Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hello.


  • Please log in to reply

#46
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. Go back to post#32 and follow all the steps there.

Cheers.

OT
  • 0

Advertisements


#47
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OK so I am going to do post 36 and when I get to the point where I have done a normal reboot on step 3 I will do post 32. Thanks.
  • 0

#48
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OK. bfaeafefb.dll file is del. starting with post 32

:) ok after looking closer at post 32 I want to start at step 2 right? I will wait untill I get the right direction. Thanks.

Edited by jbolen, 13 February 2008 - 10:04 PM.

  • 0

#49
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. No, go ahead and start at step 1. Let's see if Avenger comes back and says the file could not be found.

Cheers.

TO
  • 0

#50
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
here is the avenger log. starting step 2. (I'm so excited that it started, I feel that we are making headway.)

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rvhtrydq

*******************

Script file located at: \??\C:\Program Files\igsfiyyr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\bfaeafefb.dll not found!
Deletion of file C:\WINDOWS\system32\bfaeafefb.dll failed!

Could not process line:
C:\WINDOWS\system32\bfaeafefb.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
  • 0

#51
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
That look like a good sign. This is better than Christmas huh?

OT
  • 0

#52
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ran the fix for the winpfind35u and no pop up came up. it just restarted everything and seams to have cleaned out all the temp files. is there a place where I can look for the log file?
  • 0

#53
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ok this is strange. if i click anywhere on the winpfind35u window it just makes a windows clunk sound and will not respond.
  • 0

#54
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ok spoke to soon. the reason for the clunking sound was that the popup was behind the program window. it wanted to do a system reboot. the log file never came up on its own however i found it in the files moved folder and verified that it was created just now. here it is.

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bfaeafefb\ deleted successfully.
File C:\WINDOWS\system32\bfaeafefb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar search\ deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1124420374\EE\AOLServiceHost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\bfaeafefb.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\bfaeafefb.dll not found!
[Empty Temp Folders]
File delete failed. C:\WINDOWS\temp\sqlite_DC9DFJ5hifQNztV scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_HpsPbXtMI6de1mB scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_LTHgGKSTRTTI5Vk scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta50 fix logfile created on 02132008_225717
  • 0

#55
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
continuing on.
  • 0

Advertisements


#56
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. If it finishe dthe log file would be in the MovedFiles folder and have a name in the form of mmddyyyy_hhmmss.log. But if it didn't either tell you that it was finished or tell you that you needed to reboot I doubt that a log was made.

If there is a log file there then post that back with a new WinPFind35 scan report. Otherwise just post the scan report.

Cheers.

OT

Edit: We must have been posting at the same time lol. I'll wait for the new scan report.
  • 0

#57
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
here is scan log.

Scanning Report
Wednesday, February 13, 2008 23:20:45 - 00:21:17
Computer name: HAL
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 7 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 35867
System: 4775
Not scanned: 3
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 6
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\SQLITE_3HV6O80JVZZHCMA
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-02-13
F-Secure AVP: 7.0.171, 2008-02-13
F-Secure Orion: 1.2.37, 2008-02-13
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.20.0, 2008-01-13
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
  • 0

#58
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
here is step 5.

