OTViewIt logfile created on: 8/25/2008 8:02:02 PM - Run 1 OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\mwatson\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.87% Memory free 3.85 Gb Paging File | 2.60 Gb Available in Paging File | 67.47% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 152.66 Gb Total Space | 120.46 Gb Free Space | 78.91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PS-MWATSON Current User Name: mwatson Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users ===== Processes - Non-Microsoft Only ===== [07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe [02/06/2007 06:45 PM | 00,109,344 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [08/30/2006 12:51 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe [07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [09/07/2004 02:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\ALCXMNTR.EXE [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [07/16/2008 09:39 AM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.) - C:\Program Files\Picasa2\PicasaMediaDetector.exe [03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe [08/18/2008 06:20 PM | 01,900,288 | ---- | M] (Runscanner.net) - C:\Documents and Settings\mwatson\Desktop\RunScanner.exe [08/25/2008 08:01 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\mwatson\Desktop\OTViewIt.exe ===== Win32 Services - Non-Microsoft Only ===== (Apple Mobile Device) Apple Mobile Device [Auto | Running] [09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (aswUpdSv) avast! iAVS4 Control Service [Auto | Running] [07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (Ati HotKey Poller) Ati HotKey Poller [Disabled | Stopped] [11/21/2006 10:18 PM | 00,430,080 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe (ATI Smart) ATI Smart [Disabled | Stopped] [11/22/2006 11:52 AM | 00,520,192 | ---- | M] () - C:\WINDOWS\system32\ati2sgag.exe (avast! Antivirus) avast! Antivirus [Auto | Running] [07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running] [07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! Web Scanner) avast! Web Scanner [On_Demand | Running] [07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (DM1Service) DM1Service [Disabled | Stopped] [10/18/2004 11:51 AM | 00,065,536 | ---- | M] (OLYMPUS Corporation) - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe (dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped] [04/13/2008 07:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe (gusvc) Google Updater Service [On_Demand | Stopped] [01/03/2007 08:40 PM | 00,136,120 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (iPod Service) iPod Service [On_Demand | Running] [03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe (LVPrcSrv) Process Monitor [Auto | Running] [02/06/2007 06:45 PM | 00,109,344 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (LVSrvLauncher) LVSrvLauncher [Auto | Stopped] [02/06/2007 06:47 PM | 00,105,248 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (LWWLicenseService) LWWLicenseService [On_Demand | Stopped] [03/18/2008 04:30 PM | 00,079,360 | ---- | M] (WoltersKluwerLWW) - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe (NVSvc) NVIDIA Display Driver Service [Auto | Running] [08/30/2006 12:51 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe (RampartSvc) SonicWall VPN Client Service [On_Demand | Stopped] [10/15/2004 10:12 AM | 00,131,072 | ---- | M] (SonicWALL, Inc.) - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe ===== Driver Services - Non-Microsoft Only ===== (Aavmker4) avast! Asynchronous Virus Monitor [System | Running] [07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys (ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running] [10/01/2004 11:24 AM | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS (aswFsBlk) aswFsBlk [Auto | Running] [07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys (aswMon2) avast! Standard Shield Support [Auto | Running] [07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys (aswRdr) aswRdr [On_Demand | Running] [07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys (aswSP) avast! Self Protection [System | Running] [07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys (aswTdi) avast! Network Shield Support [System | Running] [07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys (ati2mtag) ati2mtag [On_Demand | Stopped] [11/21/2006 10:25 PM | 02,829,824 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys (dmboot) dmboot [Disabled | Stopped] [04/13/2008 01:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys (dmio) Logical Disk Manager Driver [Boot | Running] [04/13/2008 01:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys (dmload) dmload [Boot | Running] [08/04/2004 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys (DNE) Deterministic Network Enhancer Miniport [On_Demand | Running] [05/14/2004 05:15 PM | 00,147,236 | ---- | M] (Deterministic Networks, Inc.) - C:\WINDOWS\system32\drivers\dne2000.sys (FilterService) UVC Filter Service [On_Demand | Running] [02/03/2007 11:33 AM | 00,022,560 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvcflt.sys (GEARAspiWDM) GEARAspiWDM [On_Demand | Running] [01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Running] [10/21/2005 07:58 PM | 00,049,920 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Running] [10/21/2005 07:58 PM | 00,016,496 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Running] [10/21/2005 07:52 PM | 00,021,568 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys (ltmodem5) LT