OTViewIt logfile created on: 8/25/2008 7:14:51 PM - Run 1 OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Tim\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.40 Mb Total Physical Memory | 180.83 Mb Available Physical Memory | 35.36% Memory free 1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.69% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.56 Gb Total Space | 11.95 Gb Free Space | 36.72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 149.01 Gb Total Space | 137.64 Gb Free Space | 92.37% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LAPTOP Current User Name: Tim Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users ===== Processes - Non-Microsoft Only ===== [09/07/2004 05:02 PM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [09/07/2004 05:05 PM | 00,360,521 | ---- | M] (Intel Corporation ) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [09/07/2004 05:12 PM | 00,225,353 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe [09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [01/09/2008 04:50 PM | 00,767,976 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\MSC\mcmscsvc.exe [01/25/2008 01:38 AM | 02,458,128 | ---- | M] (McAfee, Inc.) - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [08/15/2007 01:36 PM | 00,359,248 | ---- | M] (McAfee, Inc.) - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [07/24/2007 01:02 PM | 00,144,704 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan\Mcshield.exe [07/18/2007 04:54 PM | 00,856,864 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\MPF\MpfSrv.exe [03/04/2005 12:29 AM | 00,356,352 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe [12/01/2004 12:05 AM | 00,127,044 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe [09/07/2004 05:02 PM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe [03/30/2006 10:15 AM | 00,096,341 | ---- | M] (Canon Inc.) - C:\Program Files\Canon\CAL\CALMAIN.exe [12/05/2007 10:04 AM | 00,695,624 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan\mcsysmon.exe [09/07/2004 05:08 PM | 00,389,120 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe [08/03/2007 11:33 PM | 00,582,992 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee.com\Agent\mcagent.exe [09/07/2004 05:03 PM | 00,245,760 | ---- | M] (Intel) - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [09/13/2004 05:33 PM | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\Apoint.exe [10/30/2004 03:59 PM | 00,385,024 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [03/04/2005 12:26 PM | 00,606,208 | ---- | M] () - C:\Program Files\Dell\QuickSet\quickset.exe [02/23/2005 05:19 PM | 00,053,248 | ---- | M] (CyberLink Corp.) - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [08/03/2005 05:36 AM | 00,026,112 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Real\RealPlayer\realplay.exe [12/06/2004 02:05 AM | 00,127,035 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfswctrl.exe [08/09/2004 07:03 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [07/24/2006 04:28 PM | 00,035,992 | ---- | M] (McAfee, Inc.) - C:\Program Files\SiteAdvisor\6172\SiteAdv.exe [02/16/2005 11:11 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [02/02/2006 09:12 AM | 00,045,056 | ---- | M] (HP) - C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [08/19/2004 03:40 PM | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\ApntEx.exe [11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [07/15/2005 05:48 PM | 00,479,232 | ---- | M] (Google Inc.) - C:\Program Files\Google\Gmail Notifier\gnotify.exe [06/02/2008 11:13 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe [05/19/2007 03:54 AM | 00,068,856 | ---- | M] (Google Inc.) - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [03/15/2007 11:09 AM | 00,460,784 | ---- | M] (Gteko Ltd.) - C:\Program Files\DellSupport\DSAgnt.exe [08/18/2008 02:36 PM | 00,094,208 | ---- | M] () - C:\WINDOWS\system32\wpixazwn.exe [10/29/2003 04:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Program Files\Digital Line Detect\DLG.exe [06/02/2008 11:13 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe [01/15/2008 09:15 PM | 00,188,416 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Rhapsody\rhaphlpr.exe [08/25/2008 07:11 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Tim\Desktop\OTViewIt.exe ===== Win32 Services - Non-Microsoft Only ===== (Apple Mobile Device) Apple Mobile Device [Auto | Running] [09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (CCALib8) Canon Camera Access Library 8 [Auto | Running] [03/30/2006 10:15 AM | 00,096,341 | ---- | M] (Canon Inc.) - C:\Program Files\Canon\CAL\CALMAIN.exe (dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped] [08/10/2004 06:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe (DSBrokerService) DSBrokerService [On_Demand | Stopped] [03/07/2007 03:47 PM | 00,076,848 | ---- | M] () - C:\Program Files\DellSupport\brkrsvc.exe (EvtEng) EvtEng [Auto | Running] [09/07/2004 05:02 PM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (gusvc) Google Updater Service [On_Demand | Stopped] [02/01/2007 01:31 AM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (iPod Service) iPod Service [On_Demand | Running] [06/02/2008 11:13 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe (mcmscsvc) McAfee Services [Auto | Running] [01/09/2008 04:50 PM | 00,767,976 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McNASvc) McAfee Network Agent [Auto | Running] [01/25/2008 01:38 AM | 02,458,128 | ---- | M] (McAfee, Inc.) - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McODS) McAfee Scanner [On_Demand | Stopped] [11/07/2007 09:35 AM | 00,378,184 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan\mcods.exe (McProxy) McAfee Proxy Service [Auto | Running] [08/15/2007 01:36 PM | 00,359,248 | ---- | M] (McAfee, Inc.) - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McShield) McAfee Real-time Scanner [Unknown | Running] [07/24/2007 01:02 PM | 00,144,704 | ---- | M] (McAfee, Inc.) - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McSysmon) McAfee SystemGuards [On_Demand | Running] [12/05/2007 10:04 AM | 00,695,624 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (MpfService) McAfee Personal Firewall Service [Auto | Running] [07/18/2007 04:54 PM | 00,856,864 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\MPF\MpfSrv.exe (NICCONFIGSVC) NICCONFIGSVC [Auto | Running] [03/04/2005 12:29 AM | 00,356,352 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (NVSvc) NVIDIA Display Driver Service [Auto | Running] [12/01/2004 12:05 AM | 00,127,044 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe (RegSrvc) RegSrvc [Auto | Running] [09/07/2004 05:02 PM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (S24EventMonitor) Spectrum24 Event Monitor [Auto | Running] [09/07/2004 05:05 PM | 00,360,521 | ---- | M] (Intel Corporation ) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Auto | Running] [11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (WLANKEEPER) WLANKEEPER [Auto | Running] [09/07/2004 05:12 PM | 00,225,353 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe ===== Driver Services - Non-Microsoft Only ===== (AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Auto | Running] [08/03/2005 05:28 AM | 00,017,056 | ---- | M] (Meetinghouse Data Communications) - C:\WINDOWS\system32\drivers\AegisP.sys (AliIde) AliIde [Disabled | Stopped] [08/17/2001 02:51 PM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys (amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped] [08/04/2004 12:07 AM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\AMDAGP.SYS (AngelUsb) Angel USB MPEG Device [On_Demand | Stopped] [02/17/2005 10:06 AM | 00,375,424 | ---- | M] (Emuzed, Inc.) - C:\WINDOWS\system32\drivers\AngelUsb.sys (ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [On_Demand | Running] [11/16/2004 05:03 PM | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) - C:\WINDOWS\system32\drivers\Apfiltr.sys (APPDRV) APPDRV [System | Running] [08/18/2004 03:53 PM | 00,016,128 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\APPDRV.SYS (asc) asc [Disabled | Stopped] [08/17/2001 02:52 PM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys (asc3550) asc3550 [Disabled | Stopped] [08/17/2001 02:51 PM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys (ASCTRM) ASCTRM [Auto | Running] [08/03/2005 05:36 AM | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\System32\drivers\asctrm.sys (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [On_Demand | Running] [05/26/2004 09:18 PM | 00,044,928 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys (bvrp_pci) bvrp_pci [On_Demand | Stopped] [03/24/2004 11:12 AM | 00,004,272 | ---- | M] () - C:\WINDOWS\System32\drivers\bvrp_pci.sys (BW2NDIS5) BW2NDIS5 [On_Demand | Stopped] File not found - C:\WINDOWS\System32\Drivers\BW2NDIS5.sys (CmdIde) CmdIde [Disabled | Stopped] [08/17/2001 02:51 PM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys (dac2w2k) dac2w2k [Disabled | Stopped] [08/17/2001 02:52 PM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys (dmboot) dmboot [Disabled | Stopped] [08/10/2004 06:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys (dmio) Logical Disk Manager Driver [Boot | Running] [08/10/2004 06:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys (dmload) dmload [Disabled | Stopped] [08/10/2004 06:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys (drvmcdb) drvmcdb [Boot | Running] [12/01/2004 04:22 AM | 00,087,488 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvmcdb.sys (drvnddm) drvnddm [Auto | Running] [11/23/2004 03:56 AM | 00,040,480 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvnddm.sys (DSproct) DSproct [On_Demand | Running] [10/05/2006 04:07 PM | 00,004,736 | ---- | M] (Gteko Ltd.) - C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (dsunidrv) DellSupport UniDriver [Auto | Running] [02/25/2007 12:10 PM | 00,005,376 | --S- | M] (Gteko Ltd.) - C:\WINDOWS\system32\drivers\dsunidrv.sys (E100B) Intel(R) PRO Adapter Driver [On_Demand | Stopped] [08/17/2001 01:12 PM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys (GEARAspiWDM) GEARAspiWDM [On_Demand | Running] [01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (HPFXBULK) HPFXBULK [On_Demand | Running] [04/04/2006 05:20 PM | 00,009,344 | ---- | M] (Hewlett Packard) - C:\WINDOWS\system32\drivers\hpfxbulk.sys (HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Running] [10/28/2005 01:01 PM | 00,049,920 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Running] [10/21/2005 01:58 PM | 00,016,496 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Running] [10/21/2005 01:52 PM | 00,021,568 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys (HSFHWICH) HSFHWICH [On_Demand | Running] [06/17/2004 09:57 PM | 00,200,064 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWICH.sys (HSF_DP) HSF_DP [On_Demand | Running] [06/17/2004 09:55 PM | 01,041,536 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys (IWCA) Intel Wireless Connection Agent Miniport for Win XP [On_Demand | Running] [08/12/2004 09:44 AM | 00,234,496 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iwca.sys (MCSTRM) MCSTRM [Auto | Running] [03/22/2008 08:51 PM | 00,008,413 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\drivers\mcstrm.sys (mdmxsdk) mdmxsdk [Auto | Running] [03/17/2004 07:04 PM | 00,013,059 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys (mfeavfk) McAfee Inc. mfeavfk [On_Demand | Running] [11/22/2007 06:44 AM | 00,079,304 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfeavfk.sys (mfebopk) McAfee Inc. mfebopk [On_Demand | Running] [11/22/2007 06:44 AM | 00,035,240 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfebopk.sys (mfehidk) McAfee Inc. mfehidk [System | Running] [11/22/2007 06:44 AM | 00,201,320 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfehidk.sys (mferkdk) McAfee Inc. mferkdk [On_Demand | Stopped] [11/22/2007 06:44 AM | 00,033,832 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mferkdk.sys (mfesmfk) McAfee Inc. mfesmfk [On_Demand | Running] [12/02/2007 12:51 PM | 00,040,488 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfesmfk.sys (MPFP) MPFP [System | Running] [07/13/2007 10:20 AM | 00,113,952 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\Mpfp.sys (mraid35x) mraid35x [Disabled | Stopped] [08/17/2001 02:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys (nv) nv [On_Demand | Running] [12/01/2004 12:05 AM | 02,842,432 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys (omci) OMCI WDM Device Driver [System | Running] [02/13/2004 05:46 PM | 00,017,153 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\omci.sys (Ptilink) Direct Parallel Link Driver [On_Demand | Running] [08/10/2004 06:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys (PxHelp20) PxHelp20 [Boot | Running] [01/26/2005 03:03 AM | 00,020,576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys (ql1080) ql1080 [Disabled | Stopped] [08/17/2001 02:52 PM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys (ql12160) ql12160 [Disabled | Stopped] [08/17/2001 02:52 PM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys (ql1280) ql1280 [Disabled | Stopped] [08/17/2001 02:52 PM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys (s24trans) WLAN Transport [Auto | Running] [08/31/2004 09:53 AM | 00,011,354 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\s24trans.sys (Secdrv) Secdrv [On_Demand | Stopped] [11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys (sisagp) SIS AGP Bus Filter [Disabled | Stopped] [08/04/2004 12:07 AM | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGP.SYS (Sparrow) Sparrow [Disabled | Stopped] [08/17/2001 03:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys (sscdbhk5) sscdbhk5 [System | Running] [07/14/2004 12:29 PM | 00,005,627 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\sscdbhk5.sys (ssrtln) ssrtln [System | Running] [07/14/2004 12:28 PM | 00,023,545 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\ssrtln.sys (STAC97) SigmaTel C-Major Audio [On_Demand | Running] [03/10/2005 11:56 PM | 00,273,168 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\STAC97.sys (symc810) symc810 [Disabled | Stopped] [08/17/2001 03:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys (symc8xx) symc8xx [Disabled | Stopped] [08/17/2001 03:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys (sym_hi) sym_hi [Disabled | Stopped] [08/17/2001 03:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys (sym_u3) sym_u3 [Disabled | Stopped] [08/17/2001 03:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys (tfsnboio) tfsnboio [Auto | Running] [12/06/2004 02:05 AM | 00,025,883 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnboio.sys (tfsncofs) tfsncofs [Auto | Running] [12/06/2004 02:05 AM | 00,034,843 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsncofs.sys (tfsndrct) tfsndrct [Auto | Running] [12/06/2004 02:05 AM | 00,004,123 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndrct.sys (tfsndres) tfsndres [Auto | Running] [12/06/2004 02:05 AM | 00,002,239 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndres.sys (tfsnifs) tfsnifs [Auto | Running] [12/06/2004 02:05 AM | 00,086,586 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnifs.sys (tfsnopio) tfsnopio [Auto | Running] [12/06/2004 02:05 AM | 00,015,227 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnopio.sys (tfsnpool) tfsnpool [Auto | Running] [12/06/2004 02:05 AM | 00,006,363 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnpool.sys (tfsnudf) tfsnudf [Auto | Running] [12/06/2004 02:05 AM | 00,098,714 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudf.sys (tfsnudfa) tfsnudfa [Auto | Running] [12/06/2004 02:05 AM | 00,100,603 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudfa.sys (ultra) ultra [Disabled | Stopped] [08/17/2001 02:52 PM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys (USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped] [10/31/2007 03:09 PM | 00,030,464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys (w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [On_Demand | Running] [10/21/2004 09:56 PM | 03,210,496 | ---- | M] (Intel® Corporation) - C:\WINDOWS\system32\drivers\w29n51.sys (wanatw) WAN Miniport (ATW) [On_Demand | Stopped] File not found - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (winachsf) winachsf [On_Demand | Running] [06/17/2004 09:55 PM | 00,685,056 