[code=auto:0]WinPFind35 logfile created on: 2/14/2008 12:25:14 AM
WinPFind35U Version Beta50 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.86 Mb Total Physical Memory | 529.02 Mb Available Physical Memory | 52.18% Memory free
2.38 Gb Paging File | 2.09 Gb Available in Paging File | 87.68% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.28 Gb Total Space | 212.55 Gb Free Space | 93.11% Space Free | Partition Type: NTFS
Drive D: | 4.59 Gb Total Space | 2.71 Gb Free Space | 58.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 7.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 5:00:02 PM | Attr = ]
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 174592 bytes | Modified Date = 1/13/2004 4:55:51 PM | Attr = ]
dtsslsrv.exe -> %ProgramFiles%\Gateway\EzTune\dtsslsrv.exe -> [Ver = | Size = 114688 bytes | Modified Date = 8/18/2005 3:56:26 PM | Attr = ]
dtsrvc.exe -> %ProgramFiles%\Gateway\EzTune\DTSRVC.exe -> [Ver = | Size = 61440 bytes | Modified Date = 8/18/2005 3:54:04 PM | Attr = ]
massrv.exe -> %ProgramFiles%\McAfee\McAfee AntiSpyware\MASSrv.exe -> McAfee, Inc. [Ver = 1.5.0.110 | Size = 876544 bytes | Modified Date = 1/6/2006 5:13:32 PM | Attr = ]
mcdetect.exe -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 9:56:16 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 8/10/2005 12:22:02 PM | Attr = ]
mctskshd.exe -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 6:01:04 PM | Attr = ]
oasclnt.exe -> %ProgramFiles%\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 8/11/2005 11:02:44 PM | Attr = ]
prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 8/18/2005 8:57:20 PM | Attr = ]
mcvsshld.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 8/10/2005 1:49:20 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 8:29:08 PM | Attr = ]
mcvsescn.exe -> %ProgramFiles%\McAfee.com\VSO\McVSEscn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Modified Date = 7/8/2005 7:16:16 PM | Attr = ]
shwiconem.exe -> %ProgramFiles%\Digital Media Reader\shwiconEM.exe -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 11/15/2004 4:04:32 PM | Attr = ]
igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 155648 bytes | Modified Date = 8/20/2004 4:55:14 PM | Attr = ]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 8/20/2004 4:51:14 PM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 11/2/2004 9:24:46 PM | Attr = ]
zhotkey.exe -> %SystemRoot%\zHotkey.exe -> [Ver = 3, 0, 0, 7 | Size = 543232 bytes | Modified Date = 5/3/2005 3:02:00 PM | Attr = ]
masalert.exe -> %ProgramFiles%\McAfee\McAfee AntiSpyware\MASAlert.exe -> McAfee, Inc. [Ver = 1.5.0.110 | Size = 327680 bytes | Modified Date = 1/6/2006 5:14:20 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 8/18/2005 9:00:19 PM | Attr = ]
wpctrl.exe -> %ProgramFiles%\WinPortrait\wpctrl.exe -> [Ver = | Size = 698104 bytes | Modified Date = 1/26/2005 2:57:16 PM | Attr = ]
alcfdrtm.exe -> %SystemRoot%\ALCFDRTM.EXE -> Realtek Semiconductor Corp. [Ver = 1, 2, 0, 0 | Size = 73728 bytes | Modified Date = 10/30/2006 11:12:01 AM | Attr = ]
soundman.exe -> %SystemRoot%\SoundMan.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 17 | Size = 90112 bytes | Modified Date = 5/12/2005 3:00:54 PM | Attr = ]
alcwzrd.exe -> %SystemRoot%\ALCWZRD.EXE -> RealTek Semicoductor Corp. [Ver = 1.1.0.20 | Size = 2805248 bytes | Modified Date = 5/12/2005 3:00:34 PM | Attr = ]
lxbmbmgr.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 4:04:08 AM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 10:09:58 AM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/1/2007 5:50:01 PM | Attr = ]
lxbmbmon.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmon.exe -> Lexmark International, Inc. [Ver = 2, 0, 0, 1 | Size = 94208 bytes | Modified Date = 1/16/2004 4:27:30 AM | Attr = ]
bigfix.exe -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 11:22:26 AM | Attr = ]
floater.exe -> %ProgramFiles%\WinPortrait\floater.exe -> [Ver = | Size = 755448 bytes | Modified Date = 1/26/2005 2:57:18 PM | Attr = ]
dthtml.exe -> %ProgramFiles%\Gateway\EzTune\dthtml.exe -> Portrait Displays, Inc [Ver = 1.0.0.1 | Size = 260608 bytes | Modified Date = 8/18/2005 3:55:12 PM | Attr = ]
wpn111.exe -> %ProgramFiles%\NETGEAR\WPN111\WPN111.exe -> NETGEAR [Ver = 1, 1, 0, 8 | Size = 884838 bytes | Modified Date = 1/26/2005 2:15:16 PM | Attr = ]
mcvsftsn.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsftsn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 299008 bytes | Modified Date = 7/1/2005 9:43:00 PM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/11/2008 7:14:48 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Asset Management Daemon) Asset Management Daemon [Win32_Own | Auto | Running] -> %ProgramFiles%\Gateway\EzTune\dtsslsrv.exe -> [Ver = | Size = 114688 bytes | Modified Date = 8/18/2005 3:56:26 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr = ]
(DTSRVC) Portrait Displays Display Tune Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Gateway\EzTune\DTSRVC.exe -> [Ver = | Size = 61440 bytes | Modified Date = 8/18/2005 3:54:04 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/6/2007 7:25:56 PM | Attr = ]
(Imapi Helper) Imapi Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alex Feinman\ISO Recorder\ImapiHelper.exe -> Alex Feinman [Ver = 1.0.0.0 | Size = 163840 bytes | Modified Date = 1/5/2006 12:06:02 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 5:00:02 PM | Attr = ]