Modem Driver [On_Demand | Running] [08/03/2004 05:41 PM | 00,606,684 | ---- | M] (LT) - C:\WINDOWS\system32\drivers\ltmdmnt.sys (LVcKap) Logitech AEC Driver [On_Demand | Running] [02/06/2007 06:42 PM | 01,691,808 | ---- | M] () - C:\WINDOWS\system32\drivers\Lvckap.sys (LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Running] [02/06/2007 06:44 PM | 01,964,064 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys (lvpopflt) Logitech POP Suppression Filter [On_Demand | Running] [02/03/2007 11:30 AM | 01,507,232 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvpopflt.sys (LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running] [02/06/2007 06:45 PM | 00,025,632 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys (LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running] [02/03/2007 11:32 AM | 00,041,504 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys (LVUVC) Logitech QuickCam Fusion(UVC) [On_Demand | Running] [02/03/2007 11:32 AM | 01,939,360 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvc.sys (MBAMSwissArmy) MBAMSwissArmy [On_Demand | Stopped] [08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (nv) nv [On_Demand | Running] [08/30/2006 12:51 PM | 03,958,496 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys (Ptilink) Direct Parallel Link Driver [On_Demand | Running] [08/04/2004 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys (PxHelp20) PxHelp20 [Boot | Running] [10/18/2006 03:00 AM | 00,036,624 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys (RCFOX) SonicWALL IPsec Driver [System | Running] [10/15/2004 10:46 AM | 00,091,136 | ---- | M] (SonicWALL, Inc.) - C:\WINDOWS\system32\drivers\RCFOX.SYS (rcvpn) SonicWALL VPN Adapter [On_Demand | Running] [08/20/2003 02:01 PM | 00,023,180 | ---- | M] (SonicWALL, Inc.) - C:\WINDOWS\system32\drivers\rcvpn.sys (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Running] [08/03/2004 05:31 PM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys (Secdrv) Secdrv [On_Demand | Stopped] [11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys ===== Run Keys ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcxMonitor" = ALCXMNTR.EXE [09/07/2004 02:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) "avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) "NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [08/30/2006 12:51 PM | 07,630,848 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [08/30/2006 12:51 PM | 00,086,016 | ---- | M] (NVIDIA Corporation) "nwiz" = nwiz.exe /install [08/30/2006 12:51 PM | 01,519,616 | ---- | M] () "QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] "" = File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.) [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. ===== Startup Folders ===== [Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [casey watson Startup Folder - C:\Documents and Settings\casey watson\Start Menu\Programs\Startup] [Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup] [mwatson Startup Folder - C:\Documents and Settings\mwatson\Start Menu\Programs\Startup] [sigadmin Startup Folder - C:\Documents and Settings\sigadmin\Start Menu\Programs\Startup] ===== BHO's ===== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (AcroIEHlprObj Class) - [12/14/2004 01:56 AM | 00,063,136 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [12/15/2006 04:23 AM | 00,440,056 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] HKLM CLSID: (AcroIEToolbarHelper Class) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ===== Toolbars ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ===== Policies ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] Unable to open key or key not present! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! ===== Desktop Components ===== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "FriendlyName" = "My Current Home Page" "Source" = "About:Home" "SubscribedURL" = "About:Home" ===== Shared Task Scheduler ===== ===== AppInit_Dlls ===== ===== Lsa Authentication Packages ===== ===== Lsa Security Packages ===== ===== Authorized Applications List ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10 AM | 00,282,624 | ---- | M] (Eastman Kodak Company) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe [01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google) "C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe [01/08/2007 11:34 PM | 00,807,252 | ---- | M] (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe [01/27/2007 05:12 PM | 00,784,032 | ---- | M] (Blizzard Entertainment) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe File not found "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10 AM | 00,282,624 | ---- | M] (Eastman Kodak Company) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) ===== HKLM Winlogon Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "Explorer.exe" - [04/13/2008 07:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\WINDOWS\system32\userinit.exe" - [04/13/2008 07:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost] "logonui.exe" - [04/13/2008 07:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [04/13/2008 07:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl ===== User's Winlogon Settings ===== ===== Winlogon Notify Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DllName" = C:\WINDOWS\system32\ati2evxx.dll [11/21/2006 10:19 PM | 00,090,112 | ---- | M] (ATI Technologies Inc.) ===== Safeboot Options ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "AlternateShell" = cmd.exe ===== Disabled