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys (WLNR) WLNR [On_Demand | Stopped] [03/20/2006 06:38 PM | 00,144,896 | --S- | M] () - C:\WINDOWS\system32\drivers\WLNR.sys ===== Run Keys ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "" = File not found "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = C:\Program Files\Google\Gmail Notifier\gnotify.exe [07/15/2005 05:48 PM | 00,479,232 | ---- | M] (Google Inc.) "Apoint" = C:\Program Files\Apoint\Apoint.exe [09/13/2004 05:33 PM | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) "Dell QuickSet" = C:\Program Files\Dell\QuickSet\quickset.exe [03/04/2005 12:26 PM | 00,606,208 | ---- | M] () "DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.) "dla" = C:\WINDOWS\system32\dla\tfswctrl.exe [12/06/2004 02:05 AM | 00,127,035 | ---- | M] (Sonic Solutions) "dscactivate" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM | 00,016,384 | ---- | M] ( ) "DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM | 00,053,248 | ---- | M] (CyberLink Corp.) "HP Software Update" = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [02/16/2005 11:11 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.) "IntelWireless" = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless [10/30/2004 03:59 PM | 00,385,024 | ---- | M] (Intel Corporation) "ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 05:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation) "ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [08/09/2004 07:03 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation) "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM | 00,267,048 | ---- | M] (Apple Inc.) "mcagent_exe" = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [08/03/2007 11:33 PM | 00,582,992 | ---- | M] (McAfee, Inc.) "NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [12/01/2004 12:05 AM | 04,636,672 | ---- | M] (NVIDIA Corporation) "nwiz" = nwiz.exe /installquiet [12/01/2004 12:05 AM | 00,921,600 | ---- | M] (NVIDIA Corporation) "QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.) "RealTray" = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [08/03/2005 05:36 AM | 00,026,112 | ---- | M] (RealNetworks, Inc.) "SiteAdvisor" = C:\Program Files\SiteAdvisor\6172\SiteAdv.exe [07/24/2006 04:28 PM | 00,035,992 | ---- | M] (McAfee, Inc.) "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) "ToolBoxFX" = "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on [02/02/2006 09:12 AM | 00,045,056 | ---- | M] (HP) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "appmsgsmart" = C:\WINDOWS\system32\wpixazwn.exe [08/18/2008 02:36 PM | 00,094,208 | ---- | M] () "DellSupport" = "C:\Program Files\DellSupport\DSAgnt.exe" /startup [03/15/2007 11:09 AM | 00,460,784 | ---- | M] (Gteko Ltd.) "DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.) "swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [05/19/2007 03:54 AM | 00,068,856 | ---- | M] (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "appmsgsmart" = C:\WINDOWS\system32\wpixazwn.exe [08/18/2008 02:36 PM | 00,094,208 | ---- | M] () "DellSupport" = "C:\Program Files\DellSupport\DSAgnt.exe" /startup [03/15/2007 11:09 AM | 00,460,784 | ---- | M] (Gteko Ltd.) "DellSupportCenter" = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [11/15/2007 10:23 AM | 00,202,544 | ---- | M] (SupportSoft, Inc.) "swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [05/19/2007 03:54 AM | 00,068,856 | ---- | M] (Google Inc.) [HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. ===== Startup Folders ===== [Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [10/29/2003 04:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe File not found - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpzrcv01.LNK = C:\Program Files\HP\Temp\{B94428F6-E93C-4d1d-8580-46D70FA07A9D}\setup\hpzstub.exe [11/11/2004 12:59 PM | 00,806,912 | ---- | M] (Intuit, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup] [Tim Startup Folder - C:\Documents and Settings\Tim\Start Menu\Programs\Startup] ===== BHO's ===== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}] HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [12/04/2007 05:02 PM | 00,927,008 | ---- | M] () C:\Program Files\SiteAdvisor\6253\SiteAdv.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] HKLM CLSID: (DriveLetterAccess) - [12/06/2004 02:05 AM | 00,118,842 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\dla\tfswshx.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] HKLM CLSID: (scriptproxy) - [10/24/2007 06:51 AM | 00,058,688 | ---- | M] (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\scriptsn.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] HKLM CLSID: (Google Toolbar Helper) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] HKLM CLSID: (Google Toolbar Notifier BHO) - [04/20/2008 10:07 AM | 00,734,704 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll ===== Toolbars ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{0BF43445-2F28-4351-9252-17FE6E806AA0}" HKLM CLSID: (McAfee SiteAdvisor) - [12/04/2007 05:02 PM | 00,927,008 | ---- | M] () C:\Program Files\SiteAdvisor\6253\SiteAdv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll "{C7768536-96F8-4001-B1A2-90EE21279187}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll "{C7768536-96F8-4001-B1A2-90EE21279187}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll ===== Policies ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 "InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found "InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr" = 0 "NoDispBackgroundPage" = 0 "NoDispScrSavPage" = 0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-21-3875327452-380263002-1513438926-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr" = 0 "NoDispBackgroundPage" = 0 "NoDispScrSavPage" = 0 ===== Desktop Components ===== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "FriendlyName" = "My Current Home Page" "Source" = "About:Home" "SubscribedURL" = "About:Home" ===== Shared Task Scheduler ===== ===== AppInit_Dlls ===== ===== Lsa Authentication Packages ===== ===== Lsa Security Packages ===== ===== Authorized Applications List ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/10/2004 06:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 12:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/10/2004 06:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe File not found "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe File not found "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [01/25/2008 01:38 AM | 02,458,128 | ---- | M] (McAfee, Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [06/02/2008 11:13 AM | 20,638,504 | ---- | M] (Apple Inc.) ===== HKLM Winlogon Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\WINDOWS\system32\userinit.exe" - [08/10/2004 06:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost] "logonui.exe" - [08/10/2004 06:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [08/10/2004 06:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl ===== User's Winlogon Settings ===== ===== Winlogon Notify Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless] "DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [09/07/2004 05:08 PM | 00,110,592 | ---- | M] (Intel Corporation) ===== Safeboot Options ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "AlternateShell" = cmd.exe ===== Disabled MsConfig Items ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] ===== DNS Name Servers ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9F9C7821-0828-4FBA-97F4-6559EF09D34B}] Servers: | Description: 1394 Net Adapter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{B5284E90-C426-4FF4-95FD-BBDD3978CD9E}] Servers: | Description: Broadcom 440x 10/100 Integrated Controller [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C32B95DE-610A-460D-974F-7A2430606F43}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D6BD0BBB-101B-4D90-9D32-08E336FFCAAE}] Servers: | Description: Intel(R) PRO/Wireless 2200BG Network Connection ===== CDRom AutoRun Settings ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ===== Autorun Files on Drives ===== AUTOEXEC.BAT [] [08/19/2004 05:07 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ] autorun [] [08/08/2006 09:59 AM | ---D | M] E:\autorun [ FAT32 ] autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ] [11/15/2005 11:08 AM | 00,000,036 | -H-- | M] () E:\autorun.inf [ FAT32 ] ===== MountPoints2 ===== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5747066f-25b4-11dd-b804-00123fdf560f}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5747066f-25b4-11dd-b804-00123fdf560f}\Shell\Autoplay] "MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5747066f-25b4-11dd-b804-00123fdf560f}\Shell\Autoplay\DropTarget] "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d35c800-c153-11db-b71d-00038a000015}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d35c800-c153-11db-b71d-00038a000015}\Shell\Autoplay] "MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d35c800-c153-11db-b71d-00038a000015}\Shell\Autoplay\DropTarget] "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931} ===== Hosts File ===== HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost [Files/Folders - Created Within 90 days] [08/18/2008 10:49 PM | ---D | C] - C:\SDFix [08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys [08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys [1 C:\WINDOWS\System32\*.tmp files] [02/05/2007 07:49 PM | 00,188,416 | ---- | C] (Hewlett Packard) - C:\WINDOWS\System32\hppcew01.dll [03/15/2007 03:45 PM | 00,000,630 | ---- | C] () - C:\WINDOWS\System32\HPPCPR01.DAT [03/21/2007 08:54 PM | 00,229,376 | ---- | C] () - C:\WINDOWS\System32\HPPCPR01.DLL [03/22/2007 01:45 PM | 00,573,440 | ---- | C] (Hewlett-Packard) - C:\WINDOWS\System32\hpxp3390.dll [03/28/2007 07:36 PM | 00,327,680 | ---- | C] (Hewlett-Packard) - C:\WINDOWS\System32\HPPEPR01.DLL [03/29/2007 05:01 PM | 00,372,736 | ---- | C] (Hewlett-Packard) - C:\WINDOWS\System32\hppldcoi.dll [06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe [06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe [06/10/2008 02:32 AM | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl [06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe [06/29/2008 05:15 PM | ---D | C] - C:\WINDOWS\System32\NtmsData [08/18/2008 02:36 PM | 00,094,208 | ---- | C] () - C:\WINDOWS\System32\wpixazwn.exe [08/18/2008 02:36 PM | 00,194,560 | ---- | C] () - C:\WINDOWS\System32\qhihgvch.exe [08/25/2008 07:14 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak [11/08/2006 06:35 PM | 00,053,248 | ---- | C] (Hewlett-Packard) - C:\WINDOWS\System32\hpzipm12.dll [01/25/2006 04:03 AM | 00,002,037 | ---- | C] () - C:\WINDOWS\hppmdl02.dat.temp [02/13/2007 11:42 PM | 00,001,432 | ---- | C] () - C:\WINDOWS\hpbvnstp.bu1 [02/13/2007 11:42 PM | 00,003,927 | ---- | C] () - C:\WINDOWS\hpbvnstp.hi1 [02/13/2007 11:43 PM | 00,000,560 | ---- | C] () - C:\WINDOWS\hpbvspst.bu1 [02/13/2007 11:43 PM | 00,000,940 | ---- | C] () - C:\WINDOWS\hpbvspst.hi1 [02/13/2007 11:53 PM | 00,053,630 | ---- | C] () - C:\WINDOWS\hppins02.dat.temp [08/18/2008 10:33 PM | ---D | C] - C:\WINDOWS\pss [08/25/2008 07:11 PM | ---D | C] - C:\WINDOWS\LastGood [1 C:\Documents and Settings\All Users\Application Data\*.tmp files] [07/05/2008 06:58 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe [08/18/2008 02:36 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\unelmvyx [08/18/2008 06:43 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes [08/25/2008 05:47 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\WinZip [06/29/2008 11:58 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Mozilla [06/29/2008 11:58 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Talkback [07/05/2008 06:49 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\AdobeUM [07/06/2008 01:19 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Move Networks [07/06/2008 02:04 AM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Real [08/18/2008 06:44 PM | ---D | C] - C:\Documents and Settings\Tim\Application Data\Malwarebytes [08/25/2008 09:56 AM | ---D | C] - C:\Documents and Settings\Tim\Application Data\ZoomBrowser EX [06/29/2008 11:58 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\Mozilla [07/05/2008 07:03 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\NOS [07/09/2008 04:32 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\Downloaded Installations [07/10/2008 02:46 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\Identities [07/11/2008 05:32 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\AOL [08/25/2008 05:19 PM | ---D | C] - C:\Documents and Settings\Tim\Local Settings\Application Data\Runscanner.net [1 C:\Documents and Settings\Tim\My Documents\*.tmp files] [07/11/2008 04:33 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\BBK Statements [07/11/2008 04:35 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\Resumes [07/16/2008 07:52 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\My Scans [07/16/2008 08:02 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\Hall Street Investments, LLC [07/24/2008 10:49 PM | 03,399,680 | ---- | C] () - C:\Documents and Settings\Tim\My Documents\Upper Wooten Flyer.ppt [07/29/2008 08:43 PM | 00,014,336 | ---- | C] () - C:\Documents and Settings\Tim\My Documents\Montrose Rehab Budget.xls [08/16/2008 12:11 AM | ---D | C] - C:\Documents and Settings\Tim\My Documents\Paintings [08/25/2008 04:27 PM | ---D | C] - C:\Documents and Settings\Tim\My Documents\Kolter Documents [06/30/2008 04:40 PM | 00,001,604 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [07/05/2008 04:48 PM | 00,002,137 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk [07/05/2008 06:59 PM | 00,001,740 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk [08/19/2008 05:55 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [08/25/2008 05:47 PM | 00,001,732 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\WinZip.lnk [08/13/2008 09:23 AM | 00,000,203 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\Free GoToMeeting Trial.url [08/18/2008 06:43 PM | 02,085,176 | ---- | C] (Malwarebytes Corporation ) - C:\Documents and Settings\Tim\Desktop\mbam-setup.exe [08/19/2008 04:29 PM | 01,463,521 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\SDFix.exe [08/19/2008 05:32 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\HijackThis.lnk [08/19/2008 05:32 PM | 00,812,344 | ---- | C] (Trend Micro Inc.) - C:\Documents and Settings\Tim\Desktop\HJTInstall.exe [08/19/2008 05:48 PM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\Tim\Desktop\ATF_Cleaner.exe [08/19/2008 05:53 PM | 00,128,368 | ---- | C] (Digital River) - C:\Documents and Settings\Tim\Desktop\Download_mbam-setup.exe [08/19/2008 09:56 AM | 00,366,627 | ---- | C] (Avira GmbH) - C:\Documents and Settings\Tim\Desktop\tool_en.exe [08/19/2008 10:45 AM | 00,490,740 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\EQUEST [08/20/2008 08:41 AM | 00,029,696 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\OREO [08/25/2008 05:33 PM | 00,277,118 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\runscanner.run [08/25/2008 05:33 PM | 02,065,549 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\runscanner.zip @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\runscanner.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [08/25/2008 05:42 PM | 13,665,632 | ---- | C] () - C:\Documents and Settings\Tim\Desktop\winzip112.exe [08/25/2008 07:11 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Tim\Desktop\OTViewIt.exe [07/05/2008 06:59 PM | 00,001,757 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [07/09/2008 04:38 PM | 00,001,051 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpzrcv01.LNK [08/19/2008 05:54 PM | ---D | C] - C:\Program Files\Common Files\Download Manager [06/30/2008 04:41 PM | ---D | C] - C:\Program Files\QuickTime [06/30/2008 04:44 PM | ---D | C] - C:\Program Files\iPod [06/30/2008 04:44 PM | ---D | C] - C:\Program Files\iTunes [08/13/2008 09:22 AM | ---D | C] - C:\Program Files\Citrix [08/18/2008 02:36 PM | ---D | C] - C:\Program Files\ycaubae [08/18/2008 06:32 PM | ---D | C] - C:\Program Files\Enigma Software Group [08/19/2008 05:32 PM | ---D | C] - C:\Program Files\Trend Micro [08/19/2008 05:55 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware [08/25/2008 05:47 PM | ---D | C] - C:\Program Files\WinZip [Files/Folders - Modified Within 90 days] [08/18/2008 06:24 PM | -HSD | M] - C:\System Volume Information [08/18/2008 10:49 PM | ---D | M] - C:\SDFix [08/25/2008 05:46 PM | R--D | M] - C:\Program Files [08/25/2008 05:47 PM | -HSD | M] - C:\Config.Msi [08/25/2008 07:14 PM | ---D | M] - C:\WINDOWS [08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys [08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys [08/18/2008 03:11 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc [1 C:\WINDOWS\System32\*.tmp files] [06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe [06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe [06/10/2008 02:32 AM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl [06/10/2008 02:32 AM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe [06/29/2008 05:15 PM | ---D | M] - C:\WINDOWS\System32\NtmsData [07/09/2008 04:31 PM | 00,064,262 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat [07/09/2008 04:31 PM | 00,405,878 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat [07/09/2008 04:31 PM | 00,475,908 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI [07/09/2008 04:34 PM | ---D | M] - C:\WINDOWS\System32\DRVSTORE [07/09/2008 04:37 PM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups [07/10/2008 08:39 AM | ---D | M] - C:\WINDOWS\System32\FxsTmp [07/11/2008 04:43 PM | ---D | M] - C:\WINDOWS\System32\Macromed [07/11/2008 04:46 PM | ---D | M] - C:\WINDOWS\System32\appmgmt [07/12/2008 06:25 PM | 00,000,664 | ---- | M] () - C:\WINDOWS\System32\d3d9caps.dat [08/14/2008 08:12 PM | ---D | M] - C:\WINDOWS\System32\CatRoot [08/18/2008 02:36 PM | 00,094,208 | ---- | M] () - C:\WINDOWS\System32\wpixazwn.exe [08/18/2008 02:36 PM | 00,194,560 | ---- | M] () - C:\WINDOWS\System32\qhihgvch.exe [08/18/2008 06:24 PM | ---D | M] - C:\WINDOWS\System32\Restore [08/19/2008 05:55 PM | ---D | M] - C:\WINDOWS\System32\drivers [08/25/2008 04:29 PM | 00,000,004 | ---- | M] () - C:\WINDOWS\System32\6A9592 [08/25/2008 04:29 PM | 00,870,128 | ---- | M] () - C:\WINDOWS\System32\mcs.rma [08/25/2008 06:43 PM | 00,016,987 | ---- | M] () - C:\WINDOWS\System32\nvModes.001 [08/25/2008 06:43 PM | 00,016,987 | ---- | M] () - C:\WINDOWS\System32\nvModes.dat [08/25/2008 07:11 PM | RHSD | M] - C:\WINDOWS\System32\dllcache [08/25/2008 07:14 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak [08/25/2008 07:15 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2 [08/25/2008 07:48 AM | 00,062,872 | ---- | M] () - C:\WINDOWS\System32\Config.MPF [08/25/2008 07:50 AM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl [08/25/2008 07:50 AM | 00,017,146 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml [06/26/2008 10:49 AM | 00,000,376 | ---- | M] () - C:\WINDOWS\ODBC.INI [06/28/2008 12:18 PM | -HSD | M] - C:\WINDOWS\CSC [07/09/2008 04:36 PM | 00,000,390 | ---- | M] () - C:\WINDOWS\hpbvspst.ini [07/09/2008 04:36 PM | 00,000,731 | ---- | M] () - C:\WINDOWS\hpbvspst.his [07/09/2008 04:36 PM | 00,001,183 | ---- | M] () - C:\WINDOWS\hpbvnstp.ini [07/09/2008 04:36 PM | 00,003,631 | ---- | M] () - C:\WINDOWS\hpbvnstp.his [07/09/2008 04:38 PM | ---D | M] - C:\WINDOWS\twain_32 [07/09/2008 04:39 PM | 00,109,823 | ---- | M] () - C:\WINDOWS\hppins02.dat [07/09/2008 05:44 PM | ---D | M] - C:\WINDOWS\Microsoft.NET [07/09/2008 05:44 PM | R-SD | M] - C:\WINDOWS\assembly [07/11/2008 04:46 PM | ---D | M] - C:\WINDOWS\Downloaded Installations [07/11/2008 05:33 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files [07/16/2008 07:50 PM | ---D | M] - C:\WINDOWS\WinSxS [08/14/2008 11:10 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK [08/14/2008 11:10 PM | -H-D | M] - C:\WINDOWS\$hf_mig$ [08/18/2008 10:33 PM | ---D | M] - C:\WINDOWS\pss [08/25/2008 05:47 PM | -HSD | M] - C:\WINDOWS\Installer [08/25/2008 07:11 PM | ---D | M] - C:\WINDOWS\Help [08/25/2008 07:11 PM | ---D | M] - C:\WINDOWS\LastGood [08/25/2008 07:11 PM | ---D | M] - C:\WINDOWS\Temp [08/25/2008 07:12 PM | ---D | M] - C:\WINDOWS\Prefetch [08/25/2008 07:14 PM | ---D | M] - C:\WINDOWS\system32 [08/25/2008 07:15 PM | -H-D | M] - C:\WINDOWS\inf [08/25/2008 07:47 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat [08/25/2008 07:47 AM | ---D | M] - C:\WINDOWS\Registration [07/01/2008 01:00 AM | 00,000,352 | ---- | M] () - C:\WINDOWS\tasks\McQcTask.job [07/15/2008 01:00 AM | 00,000,260 | ---- | M] () - C:\WINDOWS\tasks\McDefragTask.job [08/02/2008 02:53 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job [08/25/2008 07:47 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT [1 C:\Documents and Settings\All Users\Application Data\*.tmp files] [07/05/2008 06:58 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe [07/11/2008 05:30 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Viewpoint [07/11/2008 05:33 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\AOL [08/18/2008 02:36 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\unelmvyx [08/18/2008 06:43 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes [08/25/2008 05:47 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\WinZip [08/25/2008 09:56 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\ZoomBrowser [06/29/2008 11:58 PM | ---D | M] - C:\Documents and Settings\Tim\Application Data\Mozilla [06/29/2008 11:58 PM | ---D | M] - C:\Documents and Settings\Tim\Application Data\Talkback [07/05/2008 06:49 PM | ---D | M] - C:\Documents and Settings\Tim\Application Data\AdobeUM [07/06/2008 01:19 PM | ---D | M] - C:\Documents and Settings\Tim\Application Data\Move