(McAfee AntiSpyware Service) McAfee AntiSpyware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\McAfee AntiSpyware\MASSrv.exe -> McAfee, Inc. [Ver = 1.5.0.110 | Size = 876544 bytes | Modified Date = 1/6/2006 5:13:32 PM | Attr = ]
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 9:56:16 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 8/10/2005 12:22:02 PM | Attr = ]
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 6:01:04 PM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Modified Date = 7/1/2005 9:22:50 PM | Attr = ]
(PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 8/18/2005 8:57:20 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 9/13/2007 11:06:51 AM | Attr = ]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 9:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 7:07:44 AM | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 9:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 9:51:58 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BVRPMPR5.SYS -> BVRP Software [Ver = 1.00.00.01 | Size = 44224 bytes | Modified Date = 9/16/2005 10:46:30 AM | Attr = R ]
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_xp.sys -> Roxio [Ver = 7.1.0.188 | Size = 44288 bytes | Modified Date = 11/10/2004 6:27:34 PM | Attr = ]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> Roxio [Ver = 7.1.0.188 | Size = 24832 bytes | Modified Date = 11/10/2004 6:30:18 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 9:51:54 PM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 9:52:16 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr = ]
(DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DNINDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.55 | Size = 17149 bytes | Modified Date = 7/24/2003 11:10:34 AM | Attr = ]
(gmer) gmer [Kernel | System | Running] -> %SystemRoot%\system32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Hdaudio.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 145920 bytes | Modified Date = 1/7/2005 6:07:16 PM | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 6:07:18 PM | Attr = ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Modified Date = 6/17/2004 4:56:22 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 6/17/2004 4:55:04 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3889 | Size = 737874 bytes | Modified Date = 8/20/2004 5:26:00 PM | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5125 built by: WinDDK | Size = 2951680 bytes | Modified Date = 5/12/2005 3:00:50 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 2/2/2008 10:13:31 AM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 1:04:14 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 9:52:12 PM | Attr = ]
(mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mxnic.sys -> Macronix International Co., Ltd. [Ver = 2.12 (XPClient.010817-1148) | Size = 19968 bytes | Modified Date = 8/17/2001 2:49:32 PM | Attr = ]
(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\naiavf5x.sys -> McAfee Inc. [Ver = 11.0.0.142 | Size = 114464 bytes | Modified Date = 8/10/2005 12:22:10 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 11:29:56 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(pdiddcci) DDC/CI monitor [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pdiddcci.sys -> Portrait Displays, Inc. [Ver = 1.00 built by: WinDDK | Size = 11776 bytes | Modified Date = 8/18/2005 3:56:30 PM | Attr = ]
(PdiPorts) Portrait Displays low level device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PdiPorts.sys -> Portrait Displays, Inc. [Ver = 1.00 built by: WinDDK | Size = 9600 bytes | Modified Date = 8/18/2005 3:53:28 PM | Attr = ]
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(pivot) pivot [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pivot.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2029.1 | Size = 16425 bytes | Modified Date = 1/26/2005 2:55:20 PM | Attr = ]
(pivotmou) Pivot Mouse/Pointers Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pivotmou.sys -> Windows (R) 2000 DDK provider [Ver = 7.00 | Size = 9260 bytes | Modified Date = 1/26/2005 2:55:24 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 9:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 9:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 9:52:18 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 7:07:44 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 10:07:44 PM | Attr = ]
(SunkFilt) Alcor Micro Corp Reader [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Sunkfilt.sys -> Alcor Micro Corp. [Ver = 2, 0, 5, 0 | Size = 36804 bytes | Modified Date = 11/15/2004 6:41:54 PM | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 10:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 10:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 10:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 10:07:42 PM | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 9:52:22 PM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 3:13:04 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 6/17/2004 4:55:38 PM | Attr = ]
(WPN111) Wireless USB 2.0 Adapter with RangeMax Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WPN111.sys -> NETGEAR, Inc. [Ver = 1.5.0.2102 | Size = 362944 bytes | Modified Date = 9/26/2005 3:02:50 PM | Attr = ]
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> Marvell [Ver = 8.27.3.3 built by: WinDDK | Size = 232064 bytes | Modified Date = 5/6/2005 9:27:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
