24/2007 04:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe [03/21/2007 02:00 PM | 00,355,096 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [11/05/2006 12:13 PM | 00,159,744 | ---- | M] (Sonic Solutions) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [08/01/2008 10:40 PM | 00,029,744 | ---- | M] (Google) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [10/09/2007 07:56 PM | 00,202,544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe [11/12/2007 06:07 AM | 00,102,400 | ---- | M] (IDT, Inc.) - C:\Windows\System32\stacsv.exe [08/04/2006 07:39 PM | 00,386,560 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\XAudio.exe [07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe [09/07/2007 01:49 AM | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\ApMsgFwd.exe [09/07/2007 01:49 AM | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\ApntEx.exe [09/07/2007 01:50 AM | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\hidfind.exe [02/09/2008 07:06 PM | 00,238,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [08/04/2008 08:10 PM | 01,245,064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [03/24/2008 09:32 PM | 00,218,496 | R--- | M] (Adobe Systems, Inc.) - C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe [08/25/2008 05:59 PM | 00,139,264 | ---- | M] (Kaspersky Lab.) - C:\Users\Damian\AppData\Local\Temp\Low\jkos-Damian\binaries\ScanningProcess.exe [08/25/2008 05:59 PM | 00,139,264 | ---- | M] (Kaspersky Lab.) - C:\Users\Damian\AppData\Local\Temp\Low\jkos-Damian\binaries\ScanningProcess.exe [08/25/2008 06:05 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Users\Damian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4RNRL23\OTViewIt[2].exe ===== Win32 Services - Non-Microsoft Only ===== (AESTFilters) Andrea ST Filters Service [Auto | Running] [11/12/2007 06:07 AM | 00,073,728 | ---- | M] (Andrea Electronics Corporation) - C:\Windows\System32\AEstSrv.exe (Apple Mobile Device) Apple Mobile Device [Auto | Running] [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running] [02/09/2008 07:06 PM | 00,238,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Bonjour Service) Bonjour Service [Auto | Running] [07/24/2007 04:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe (ccEvtMgr) Symantec Event Manager [Auto | Running] [01/25/2008 08:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (ccSetMgr) Symantec Settings Manager [Auto | Running] [01/25/2008 08:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (CertPropSvc) Certificate Propagation [Unknown | Stopped] File not found - %SystemRoot%\system32\svchost.exe (CLTNetCnService) Symantec Lic NetConnect service [Auto | Running] [01/25/2008 08:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (DcomLaunch) DCOM Server Process Launcher [Unknown | Running] File not found - %SystemRoot%\system32\svchost.exe (GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [On_Demand | Stopped] [08/01/2008 10:40 PM | 00,029,744 | ---- | M] (Google) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (gusvc) Google Updater Service [On_Demand | Stopped] [08/23/2008 06:05 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] [03/21/2007 02:00 PM | 00,355,096 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] [10/22/2004 04:24 AM | 00,073,728 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (idsvc) Windows CardSpace [Unknown | Running] File not found - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (iPod Service) iPod Service [On_Demand | Running] [07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe (LiveUpdate) LiveUpdate [On_Demand | Stopped] [08/04/2008 11:20 AM | 03,220,856 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (LiveUpdate Notice) LiveUpdate Notice [Auto | Running] [01/25/2008 08:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] [08/10/2008 10:43 PM | ---D | M] - C:\Windows\System32\Msdtc (RoxMediaDB9) RoxMediaDB9 [On_Demand | Stopped] [11/05/2006 12:15 PM | 00,880,640 | ---- | M] (Sonic Solutions) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (RoxWatch9) Roxio Hard Drive Watcher 9 [Auto | Running] [11/05/2006 12:13 PM | 00,159,744 | ---- | M] (Sonic Solutions) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Schedule) Task Scheduler [Unknown | Running] File not found - %systemroot%\system32\svchost.exe (SCPolicySvc) Smart Card Removal Policy [Unknown | Stopped] File not found - %SystemRoot%\system32\svchost.exe (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Auto | Running] [10/09/2007 07:56 PM | 00,202,544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (STacSV) SigmaTel Audio Service [Auto | Running] [11/12/2007 06:07 AM | 00,102,400 | ---- | M] (IDT, Inc.) - C:\Windows\System32\stacsv.exe (stllssvr) stllssvr [On_Demand | Stopped] [09/14/2006 03:54 PM | 00,073,728 | ---- | M] (MicroVision Development, Inc.) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (Symantec Core LC) Symantec Core LC [On_Demand | Running] [08/04/2008 08:10 PM | 01,245,064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec RemoteAssist) Symantec RemoteAssist [On_Demand | Stopped] [01/29/2008 04:09 PM | 00,394,704 | ---- | M] (Symantec, Inc.) - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (TrustedInstaller) Windows Modules Installer [Unknown | Stopped] File not found - %SystemRoot%\servicing\TrustedInstaller.exe (WdiServiceHost) Diagnostic Service Host [Unknown | Stopped] File not found - %SystemRoot%\System32\svchost.exe (WdiSystemHost) Diagnostic System Host [Unknown | Running] File not found - %SystemRoot%\System32\svchost.exe (wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running] [12/12/2007 01:02 AM | 00,024,064 | ---- | M] () - C:\Windows\System32\WLTRYSVC.EXE (XAudioService) XAudioService [Auto | Running] [08/04/2006 07:39 PM | 00,386,560 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\XAudio.exe ===== Driver Services - Non-Microsoft Only ===== (adp94xx) adp94xx [Disabled | Stopped] [11/02/2006 04:51 AM | 00,420,968 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adp94xx.sys (adpahci) adpahci [Disabled | Stopped] [11/02/2006 04:51 AM | 00,297,576 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpahci.sys (adpu160m) adpu160m [Disabled | Stopped] [11/02/2006 04:50 AM | 00,098,408 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpu160m.sys (adpu320) adpu320 [Disabled | Stopped] [11/02/2006 04:51 AM | 00,147,048 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpu320.sys (aic78xx) aic78xx [Disabled | Stopped] [11/02/2006 04:50 AM | 00,071,272 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\djsvs.sys (aliide) aliide [Disabled | Stopped] [02/11/2008 01:44 PM | 00,017,592 | ---- | M] (Acer Laboratories Inc.) - C:\Windows\System32\drivers\aliide.sys (ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [On_Demand | Running] [12/26/2007 08:02 PM | 00,164,400 | ---- | M] (Alps Electric Co., Ltd.) - C:\Windows\System32\drivers\Apfiltr.sys (arc) arc [Disabled | Stopped] [11/02/2006 04:50 AM | 00,067,688 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\arc.sys (arcsas) arcsas [Disabled | Stopped] [11/02/2006 04:50 AM | 00,067,688 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\arcsas.sys (BCM42RLY) BCM42RLY [On_Demand | Stopped] File not found - C:\Windows\System32\drivers\BCM42RLY.sys (BCM43XX) Dell Wireless WLAN Card Driver [On_Demand | Running] [12/12/2007 01:02 AM | 01,044,984 | ---- | M] (Broadcom Corp.) - C:\Windows\System32\drivers\BCMWL6.SYS (blbdrive) blbdrive [Disabled | Stopped] File not found - C:\Windows\system32\drivers\blbdrive.sys (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [On_Demand | Stopped] [11/02/2006 03:24 AM | 00,013,568 | ---- | M] (Brother Industries, Ltd.) - C:\Windows\System32\drivers\BrFiltLo.sys (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [On_Demand | Stopped] [11/02/2006 03:24 AM | 00,005,248 | ---- | M] (Brother Industries, Ltd.) - C:\Windows\System32\drivers\BrFiltUp.sys (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Disabled | Stopped] [11/02/2006 03:25 AM | 00,071,808 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrSerId.sys (BrSerWdm) Brother WDM Serial driver [Disabled | Stopped] [11/02/2006 03:24 AM | 00,062,336 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrSerWdm.sys (BrUsbMdm) Brother MFC USB Fax Only Modem [Disabled | Stopped] [11/02/2006 03:24 AM | 00,012,160 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrUsbMdm.sys (BrUsbSer) Brother MFC USB Serial WDM Driver [On_Demand | Stopped] [11/02/2006 03:24 AM | 00,011,904 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrUsbSer.sys (CLFS) Common Log (CLFS) [Unknown | Running] File not found - (cmdide) cmdide [Disabled | Stopped] [02/11/2008 01:44 PM | 00,019,128 | ---- | M] (CMD Technology, Inc.) - C:\Windows\System32\drivers\cmdide.sys (COH_Mon) COH_Mon [On_Demand | Stopped] [07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\COH_Mon.sys (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [On_Demand | Stopped] [11/02/2006 02:30 AM | 00,200,704 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\e1e6032.sys (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [On_Demand | Stopped] [11/02/2006 02:30 AM | 00,117,760 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\E1G60I32.sys (eeCtrl) Symantec Eraser Control driver [System | Running] [08/20/2008 03:00 AM | 00,371,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (elxstor) elxstor [Disabled | Stopped] [11/02/2006 04:51 AM | 00,316,520 | ---- | M] (Emulex) - C:\Windows\System32\drivers\elxstor.sys (EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running] [08/20/2008 03:00 AM | 00,099,376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (GEARAspiWDM) GEARAspiWDM [On_Demand | Running] [01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\Windows\System32\drivers\GEARAspiWDM.sys (HpCISSs) HpCISSs [Disabled | Stopped] [11/02/2006 04:50 AM | 00,037,480 | ---- | M] (Hewlett-Packard Company) - C:\Windows\System32\drivers\HpCISSs.sys (HSF_DPV) HSF_DPV [On_Demand | Running] [11/02/2006 09:43 PM | 00,986,624 