Networks [07/06/2008 02:04 AM | ---D | M] - C:\Documents and Settings\Tim\Application Data\Real [07/08/2008 08:53 AM | ---D | M] - C:\Documents and Settings\Tim\Application Data\Adobe [07/11/2008 07:34 AM | ---D | M] - C:\Documents and Settings\Tim\Application Data\Google [08/04/2008 08:15 AM | ---D | M] - C:\Documents and Settings\Tim\Application Data\SiteAdvisor [08/18/2008 06:44 PM | ---D | M] - C:\Documents and Settings\Tim\Application Data\Malwarebytes [08/18/2008 06:45 PM | --SD | M] - C:\Documents and Settings\Tim\Application Data\Microsoft [08/25/2008 09:56 AM | ---D | M] - C:\Documents and Settings\Tim\Application Data\ZoomBrowser EX [06/29/2008 11:58 PM | ---D | M] - C:\Documents and Settings\Tim\Local Settings\Application Data\Mozilla [07/05/2008 07:03 PM | ---D | M] - C:\Documents and Settings\Tim\Local Settings\Application Data\NOS [07/07/2008 04:17 PM | 00,000,126 | ---- | M] () - C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat [07/09/2008 04:32 PM | ---D | M] - C:\Documents and Settings\Tim\Local Settings\Application Data\Downloaded Installations [07/10/2008 02:46 PM | ---D | M] - C:\Documents and Settings\Tim\Local Settings\Application Data\Identities [07/11/2008 05:32 PM | ---D | M] - C:\Documents and Settings\Tim\Local Settings\Application Data\AOL [07/11/2008 07:34 AM | ---D | M] - C:\Documents and Settings\Tim\Local Settings\Application Data\Google [08/21/2008 08:50 AM | ---D | M] - C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft [08/25/2008 05:19 PM | ---D | M] - C:\Documents and Settings\Tim\Local Settings\Application Data\Runscanner.net [08/25/2008 07:50 AM | ---D | M] - C:\Documents and Settings\Tim\Local Settings\Application Data\ApplicationHistory [08/25/2008 12:01 AM | 02,162,174 | -H-- | M] () - C:\Documents and Settings\Tim\Local Settings\Application Data\IconCache.db [1 C:\Documents and Settings\Tim\My Documents\*.tmp files] [07/11/2008 04:33 PM | ---D | M] - C:\Documents and Settings\Tim\My Documents\BBK Statements [07/11/2008 04:35 PM | ---D | M] - C:\Documents and Settings\Tim\My Documents\Resumes [07/16/2008 07:52 PM | ---D | M] - C:\Documents and Settings\Tim\My Documents\My Scans [07/16/2008 08:02 PM | ---D | M] - C:\Documents and Settings\Tim\My Documents\Hall Street Investments, LLC [07/24/2008 10:49 PM | 03,399,680 | ---- | M] () - C:\Documents and Settings\Tim\My Documents\Upper Wooten Flyer.ppt [07/29/2008 08:43 PM | 00,014,336 | ---- | M] () - C:\Documents and Settings\Tim\My Documents\Montrose Rehab Budget.xls [08/16/2008 12:11 AM | ---D | M] - C:\Documents and Settings\Tim\My Documents\Paintings [08/25/2008 04:27 PM | ---D | M] - C:\Documents and Settings\Tim\My Documents\Kolter Documents [08/25/2008 10:01 AM | R--D | M] - C:\Documents and Settings\Tim\My Documents\My Pictures [06/30/2008 04:40 PM | 00,001,604 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [07/05/2008 04:48 PM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk [07/05/2008 06:59 PM | 00,001,740 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk [08/19/2008 05:55 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [08/25/2008 05:47 PM | 00,001,732 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\WinZip.lnk [07/06/2008 02:13 PM | 00,001,394 | ---- | M] () - C:\Documents and Settings\Tim\Desktop\Media Center.lnk [08/13/2008 09:23 AM | 00,000,203 | ---- | M] () - C:\Documents and Settings\Tim\Desktop\Free GoToMeeting Trial.url [08/18/2008 06:43 PM | 02,085,176 | ---- | M] (Malwarebytes Corporation ) - C:\Documents and Settings\Tim\Desktop\mbam-setup.exe [08/19/2008 04:29 PM | 01,463,521 | ---- | M] () - C:\Documents and Settings\Tim\Desktop\SDFix.exe [08/19/2008 05:32 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Tim\Desktop\HijackThis.lnk [08/19/2008 05:32 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\Tim\Desktop\HJTInstall.exe [08/19/2008 05:48 PM | 00,050,688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Tim\Desktop\ATF_Cleaner.exe [08/19/2008 05:53 PM | 00,128,368 | ---- | M] (Digital River) - C:\Documents and Settings\Tim\Desktop\Download_mbam-setup.exe [08/19/2008 09:56 AM | 00,366,627 | ---- | M] (Avira GmbH) - C:\Documents and Settings\Tim\Desktop\tool_en.exe [08/19/2008 10:45 AM | 00,490,740 | ---- | M] () - C:\Documents and Settings\Tim\Desktop\EQUEST [08/20/2008 08:41 AM | 00,029,696 | ---- | M] () - C:\Documents and Settings\Tim\Desktop\OREO [08/25/2008 05:33 PM | 00,277,118 | ---- | M] () - C:\Documents and Settings\Tim\Desktop\runscanner.run [08/25/2008 05:33 PM | 02,065,549 | ---- | M] () - C:\Documents and Settings\Tim\Desktop\runscanner.zip @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\runscanner.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [08/25/2008 05:42 PM | 13,665,632 | ---- | M] () - C:\Documents and Settings\Tim\Desktop\winzip112.exe [08/25/2008 07:11 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Tim\Desktop\OTViewIt.exe [07/05/2008 06:59 PM | 00,001,757 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [07/09/2008 04:38 PM | 00,001,051 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpzrcv01.LNK [07/05/2008 06:58 PM | ---D | M] - C:\Program Files\Common Files\Adobe [07/11/2008 05:30 PM | ---D | M] - C:\Program Files\Common Files\EarthLink [07/11/2008 05:32 PM | ---D | M] - C:\Program Files\Common Files\Nullsoft [07/11/2008 05:33 PM | ---D | M] - C:\Program Files\Common Files\AOL [08/19/2008 05:54 PM | ---D | M] - C:\Program Files\Common Files\Download Manager < End of report >