_AntiSpyware -> %ProgramFiles%\McAfee\McAfee AntiSpyware\MASAlert.exe -> McAfee, Inc. [Ver = 1.5.0.110 | Size = 327680 bytes | Modified Date = 1/6/2006 5:14:20 PM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 10:09:58 AM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:55 PM | Attr = ]
AlcFDMonitor -> %SystemRoot%\ALCFDRTM.EXE -> Realtek Semiconductor Corp. [Ver = 1, 2, 0, 0 | Size = 73728 bytes | Modified Date = 10/30/2006 11:12:01 AM | Attr = ]
Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/12/2005 3:00:30 PM | Attr = ]
AlcWzrd -> %SystemRoot%\ALCWZRD.EXE -> RealTek Semicoductor Corp. [Ver = 1.1.0.20 | Size = 2805248 bytes | Modified Date = 5/12/2005 3:00:34 PM | Attr = ]
CHotkey -> %SystemRoot%\zHotkey.exe -> [Ver = 3, 0, 0, 7 | Size = 543232 bytes | Modified Date = 5/3/2005 3:02:00 PM | Attr = ]
FaxCenterServer4_in_1 -> %ProgramFiles%\Lexmark 4200 Series\Fax\fm3032.exe -> [Ver = | Size = 151552 bytes | Modified Date = 1/22/2004 10:59:10 AM | Attr = ]
High Definition Audio Property Page Shortcut -> %SystemRoot%\system32\HdAShCut.exe -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 61952 bytes | Modified Date = 1/7/2005 6:07:16 PM | Attr = ]
HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 8/20/2004 4:51:14 PM | Attr = ]
IgfxTray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 155648 bytes | Modified Date = 8/20/2004 4:55:14 PM | Attr = ]
Lexmark 4200 Series -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 4:04:08 AM | Attr = ]
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 8:29:08 PM | Attr = ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 1/11/2006 2:05:42 PM | Attr = ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 12:50:42 PM | Attr = ]
OASClnt -> %ProgramFiles%\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 8/11/2005 11:02:44 PM | Attr = ]
PivotSoftware -> %ProgramFiles%\WinPortrait\wpctrl.exe -> [Ver = | Size = 698104 bytes | Modified Date = 1/26/2005 2:57:16 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 8/18/2005 9:00:19 PM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 12:42:26 AM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 11/2/2004 9:24:46 PM | Attr = ]
SoundMan -> %SystemRoot%\SoundMan.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 17 | Size = 90112 bytes | Modified Date = 5/12/2005 3:00:54 PM | Attr = ]
SunKistEM -> %ProgramFiles%\Digital Media Reader\shwiconEM.exe -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 11/15/2004 4:04:32 PM | Attr = ]
VirusScan Online -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 8/10/2005 1:49:20 PM | Attr = ]
VSOCheckTask -> %ProgramFiles%\McAfee.com\VSO\mcmnhdlr.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Modified Date = 7/8/2005 7:18:22 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/1/2007 5:50:01 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\BigFix.lnk -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 11:22:26 AM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\EzTune.lnk -> %ProgramFiles%\Gateway\EzTune\dthtml.exe -> Portrait Displays, Inc [Ver = 1.0.0.1 | Size = 260608 bytes | Modified Date = 8/18/2005 3:55:12 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Install Pending Files.LNK -> %ProgramFiles%\SIFXINST\SIFXINST.EXE -> New Boundary Technologies, Inc. [Ver = 5.0 | Size = 729088 bytes | Modified Date = 8/18/2005 8:58:27 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WPN111\WPN111.exe -> NETGEAR [Ver = 1, 1, 0, 8 | Size = 884838 bytes | Modified Date = 1/26/2005 2:15:16 PM | Attr = ]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 4:50:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
turbotax.com .[https] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 2/1/2008 6:06:00 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [McAfee VirusScan] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 9:44:30 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 1/9/2008 3:01:48 PM | Attr = ]
CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKEY_LOCAL_MACHINE] -> [ieSpell] -> File not found
CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKEY_LOCAL_MACHINE] -> [ieSpell Options] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 10/31/2006 8:07:16 AM | Attr = ]
Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 10/31/2006 8:07:16 AM | Attr = ]
Lookup on Merriam Webster -> -> File not found
Lookup on Wikipedia -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{A7F003C7-E761-4BEF-A328-E13F53F0DE9D} -> (Marvell Yukon 88E8050 PCI-E ASF Gigabit Ethernet Controller) ->
{CC3746E6-4D79-4417-B581-58C77403E3B2} -> (1394 Net Adapter) ->
{D5F4B571-FDDD-4A9A-AC5E-457FC171A4A4} -> (NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] ->
{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}[HKEY_LOCAL_MACHINE] -> http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab[DjVuCtl Class] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab[Windows Live Safety Center Base Module] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab[DivXBrowserPlugin Object] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172599282817[MUWebControl Class] ->
{77E32299-629F-43C6-AB77-6A1E6D7663F6}[HKEY_LOCAL_MACHINE] -> http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab[Groove Control] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://www.popcap.com/games/popcaploader_v6.cab[PopCapLoader Object] ->