MsConfig Items ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] "WMPNetworkSvc" = 3 "usnjsvc" = 3 "ose" = 3 "iPod Service" = 3 "idsvc" = 3 "gusvc" = 3 "DM1Service" = 2 "ATI Smart" = 2 "Ati HotKey Poller" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk File not found "backup" = C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnk File not found "location" = Common Startup "command" = C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [03/18/2008 02:30 PM | 00,025,214 | R--- | M] () "item" = Adobe Acrobat Speed Launcher [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk File not found "backup" = C:\WINDOWS\pss\Device Detector 3.lnk File not found "location" = Common Startup "command" = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [11/04/2004 08:21 PM | 00,114,688 | ---- | M] (OLYMPUS Imaging Corporation.) "item" = Device Detector 3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk File not found "backup" = C:\WINDOWS\pss\Kodak EasyShare software.lnk File not found "location" = Common Startup "command" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10 AM | 00,282,624 | ---- | M] (Eastman Kodak Company) "item" = Kodak EasyShare software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk File not found "backup" = C:\WINDOWS\pss\KODAK Software Updater.lnk File not found "location" = Common Startup "command" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [02/13/2004 02:12 PM | 00,016,423 | ---- | M] () "item" = KODAK Software Updater [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = "hkey" = HKLM "command" = "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 7.0] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = Acrotray "hkey" = HKLM "command" = C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [12/14/2004 02:12 AM | 00,483,328 | ---- | M] (Adobe Systems Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = Reader_sl "hkey" = HKLM "command" = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [01/11/2008 11:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\googletalk] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = googletalk "hkey" = HKLM "command" = C:\Program Files\Google\Google Talk\googletalk.exe [01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = iTunesHelper "hkey" = HKLM "command" = C:\Program Files\iTunes\iTunesHelper.exe [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechCommunicationsManager] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = Communications_Helper "hkey" = HKLM "command" = C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [02/08/2007 02:12 AM | 00,488,984 | ---- | M] (Logitech Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechQuickCamRibbon] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = QuickCam10 "hkey" = HKLM "command" = C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [02/08/2007 02:13 AM | 00,774,168 | ---- | M] () "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa Media Detector] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = PicasaMediaDetector "hkey" = HKLM "command" = C:\Program Files\Picasa2\PicasaMediaDetector.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = QTTask "hkey" = HKLM "command" = C:\Program Files\QuickTime\QTTask.exe [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] "system.ini" = 0 "win.ini" = 0 "bootini" = 0 "services" = 2 "startup" = 2 ===== DNS Name Servers ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{059B7636-C5AA-44D4-9322-BDB7C54C3FE7}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{33EA049C-CC03-49DB-95B7-80A443806E5D}] Servers: | Description: 1394 Net Adapter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8C05637B-22CE-4F0B-B466-404075A31ED6}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{CC82E7B5-76F9-4F1C-B0D4-FF69D49D5F47}] Servers: 192.168.1.249,24.217.0.5,24.217.201.67 | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC ===== CDRom AutoRun Settings ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ===== Autorun Files on Drives ===== AUTOEXEC.BAT [] [01/08/2007 08:31 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ] ===== MountPoints2 ===== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a03586c-f517-11dc-99ba-000c6e76fe81}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a03586c-f517-11dc-99ba-000c6e76fe81}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a03586c-f517-11dc-99ba-000c6e76fe81}\Shell\AutoRun\command] "" = J:\LaunchU3.exe File not found ===== Hosts File ===== HOSTS File = (842 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 192.168.1.247 ps-plexus 192.168.1.246 premiernas 192.168.1.247 premier4 192.168.1.249 signaturehealth.net [Files/Folders - Created Within 60 days] [01/17/2008 11:34 AM | 00,093,264 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon.sys [04/13/2008 01:36 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys [04/13/2008 01:36 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys [04/13/2008 07:11 PM | 00,003,135 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll [04/13/2008 07:11 PM | 00,003,615 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll [04/13/2008 07:11 PM | 00,003,647 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll [04/13/2008 07:11 PM | 00,003,711 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll [04/13/2008 07:11 PM | 00,003,775 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll [04/13/2008 07:11 PM | 00,003,967 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll [04/13/2008 07:11 PM | 00,004,255 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll [04/13/2008 07:11 PM | 00,011,359 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll [04/13/2008 07:11 PM | 00,014,143 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll [04/13/2008 07:11 PM | 00,015,423 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll [04/13/2008 07:11 PM | 00,017,279 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll [04/13/2008 07:11 PM | 00,021,183 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll [04/13/2008 07:11 PM | 00,025,471 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll [04/13/2008 07:12 PM | 00,003,901 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\siint5.dll [04/13/2008 07:12 PM | 00,011,325 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll [04/13/2008 11:36 AM | 00,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys [07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty [07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img [07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod [07/19/2008 09:32 AM | 00,026,944 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys [07/19/2008 09:32 AM | 00,042,912 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys [07/19/2008 09:33 AM | 00,023,152 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys [07/19/2008 09:35 AM | 00,078,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys [07/19/2008 09:37 AM | 00,020,560 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys [07/19/2008 09:37 AM | 00,094,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys [08/03/2004 10:29 PM | 00,011,295 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys [08/03/2004 10:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys [08/03/2004 10:29 PM | 00,011,807 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys [08/03/2004 10:29 PM | 00,011,871 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys [08/03/2004 10:29 PM | 00,011,935 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys [08/03/2004 10:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys [08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys [08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys [08/03/2004 10:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys [08/03/2004 10:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys [08/03/2004 10:29 PM | 00,022,271 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys [08/03/2004 10:29 PM | 00,025,471 | ---- | C] (Intel(R) Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys [08/03/2004 10:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys [08/03/2004 10:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys [08/03/2004 10:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys [08/03/2004 10:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys [08/03/2004 10:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys [08/03/2004 10:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys [08/03/2004 10:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys [08/03/2004 10:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys [08/03/2004 10:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys [08/03/2004 10:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys [08/03/2004 10:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys [08/03/2004 10:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys [08/03/2004 10:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys [08/03/2004 10:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys [08/03/2004 10:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys [08/03/2004 10:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys [08/03/2004 10:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys [08/03/2004 10:41 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys [08/03/2004 10:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys [08/03/2004 10:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys [08/03/2004 10:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys [08/03/2004 10:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys [08/03/2004 10:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys [08/03/2004 10:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys [08/03/2004 10:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys [08/03/2004 10:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys [08/03/2004 10:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys [08/03/2004 10:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys [08/03/2004 10:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys [08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys [08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2 C:\WINDOWS\System32\*.tmp files] [01/09/2004 04:13 AM | 00,380,928 | ---- | C] () - C:\WINDOWS\System32\actskin4.ocx [04/13/2008 07:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll [04/13/2008 07:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll [04/13/2008 07:11 PM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll [04/13/2008 07:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll [04/13/2008 07:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll [04/13/2008 07:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax [04/13/2008 07:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax [04/13/2008 07:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe [04/13/2008 07:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe [04/13/2008 07:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll [04/13/2008 07:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll [04/13/2008 07:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll [04/13/2008 07:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll [04/13/2008 07:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll [06/21/2007 12:52 AM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf [07/19/2008 09:30 AM | 00,094,392 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr [07/19/2008 09:43 AM | 01,163,960 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe [08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\System32\bits [08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\System32\en [08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\System32\scripting [08/18/2008 08:18 PM | 00,029,760 | ---- | C] () - C:\WINDOWS\System32\mccvC7qL.exe [5 C:\WINDOWS\*.tmp files] [04/13/2008 07:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe [08/17/2008 06:54 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$ [08/17/2008 06:58 PM | ---D | C] - C:\WINDOWS\ServicePackFiles [08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\l2schemas [08/25/2008 06:01 PM | ---D | C] - C:\WINDOWS\Prefetch [08/19/2008 11:42 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes [07/02/2008 02:09 PM | ---D | C] - C:\Documents and Settings\mwatson\Application Data\AdobeUM [08/19/2008 11:42 PM | ---D | C] - C:\Documents and Settings\mwatson\Application Data\Malwarebytes [08/25/2008 06:00 PM | ---D | C] - C:\Documents and Settings\mwatson\Application Data\WinRAR [08/25/2008 08:00 PM | ---D | C] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Runscanner.net [08/17/2008 08:36 PM | 00,001,736 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk [08/19/2008 11:42 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [08/19/2008 11:57 PM | 00,001,709 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [07/06/2008 10:28 PM | 01,699,840 | ---- | C] (NISSAN MOTOR CO., LTD.) - C:\Documents and Settings\mwatson\Desktop\TitleInfoSearch.exe [08/17/2008 06:45 PM | ---D | C] - C:\Documents and Settings\mwatson\Desktop\Unused Desktop Shortcuts [08/18/2008 06:20 PM | 01,900,288 | ---- | C] (Runscanner.net) - C:\Documents and Settings\mwatson\Desktop\RunScanner.exe [08/19/2008 11:37 PM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\mwatson\Desktop\ATF_Cleaner.exe [08/19/2008 11:57 PM | 26,401,600 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\setupeng.exe [08/20/2008 07:40 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\HijackThis.lnk [08/25/2008 06:03 PM | 00,180,620 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\runscanner.run [08/25/2008 06:05 PM | 00,182,660 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\runscanner.zip [08/25/2008 08:01 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\mwatson\Desktop\OTViewIt.exe [08/19/2008 11:42 PM | ---D | C] - C:\Program Files\Common Files\Download Manager [07/06/2008 10:29 PM | ---D | C] - C:\Program Files\AIM [08/19/2008 11:42 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware [08/19/2008 11:57 PM | ---D | C] - C:\Program Files\Alwil Software [08/20/2008 07:40 PM | ---D | C] - C:\Program Files\Trend Micro [Files/Folders - Modified Within 60 days] [07/03/2008 12:06 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt03.sqm [07/03/2008 12:06 AM | 00,000,268 | -H-- | M] () - C:\sqmdata03.sqm [07/29/2008 09:48 PM | ---D | M] - C:\My Games [08/15/2008 07:58 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt04.sqm [08/15/2008 07:58 AM | 00,000,268 | -H-- | M] () - C:\sqmdata04.sqm [08/17/2008 06:56 PM | 00,250,048 | RHS- | M] () - C:\ntldr [08/17/2008 08:36 PM | -HSD | M] - C:\Config.Msi [08/20/2008 07:40 PM | R--D | M] - C:\Program Files [08/22/2008 09:13 PM | ---D | M] - C:\WINDOWS [08/25/2008 06:52 PM | -HSD | M] - C:\RECYCLER [07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys [07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys [07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys [07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys [07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys [07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys [08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys [08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys [08/25/2008 06:59 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\drivers\lvuvc.hs [2 C:\WINDOWS\System32\*.tmp files] [07/19/2008 09:30 AM | 00,094,392 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr [07/19/2008 09:43 AM | 01,163,960 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\Com [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\npp [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\oobe [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\Restore [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\bits [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\en [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\en-US [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\inetsrv [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\scripting [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\usmt [08/17/2008 08:31 PM | 00,121,336 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT [08/17/2008 08:31 PM | ---D | M] - C:\WINDOWS\System32\Setup [08/17/2008 08:31 PM | ---D | M] - C:\WINDOWS\System32\wbem [08/17/2008 08:33 PM | 00,072,094 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat [08/17/2008 08:33 PM | 00,444,088 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat [08/17/2008 08:33 PM | 00,526,212 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI [08/18/2008 08:18 PM | 00,029,760 | ---- | M] () - C:\WINDOWS\System32\mccvC7qL.exe [08/19/2008 11:57 PM | 00,002,626 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT [08/19/2008 11:57 PM | ---D | M] - C:\WINDOWS\System32\drivers [08/20/2008 07:10 AM | ---D | M] - C:\WINDOWS\System32\config [08/20/2008 12:03 AM | ---D | M] - C:\WINDOWS\System32\CatRoot [08/22/2008 09:11 PM | RHSD | M] - C:\WINDOWS\System32\dllcache [08/25/2008 06:10 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2 [08/25/2008 07:02 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml [08/25/2008 07:02 PM | 00,013,702 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl [5 C:\WINDOWS\*.tmp files] [08/05/2008 01:59 AM | ---D | M] - C:\WINDOWS\Debug [08/17/2008 06:50 PM | ---D | M] - C:\WINDOWS\ehome [08/17/2008 06:54 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$ [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\msagent [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\mui [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\srchasst [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\system [08/17/2008 06:58 PM | ---D | M] - C:\WINDOWS\ServicePackFiles [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\ime [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\l2schemas [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\network diagnostic [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\PeerNet [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\WinSxS [08/17/2008 07:05 PM | -H-D | M] - C:\WINDOWS\$hf_mig$ [08/17/2008 07:06 PM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK [08/17/2008 08:31 PM | ---D | M] - C:\WINDOWS\AppPatch [08/17/2008 08:31 PM | R-SD | M] - C:\WINDOWS\Fonts [08/17/2008 08:36 PM | -HSD | M] - C:\WINDOWS\Installer [08/20/2008 06:15 PM | ---D | M] - C:\WINDOWS\security [08/21/2008 10:34 PM | ---D | M] - C:\WINDOWS\Help [08/21/2008 10:34 PM | -H-D | M] - C:\WINDOWS\inf [08/22/2008 09:12 PM | -HSD | M] - C:\WINDOWS\CSC [08/25/2008 06:52 PM | ---D | M] - C:\WINDOWS\system32 [08/25/2008 06:59 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat [08/25/2008 07:02 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn [08/25/2008 07:02 PM | ---D | M] - C:\WINDOWS\Temp [08/25/2008 08:00 PM | --SD | M] - C:\WINDOWS\Tasks [08/25/2008 08:01 PM | ---D | M] - C:\WINDOWS\Prefetch [08/16/2008 10:01 PM | 00,000,450 | ---- | M] () - C:\WINDOWS\tasks\EasyShare Registration Task.job [08/23/2008 08:29 AM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job [08/25/2008 06:59 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT [08/19/2008 11:42 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes [07/02/2008 02:09 PM | ---D | M] - C:\Documents and Settings\mwatson\Application Data\AdobeUM [07/23/2008 02:12 PM | --SD | M] - C:\Documents and Settings\mwatson\Application Data\Microsoft [08/19/2008 11:42 PM | ---D | M] - C:\Documents and Settings\mwatson\Application Data\Malwarebytes [08/25/2008 06:00 PM | ---D | M] - C:\Documents and Settings\mwatson\Application Data\WinRAR [07/27/2008 11:18 PM | 04,808,680 | -H-- | M] () - C:\Documents and Settings\mwatson\Local Settings\Application Data\IconCache.db [08/03/2008 06:48 PM | ---D | M] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Microsoft [08/17/2008 07:47 PM | 00,020,040 | ---- | M] () - C:\Documents and Settings\mwatson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [08/24/2008 07:16 PM | ---D | M] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Deployment [08/25/2008 08:00 PM | ---D | M] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Runscanner.net [08/17/2008 07:33 PM | R--D | M] - C:\Documents and Settings\mwatson\My Documents\My Pictures [08/20/2008 08:47 PM | ---D | M] - C:\Documents and Settings\mwatson\My Documents\WORK TO BE PUT IN T [08/20/2008 11:38 AM | 00,000,582 | ---- | M] () - C:\Documents and Settings\mwatson\My Documents\My Sharing Folders.lnk [08/17/2008 08:36 PM | 00,001,736 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk [08/19/2008 11:42 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [08/19/2008 11:57 PM | 00,001,709 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [08/20/2008 07:20 PM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk [07/06/2008 10:28 PM | 01,699,840 | ---- | M] (NISSAN MOTOR CO., LTD.) - C:\Documents and Settings\mwatson\Desktop\TitleInfoSearch.exe [08/17/2008 06:45 PM | ---D | M] - C:\Documents and Settings\mwatson\Desktop\Unused Desktop Shortcuts [08/18/2008 06:20 PM | 01,900,288 | ---- | M] (Runscanner.net) - C:\Documents and Settings\mwatson\Desktop\RunScanner.exe [08/19/2008 11:37 PM | 00,050,688 | ---- | M] (Atribune.org) - C:\Documents and Settings\mwatson\Desktop\ATF_Cleaner.exe [08/19/2008 11:57 PM | 26,401,600 | ---- | M] () - C:\Documents and Settings\mwatson\Desktop\setupeng.exe [08/20/2008 07:08 PM | 04,706,899 | ---- | M] () - C:\Documents and Settings\mwatson\Desktop\Look at You.mp3 [08/20/2008 07:40 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\mwatson\Desktop\HijackThis.lnk [08/25/2008 06:03 PM | 00,180,620 | ---- | M] () - C:\Documents and Settings\mwatson\Desktop\runscanner.run [08/25/2008 06:05 PM | 00,182,660 | ---- | M] () - C:\Documents and Settings\mwatson\Desktop\runscanner.zip [08/25/2008 08:01 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\mwatson\Desktop\OTViewIt.exe [08/17/2008 06:57 PM | ---D | M] - C:\Program Files\Common Files\System [08/19/2008 11:42 PM | ---D | M] - C:\Program Files\Common Files\Download Manager < End of report >