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\HSX_DPV.sys (HSXHWAZL) HSXHWAZL [On_Demand | Running] [11/02/2006 09:42 PM | 00,206,848 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\HSXHWAZL.sys (iaStor) Intel AHCI Controller [Boot | Running] [09/06/2007 11:43 AM | 00,304,920 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\iaStor.sys (iaStorV) Intel RAID Controller Vista [Disabled | Stopped] [11/02/2006 04:51 AM | 00,232,040 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\iaStorV.sys (IDSvix86) Symantec Intrusion Prevention Driver [System | Running] [03/20/2008 03:37 PM | 00,261,680 | ---- | M] (Symantec Corporation) - C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20080825.001\IDSvix86.sys (igfx) igfx [On_Demand | Running] [12/14/2007 10:53 PM | 01,674,240 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\igdkmd32.sys (iirsp) iirsp [Disabled | Stopped] [11/02/2006 04:50 AM | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) - C:\Windows\System32\drivers\iirsp.sys (IntcHdmiAddService) Intel(R) High Definition Audio HDMI Service [On_Demand | Running] [12/14/2007 10:54 PM | 00,111,104 | ---- | M] (Intel(R) Corporation) - C:\Windows\System32\drivers\IntcHdmi.sys (IpInIp) IP in IP Tunnel Driver [On_Demand | Stopped] File not found - C:\Windows\System32\DRIVERS\ipinip.sys (iteatapi) ITEATAPI_Service_Install [Disabled | Stopped] [11/02/2006 04:50 AM | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) - C:\Windows\System32\drivers\iteatapi.sys (iteraid) ITERAID_Service_Install [Disabled | Stopped] [11/02/2006 04:50 AM | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) - C:\Windows\System32\drivers\iteraid.sys (LSI_FC) LSI_FC [Disabled | Stopped] [11/02/2006 04:50 AM | 00,065,640 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\lsi_fc.sys (LSI_SAS) LSI_SAS [Disabled | Stopped] [11/02/2006 04:50 AM | 00,065,640 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\lsi_sas.sys (LSI_SCSI) LSI_SCSI [Disabled | Stopped] [11/02/2006 04:50 AM | 00,065,640 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\lsi_scsi.sys (mdmxsdk) mdmxsdk [Auto | Running] [06/19/2006 04:26 PM | 00,012,672 | ---- | M] (Conexant) - C:\Windows\System32\drivers\mdmxsdk.sys (megasas) megasas [Disabled | Stopped] [11/02/2006 04:49 AM | 00,028,776 | ---- | M] (LSI Logic Corporation) - C:\Windows\System32\drivers\megasas.sys (Mraid35x) Mraid35x [Disabled | Stopped] [11/02/2006 04:49 AM | 00,033,384 | ---- | M] (LSI Logic Corporation) - C:\Windows\System32\drivers\Mraid35x.sys (NAVENG) NAVENG [On_Demand | Running] [08/20/2008 03:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\ProgramData\Symantec\Definitions\VirusDefs\20080825.003\naveng.sys (NAVEX15) NAVEX15 [On_Demand | Running] [08/20/2008 03:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\ProgramData\Symantec\Definitions\VirusDefs\20080825.003\navex15.sys (nfrd960) nfrd960 [Disabled | Stopped] [11/02/2006 04:50 AM | 00,045,160 | ---- | M] (IBM Corporation) - C:\Windows\System32\drivers\nfrd960.sys (ntrigdigi) N-trig HID Tablet Driver [Disabled | Stopped] [11/02/2006 02:36 AM | 00,020,608 | ---- | M] (N-trig Innovative Technologies) - C:\Windows\System32\drivers\ntrigdigi.sys (nvraid) nvraid [Disabled | Stopped] [11/02/2006 04:50 AM | 00,088,680 | ---- | M] (NVIDIA Corporation) - C:\Windows\System32\drivers\nvraid.sys (nvstor) nvstor [Disabled | Stopped] [11/02/2006 04:50 AM | 00,040,040 | ---- | M] (NVIDIA Corporation) - C:\Windows\System32\drivers\nvstor.sys (NwlnkFlt) IPX Traffic Filter Driver [On_Demand | Stopped] File not found - C:\Windows\System32\DRIVERS\nwlnkflt.sys (NwlnkFwd) IPX Traffic Forwarder Driver [On_Demand | Stopped] File not found - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (OEM02Dev) Creative Camera OEM002 Driver [On_Demand | Running] [10/10/2007 05:03 PM | 00,235,648 | ---- | M] (Creative Technology Ltd.) - C:\Windows\System32\drivers\OEM02Dev.sys (OEM02Vfx) Creative Camera OEM002 Video VFX Driver [On_Demand | Running] [08/28/2007 12:51 AM | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) - C:\Windows\System32\drivers\OEM02Vfx.sys (PxHelp20) PxHelp20 [Boot | Running] [07/24/2006 04:00 AM | 00,036,528 | ---- | M] (Sonic Solutions) - C:\Windows\System32\drivers\pxhelp20.sys (ql2300) QLogic Fibre Channel Miniport Driver [Disabled | Stopped] [11/02/2006 04:51 AM | 00,900,712 | ---- | M] (QLogic Corporation) - C:\Windows\System32\drivers\ql2300.sys (ql40xx) QLogic iSCSI Miniport Driver [Disabled | Stopped] [11/02/2006 04:50 AM | 00,106,088 | ---- | M] (QLogic Corporation) - C:\Windows\System32\drivers\ql40xx.sys (R300) R300 [On_Demand | Stopped] [11/02/2006 02:36 AM | 02,028,032 | ---- | M] (ATI Technologies Inc.) - C:\Windows\System32\drivers\atikmdag.sys (rimmptsk) rimmptsk [Auto | Running] [09/06/2007 11:35 AM | 00,039,936 | ---- | M] (REDC) - C:\Windows\System32\drivers\rimmptsk.sys (rimsptsk) rimsptsk [Auto | Running] [09/06/2007 11:35 AM | 00,042,496 | ---- | M] (REDC) - C:\Windows\System32\drivers\rimsptsk.sys (rismxdp) Ricoh xD-Picture Card Driver [Auto | Running] [09/06/2007 11:35 AM | 00,037,376 | ---- | M] (REDC) - C:\Windows\System32\drivers\rixdptsk.sys (secdrv) Security Driver [Auto | Running] [11/02/2006 01:37 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\Windows\System32\drivers\secdrv.sys (SiSRaid2) SiSRaid2 [Disabled | Stopped] [11/02/2006 04:50 AM | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) - C:\Windows\System32\drivers\sisraid2.sys (SiSRaid4) SiSRaid4 [Disabled | Stopped] [11/02/2006 04:50 AM | 00,071,784 | ---- | M] (Silicon Integrated Systems) - C:\Windows\System32\drivers\sisraid4.sys (SPBBCDrv) SPBBCDrv [System | Running] [01/16/2008 11:05 PM | 00,447,024 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (SRTSP) SRTSP [System | Running] [01/31/2008 08:51 PM | 00,279,088 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\srtsp.sys (SRTSPL) SRTSPL [On_Demand | Stopped] [01/31/2008 08:51 PM | 00,317,616 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\srtspl.sys (SRTSPX) SRTSPX [System | Running] [01/31/2008 08:51 PM | 00,043,696 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\srtspx.sys (STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running] [11/12/2007 06:07 AM | 00,330,240 | ---- | M] (IDT, Inc.) - C:\Windows\System32\drivers\stwrt.sys (Symc8xx) Symc8xx [Disabled | Stopped] [11/02/2006 04:50 AM | 00,035,944 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\symc8xx.sys (SYMDNS) SYMDNS [On_Demand | Running] [06/13/2008 02:13 PM | 00,013,616 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symdns.sys (SymEvent) SymEvent [On_Demand | Running] [08/04/2008 10:41 PM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\SYMEVENT.SYS (SYMFW) SYMFW [On_Demand | Running] [06/13/2008 02:13 PM | 00,096,432 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symfw.sys (SymIM) Symantec Network Security Intermediate Filter Driver [System | Running] [06/13/2008 02:14 PM | 00,024,112 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\SymIMV.sys (SYMNDISV) SYMNDISV [On_Demand | Running] [06/13/2008 02:13 PM | 00,041,008 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symndisv.sys (SYMREDRV) SYMREDRV [On_Demand | Running] [06/13/2008 02:13 PM | 00,022,320 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symredrv.sys (SYMTDI) SYMTDI [System | Running] [06/13/2008 02:13 PM | 00,184,240 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\symtdi.sys (Sym_hi) Sym_hi [Disabled | Stopped] [11/02/2006 04:49 AM | 00,031,848 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\sym_hi.sys (Sym_u3) Sym_u3 [Disabled | Stopped] [11/02/2006 04:50 AM | 00,034,920 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\sym_u3.sys (uliahci) uliahci [Disabled | Stopped] [11/02/2006 04:51 AM | 00,235,112 | ---- | M] (ULi Electronics Inc.) - C:\Windows\System32\drivers\uliahci.sys (UlSata) UlSata [Disabled | Stopped] [11/02/2006 04:50 AM | 00,098,408 | ---- | M] (Promise Technology, Inc.) - C:\Windows\System32\drivers\ulsata.sys (ulsata2) ulsata2 [Disabled | Stopped] [11/02/2006 04:50 AM | 00,115,816 | ---- | M] (Promise Technology, Inc.) - C:\Windows\System32\drivers\ulsata2.sys (viaide) viaide [Disabled | Stopped] [02/11/2008 01:44 PM | 00,020,152 | ---- | M] (VIA Technologies, Inc.) - C:\Windows\System32\drivers\viaide.sys (vsmraid) vsmraid [Disabled | Stopped] [11/02/2006 04:50 AM | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) - C:\Windows\System32\drivers\vsmraid.sys (winachsf) winachsf [On_Demand | Running] [11/02/2006 09:42 PM | 00,659,968 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\HSX_CNXT.sys (XAudio) XAudio [Auto | Running] [08/04/2006 07:39 PM | 00,008,192 | ---- | M] (Conexant Systems, Inc.) - C:\Windows\System32\drivers\XAudio.sys (yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [On_Demand | Running] [12/06/2007 09:51 AM | 00,298,496 | ---- | M] (Marvell) - C:\Windows\System32\drivers\yk60x86.sys ===== Run Keys ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "" = File not found "Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated) "Apoint" = C:\Program Files\DellTPad\Apoint.exe [10/25/2007 01:31 PM | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) "AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) "Broadcom Wireless Manager UI" = C:\Windows\system32\WLTRAY.exe [12/12/2007 01:02 AM | 03,444,736 | ---- | M] (Dell Inc.) "ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 08:47 PM | 00,051,048 | ---- | M] (Symantec Corporation) "DELL Webcam Manager" = "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [07/27/2007 05:43 PM | 00,118,784 | ---- | M] (Creative Technology Ltd.) "DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [10/09/2007 07:56 PM | 00,202,544 | ---- | M] (SupportSoft, Inc.) "dscactivate" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 07:57 PM | 00,016,384 | ---- | M] ( ) "Google Desktop Search" = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [08/01/2008 10:40 PM | 00,029,744 | ---- | M] (Google) "HotKeysCmds" = C:\Windows\system32\hkcmd.exe [12/14/2007 10:53 PM | 00,154,136 | ---- | M] (Intel Corporation) "IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [03/21/2007 02:00 PM | 00,174,872 | ---- | M] (Intel Corporation) "IgfxTray" = C:\Windows\system32\igfxtray.exe [12/14/2007 10:54 PM | 00,137,752 | ---- | M] (Intel Corporation) "ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [10/03/2006 12:37 PM | 00,081,920 | ---- | M] (Macrovision Corporation) "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) "OEM02Mon.exe" = C:\Windows\OEM02Mon.exe [08/28/2007 12:51 AM | 00,036,864 | ---- | M] (Creative Technology Ltd.) "PCMService" = "C:\Program Files\Dell\MediaDirect\PCMService.exe" [12/21/2007 11:58 AM | 00,184,320 | ---- | M] (CyberLink Corp.) "Persistence" = C:\Windows\system32\igfxpers.exe [12/14/2007 10:53 PM | 00,133,656 | ---- | M] (Intel Corporation) "QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.) "SigmatelSysTrayApp" = %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [11/12/2007 06:07 AM | 00,405,504 | ---- | M] (IDT, Inc.) "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [10/09/2007 07:56 PM | 00,202,544 | ---- | M] (SupportSoft, Inc.) "igndlm.exe" = C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [03/05/2007 04:57 PM | 01,103,480 | ---- | M] (IGN Entertainment) "swg" = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [08/23/2008 06:05 PM | 00,171,448 | ---- | M] (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. ===== Startup Folders ===== ===== BHO's ===== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/23/2006 12:08 AM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] HKLM CLSID: (Symantec Intrusion Prevention) - [08/04/2008 08:11 PM | 00,116,088 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] HKLM CLSID: (Google Toolbar Helper) - [08/23/2008 06:05 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] HKLM CLSID: (CBrowserHelperObject Object) - [11/09/2006 10:56 AM | 00,098,304 | ---- | M] (Dell Inc.) C:\Program Files\Dell\BAE\BAE.dll ===== Toolbars ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" HKLM CLSID: (&Google) - [08/23/2008 06:05 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" HKLM CLSID: (Easy-WebPrint) - [04/16/2004 07:43 PM | 00,405,504 | ---- | M] () C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" HKLM CLSID: (&Google) - [08/23/2008 06:05 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll ===== Policies ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "ConsentPromptBehaviorAdmin" = 2 "ConsentPromptBehaviorUser" = 1 "EnableInstallerDetection" = 1 "EnableLUA" = 1 "EnableSecureUIAPaths" = 1 "EnableVirtualization" = 1 "PromptOnSecureDesktop" = 1 "ValidateAdminCodeSignatures" = 0 "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "scforceoption" = 0 "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 "FilterAdministratorToken" = 0 "EnableUIADesktopToggle" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats] "CF_TEXT" = 1 "CF_BITMAP" = 2 "CF_OEMTEXT" = 7 "CF_DIB" = 8 "CF_PALETTE" = 9 "CF_UNICODETEXT" = 13 "CF_DIBV5" = 17 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] Unable to open key or key not present! [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! ===== Desktop Components ===== ===== Shared Task Scheduler ===== ===== AppInit_Dlls ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls] "C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" - [08/01/2008 10:40 PM | 00,113,664 | ---- | M] (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ===== Lsa Authentication Packages ===== ===== Lsa Security Packages ===== ===== Authorized Applications List ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] Unable to open key or key not present! [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] Unable to open key or key not present! ===== HKLM Winlogon Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "explorer.exe" - [01/19/2008 02:33 AM | 02,927,104 | ---- | M] (Microsoft Corporation) C:\Windows\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\Windows\system32\userinit.exe" - [01/19/2008 02:33 AM | 00,025,088 | ---- | M] (Microsoft Corporation) C:\Windows\System32\userinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [04/23/2008 11:58 PM | 11,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\System32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [01/19/2008 02:32 AM | 00,242,688 | ---- | M] (Microsoft Corporation) C:\Windows\System32\sysdm.cpl ===== User's Winlogon Settings ===== ===== Winlogon Notify Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] "DllName" = C:\Windows\System32\igfxdev.dll [12/14/2007 10:53 PM | 00,204,800 | ---- | M] (Intel Corporation) ===== Safeboot Options ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "AlternateShell" = cmd.exe ===== Disabled MsConfig Items ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] "bootini" = 2 ===== DNS Name Servers ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{13538EA0-26FD-4981-AE76-9E3CA017F7C4}] Servers: | Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{E7B44AD6-7076-414A-9900-43204041EE3E}] Servers: | Description: Dell Wireless 1395 WLAN Mini-Card ===== CDRom AutoRun Settings ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ===== Autorun Files on Drives ===== autoexec.bat [REM Dummy file for NTVDM | ] [09/18/2006 04:43 PM | 00,000,024 | ---- | M] () C:\autoexec.bat [ NTFS ] ===== MountPoints2 ===== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c972351-4fa4-11dd-8473-001d093d2e48}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c972351-4fa4-11dd-8473-001d093d2e48}\Shell\Autoplay] "MUIVerb" = C:\Windows\System32\shell32.dll [04/23/2008 11:58 PM | 11,580,416 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c972351-4fa4-11dd-8473-001d093d2e48}\Shell\Autoplay\DropTarget] "CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c972356-4fa4-11dd-8473-001d093d2e48}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c972356-4fa4-11dd-8473-001d093d2e48}\Shell\Autoplay] "MUIVerb" = C:\Windows\System32\shell32.dll [04/23/2008 11:58 PM | 11,580,416 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c972356-4fa4-11dd-8473-001d093d2e48}\Shell\Autoplay\DropTarget] "CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c972356-4fa4-11dd-8473-001d093d2e48}\Shell\AutoRun] "" = Install or run program "SetWorkingDirectoryFromTarget" = [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c972356-4fa4-11dd-8473-001d093d2e48}\Shell\AutoRun\command] "" = G:\LaunchU3.exe File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1cc417e-e0ea-11dc-90a2-001d093d2e48}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1cc417e-e0ea-11dc-90a2-001d093d2e48}\Shell\Autoplay] "MUIVerb" = C:\Windows\System32\shell32.dll [04/23/2008 11:58 PM | 11,580,416 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1cc417e-e0ea-11dc-90a2-001d093d2e48}\Shell\Autoplay\DropTarget] "CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2212551-e22d-11dc-b4b4-001d093d2e48}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2212551-e22d-11dc-b4b4-001d093d2e48}\Shell\Autoplay] "MUIVerb" = C:\Windows\System32\shell32.dll [04/23/2008 11:58 PM | 11,580,416 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2212551-e22d-11dc-b4b4-001d093d2e48}\Shell\Autoplay\DropTarget] "CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a28413-0330-11dd-9b08-001d093d2e48}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a28413-0330-11dd-9b08-001d093d2e48}\Shell\Autoplay] "MUIVerb" = C:\Windows\System32\shell32.dll [04/23/2008 11:58 PM | 11,580,416 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a28413-0330-11dd-9b08-001d093d2e48}\Shell\Autoplay\DropTarget] "CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931} ===== Hosts File ===== HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ::1 localhost [Files/Folders - Created Within 30 days] [08/24/2008 10:22 AM | -HSD | C] - C:\Config.Msi [08/25/2008 08:00 AM | 21,370,42944 | -HS- | C] () - C:\hiberfil.sys [08/04/2008 10:41 PM | 00,000,805 | ---- | C] () - C:\Windows\System32\drivers\SYMEVENT.INF [08/04/2008 10:41 PM | 00,010,671 | ---- | C] () - C:\Windows\System32\drivers\SYMEVENT.CAT [08/04/2008 10:41 PM | 00,123,952 | ---- | C] (Symantec Corporation) - C:\Windows\System32\drivers\SYMEVENT.SYS [08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbam.sys [08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbamswissarmy.sys [12/26/2007 08:02 PM | 00,164,400 | ---- | C] (Alps Electric Co., Ltd.) - C:\Windows\System32\drivers\Apfiltr.sys [05/26/2008 11:59 PM | 00,018,904 | ---- | C] () - C:\Windows\System32\StructuredQuerySchemaTrivial.bin [05/26/2008 11:59 PM | 00,106,605 | ---- | C] () - C:\Windows\System32\StructuredQuerySchema.bin [06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\Windows\System32\java.exe [06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\Windows\System32\javaw.exe [06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\Windows\System32\javaws.exe [08/22/2008 12:36 AM | ---D | C] - C:\Windows\System32\SmitfraudFix [11/08/2007 04:04 AM | 11,967,524 | ---- | C] () - C:\Windows\System32\korwbrkr.lex [08/04/2008 07:09 PM | ---D | C] - C:\Windows\pss [08/04/2008 10:45 PM | 00,000,482 | ---- | C] () - C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Damian.job [08/04/2008 07:50 PM | ---D | C] - C:\ProgramData\Symantec Temporary Files [08/04/2008 11:25 PM | ---D | C] - C:\ProgramData\Symantec [08/05/2008 05:58 PM | ---D | C] - C:\ProgramData\SUPERAntiSpyware.com [08/10/2008 05:56 PM | ---D | C] - C:\ProgramData\Malwarebytes [07/27/2008 10:30 PM | ---D | C] - C:\Users\Damian\AppData\Roaming\IGN_DLM [08/10/2008 05:55 PM | ---D | C] - C:\Users\Damian\AppData\Roaming\Download Manager [08/10/2008 05:56 PM | ---D | C] - C:\Users\Damian\AppData\Roaming\Malwarebytes [08/23/2008 05:59 PM | ---D | C] - C:\Users\Damian\AppData\Roaming\SUPERAntiSpyware.com [08/04/2008 07:39 PM | 00,001,356 | ---- | C] () - C:\Users\Damian\AppData\Local\d3d9caps.dat [08/22/2008 08:54 PM | ---D | C] - C:\Users\Damian\AppData\Local\Apple Computer [08/22/2008 09:04 PM | ---D | C] - C:\Users\Damian\AppData\Local\Apple [08/23/2008 05:58 PM | ---D | C] - C:\Users\Damian\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160070} [08/23/2008 07:57 PM | ---D | C] - C:\Users\Damian\AppData\Local\Adobe [08/24/2008 11:15 PM | 01,884,391 | -H-- | C] () - C:\Users\Damian\AppData\Local\IconCache.db [08/04/2008 08:57 PM | ---D | C] - C:\Users\Damian\Documents\Symantec [07/27/2008 07:33 PM | 00,000,831 | ---- | C] () - C:\Users\Public\Desktop\Download Manager.lnk [08/04/2008 08:12 PM | 00,002,199 | ---- | C] () - C:\Users\Public\Desktop\Norton AntiVirus.lnk [08/20/2008 07:24 PM | 00,001,728 | ---- | C] () - C:\Users\Public\Desktop\QuickTime Player.lnk [08/20/2008 07:26 PM | 00,001,804 | ---- | C] () - C:\Users\Public\Desktop\iTunes.lnk [08/23/2008 05:26 PM | 00,000,820 | ---- | C] () - C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [07/31/2008 08:37 PM | 00,921,654 | ---- | C] () - C:\Users\Damian\Desktop\dad_logo.bmp [07/31/2008 08:40 PM | 00,030,887 | ---- | C] () - C:\Users\Damian\Desktop\logoTemp.jpg [08/02/2008 02:12 PM | 00,072,212 | ---- | C] () - C:\Users\Damian\Desktop\Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg [08/10/2008 08:33 PM | 00,001,876 | ---- | C] () - C:\Users\Damian\Desktop\HijackThis.lnk [08/11/2008 09:00 PM | 00,152,815 | ---- | C] () - C:\Users\Damian\Desktop\Fallow_v2.pdf [08/11/2008 10:18 PM | 00,032,256 | ---- | C] () - C:\Users\Damian\Desktop\Notes for Pretensions.doc [08/24/2008 03:14 PM | 00,152,086 | ---- | C] () - C:\Users\Damian\Desktop\Fallow_new.BK [08/24/2008 03:21 PM | 00,152,014 | ---- | C] () - C:\Users\Damian\Desktop\Fallow_new.SCW [08/24/2008 11:09 PM | 00,010,765 | ---- | C] () - C:\Users\Damian\Desktop\Medela Pump in Style with shoulder bag.jpg [08/10/2008 07:16 PM | ---D | C] - C:\Program Files\Common Files\Download Manager [08/10/2008 08:13 PM | ---D | C] - C:\Program Files\Common Files\Symantec Shared [08/23/2008 06:00 PM | ---D | C] - C:\Program Files\Common Files\Java [07/27/2008 07:33 PM | ---D | C] - C:\Program Files\Download Manager [08/04/2008 06:47 PM | ---D | C] - C:\Program Files\Enigma Software Group [08/04/2008 08:14 PM | ---D | C] - C:\Program Files\Norton AntiVirus [08/04/2008 10:41 PM | ---D | C] - C:\Program Files\Symantec [08/10/2008 08:33 PM | ---D | C] - C:\Program Files\Trend Micro [08/20/2008 07:24 PM | ---D | C] - C:\Program Files\QuickTime [08/20/2008 07:26 PM | ---D | C] - C:\Program Files\iPod [08/20/2008 07:26 PM | ---D | C] - C:\Program Files\iTunes [08/20/2008 07:27 PM | ---D | C] - C:\Program Files\Apple Software Update [08/23/2008 05:26 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware [08/23/2008 05:32 PM | ---D | C] - C:\Program Files\Applications [08/23/2008 05:58 PM | ---D | C] - C:\Program Files\SUPERAntiSpyware [Files/Folders - Modified Within 30 days] [08/10/2008 05:56 PM | -H-D | M] - C:\ProgramData [08/10/2008 07:58 PM | ---D | M] - C:\DELL [08/20/2008 07:27 PM | R--D | M] - C:\Program Files [08/21/2008 03:36 PM | ---D | M] - C:\Windows [08/23/2008 06:26 PM | -HSD | M] - C:\System Volume Information [08/24/2008 10:22 AM | -HSD | M] - C:\Config.Msi [08/25/2008 08:00 AM | 21,370,42944 | -HS- | M] () - C:\hiberfil.sys [07/30/2008 05:28 PM | 00,000,706 | ---- | M] () - C:\Windows\System32\drivers\COH_Mon.inf [07/30/2008 05:28 PM | 00,010,537 | ---- | M] () - C:\Windows\System32\drivers\coh_mon.cat [07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\COH_Mon.sys [08/04/2008 06:36 PM | ---D | M] - C:\Windows\System32\drivers\etc [08/04/2008 10:41 PM | 00,000,805 | ---- | M] () - C:\Windows\System32\drivers\SYMEVENT.INF [08/04/2008 10:41 PM | 00,010,671 | ---- | M] () - C:\Windows\System32\drivers\SYMEVENT.CAT [08/04/2008 10:41 PM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\Windows\System32\drivers\SYMEVENT.SYS [08/10/2008 09:11 PM | ---D | M] - C:\Windows\System32\drivers\UMDF [08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbam.sys [08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbamswissarmy.sys [08/04/2008 11:29 PM | ---D | M] - C:\Windows\System32\WDI [08/10/2008 09:08 PM | ---D | M] - C:\Windows\System32\LogFiles [08/10/2008 10:43 PM | ---D | M] - C:\Windows\System32\CodeIntegrity [08/10/2008 10:43 PM | ---D | M] - C:\Windows\System32\config [08/10/2008 10:43 PM | ---D | M] - C:\Windows\System32\Msdtc [08/10/2008 10:43 PM | ---D | M] - C:\Windows\System32\spool [08/10/2008 10:43 PM | ---D | M] - C:\Windows\System32\wbem [08/14/2008 08:39 PM | ---D | M] - C:\Windows\System32\catroot2 [08/14/2008 08:54 PM | ---D | M] - C:\Windows\System32\en-US [08/14/2008 08:54 PM | ---D | M] - C:\Windows\System32\migration [08/20/2008 07:22 PM | ---D | M] - C:\Windows\System32\catroot [08/20/2008 07:27 PM | ---D | M] - C:\Windows\System32\Tasks [08/22/2008 12:36 AM | ---D | M] - C:\Windows\System32\SmitfraudFix [08/23/2008 05:26 PM | ---D | M] - C:\Windows\System32\drivers [08/25/2008 06:00 PM | 00,003,552 | -H-- | M] () - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [08/25/2008 06:00 PM | 00,003,552 | -H-- | M] () - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [08/25/2008 08:05 AM | 00,101,350 | ---- | M] () - C:\Windows\System32\perfc009.dat [08/25/2008 08:05 AM | 00,595,684 | ---- | M] () - C:\Windows\System32\perfh009.dat [08/25/2008 08:05 AM | 00,690,960 | ---- | M] () - C:\Windows\System32\PerfStringBackup.INI [07/31/2008 03:07 AM | ---D | M] - C:\Windows\PolicyDefinitions [08/04/2008 07:09 PM | ---D | M] - C:\Windows\pss [08/04/2008 09:06 PM | 00,001,409 | ---- | M] () - C:\Windows\QTFont.for [08/05/2008 07:27 PM | --SD | M] - C:\Windows\Downloaded Program Files [08/06/2008 12:53 AM | 00,004,610 | ---- | M] () - C:\Windows\Scwriter.ini [08/10/2008 06:46 PM | 00,054,156 | -H-- | M] () - C:\Windows\QTFont.qfn [08/10/2008 10:43 PM | ---D | M] - C:\Windows\registration [08/10/2008 10:43 PM | ---D | M] - C:\Windows\Tasks [08/14/2008 08:36 PM | ---D | M] - C:\Windows\AppPatch [08/14/2008 09:05 PM | ---D | M] - C:\Windows\winsxs [08/14/2008 09:11 PM | ---D | M] - C:\Windows\rescache [08/21/2008 03:35 PM | 31,121,7362 | ---- | M] () - C:\Windows\MEMORY.DMP [08/21/2008 03:35 PM | ---D | M] - C:\Windows\Minidump [08/23/2008 06:05 PM | -HSD | M] - C:\Windows\Installer [08/25/2008 06:05 PM | ---D | M] - C:\Windows\Temp [08/25/2008 06:06 PM | ---D | M] - C:\Windows\Prefetch [08/25/2008 08:00 AM | 00,067,584 | --S- | M] () - C:\Windows\bootstat.dat [08/25/2008 08:05 AM | ---D | M] - C:\Windows\inf [08/25/2008 08:05 AM | ---D | M] - C:\Windows\System32 [08/04/2008 10:45 PM | 00,000,482 | ---- | M] () - C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Damian.job [08/24/2008 10:19 PM | 00,000,420 | -H-- | M] () - C:\Windows\tasks\User_Feed_Synchronization-{3AC8466D-0FC7-4549-A531-DFFC20110FF6}.job [08/25/2008 08:01 AM | 00,000,006 | -H-- | M] () - C:\Windows\tasks\SA.DAT [08/04/2008 07:50 PM | ---D | M] - C:\ProgramData\Symantec Temporary Files [08/04/2008 11:25 PM | ---D | M] - C:\ProgramData\Symantec [08/05/2008 05:58 PM | ---D | M] - C:\ProgramData\SUPERAntiSpyware.com [08/10/2008 05:56 PM | ---D | M] - C:\ProgramData\Malwarebytes [07/27/2008 10:30 PM | ---D | M] - C:\Users\Damian\AppData\Roaming\IGN_DLM [08/10/2008 05:55 PM | ---D | M] - C:\Users\Damian\AppData\Roaming\Download Manager [08/10/2008 05:56 PM | ---D | M] - C:\Users\Damian\AppData\Roaming\Malwarebytes [08/10/2008 08:02 PM | --SD | M] - C:\Users\Damian\AppData\Roaming\Microsoft [08/23/2008 05:59 PM | ---D | M] - C:\Users\Damian\AppData\Roaming\SUPERAntiSpyware.com [08/23/2008 07:56 PM | ---D | M] - C:\Users\Damian\AppData\Roaming\Google [08/04/2008 07:39 PM | 00,001,356 | ---- | M] () - C:\Users\Damian\AppData\Local\d3d9caps.dat [08/14/2008 07:06 PM | ---D | M] - C:\Users\Damian\AppData\Local\VirtualStore [08/22/2008 08:54 PM | ---D | M] - C:\Users\Damian\AppData\Local\Apple Computer [08/22/2008 09:04 PM | ---D | M] - C:\Users\Damian\AppData\Local\Apple [08/23/2008 05:58 PM | ---D | M] - C:\Users\Damian\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160070} [08/23/2008 07:57 PM | ---D | M] - C:\Users\Damian\AppData\Local\Adobe [08/24/2008 11:15 PM | 01,884,391 | -H-- | M] () - C:\Users\Damian\AppData\Local\IconCache.db [08/25/2008 05:56 PM | ---D | M] - C:\Users\Damian\AppData\Local\Temp [08/04/2008 08:57 PM | ---D | M] - C:\Users\Damian\Documents\Symantec [07/27/2008 07:33 PM | 00,000,831 | ---- | M] () - C:\Users\Public\Desktop\Download Manager.lnk [08/04/2008 08:12 PM | 00,002,199 | ---- | M] () - C:\Users\Public\Desktop\Norton AntiVirus.lnk [08/20/2008 07:24 PM | 00,001,728 | ---- | M] () - C:\Users\Public\Desktop\QuickTime Player.lnk [08/20/2008 07:26 PM | 00,001,804 | ---- | M] () - C:\Users\Public\Desktop\iTunes.lnk [08/23/2008 05:26 PM | 00,000,820 | ---- | M] () - C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [07/31/2008 08:37 PM | 00,921,654 | ---- | M] () - C:\Users\Damian\Desktop\dad_logo.bmp [07/31/2008 08:40 PM | 00,030,887 | ---- | M] () - C:\Users\Damian\Desktop\logoTemp.jpg [08/02/2008 02:12 PM | 00,072,212 | ---- | M] () - C:\Users\Damian\Desktop\Haas_Woodworking_monochrome_sheild-red_-golden_bunny.jpg [08/10/2008 08:33 PM | 00,001,876 | ---- | M] () - C:\Users\Damian\Desktop\HijackThis.lnk [08/11/2008 09:00 PM | 00,152,815 | ---- | M] () - C:\Users\Damian\Desktop\Fallow_v2.pdf [08/11/2008 09:01 PM | 00,002,609 | ---- | M] () - C:\Users\Damian\Desktop\Microsoft Office Word 2003.lnk [08/11/2008 10:18 PM | 00,032,256 | ---- | M] () - C:\Users\Damian\Desktop\Notes for Pretensions.doc [08/24/2008 03:14 PM | 00,152,086 | ---- | M] () - C:\Users\Damian\Desktop\Fallow_new.BK [08/24/2008 03:21 PM | 00,152,014 | ---- | M] () - C:\Users\Damian\Desktop\Fallow_new.SCW [08/24/2008 11:09 PM | 00,010,765 | ---- | M] () - C:\Users\Damian\Desktop\Medela Pump in Style with shoulder bag.jpg [08/10/2008 07:16 PM | ---D | M] - C:\Program Files\Common Files\Download Manager [08/10/2008 08:13 PM | ---D | M] - C:\Program Files\Common Files\Symantec Shared [08/23/2008 06:00 PM | ---D | M] - C:\Program Files\Common Files\Java < End of report >