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 2/13/2008 10:49:54 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/11/2008 9:06:20 AM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2/11/2008 8:31:38 PM | Attr = ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
mcstrm.sys -> %SystemRoot%\System32\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 2/2/2008 10:13:31 AM | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 1/16/2008 8:19:28 PM | Attr = ]
mcs.rma -> %SystemRoot%\System32\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 2/5/2008 5:22:16 PM | Attr = ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 1/16/2008 8:18:13 PM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 1/16/2008 8:17:49 PM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 2/3/2008 11:29:32 AM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2/11/2008 9:06:45 AM | Attr = ]
ftpcache -> %SystemRoot%\ftpcache -> [Folder | Created Date = 1/22/2008 4:01:04 PM | Attr = HS]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2/11/2008 9:12:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 345 bytes | Modified Date = 2/11/2008 9:47:22 AM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 1/16/2008 8:18:26 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 1/16/2008 8:20:35 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 2/13/2008 11:17:28 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 1/16/2008 8:16:00 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 1/16/2008 8:19:30 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Real -> %AppData%\Real -> [Folder | Created Date = 2/2/2008 10:10:48 AM | Attr = ]
Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Created Date = 2/13/2008 12:20:17 PM | Attr = ]
abi letter.doc -> %UserProfile%\My Documents\abi letter.doc -> [Ver = | Size = 24064 bytes | Modified Date = 1/19/2008 9:25:49 AM | Attr = ]
CAITLYN CORRIN MASSENA.doc -> %UserProfile%\My Documents\CAITLYN CORRIN MASSENA.doc -> [Ver = | Size = 31232 bytes | Modified Date = 1/18/2008 2:08:24 PM | Attr = ]
Doc7.doc -> %UserProfile%\My Documents\Doc7.doc -> [Ver = | Size = 31744 bytes | Modified Date = 1/18/2008 1:50:30 PM | Attr = ]
Best Buy Digital Music Store.lnk -> %AllUsersProfile%\Desktop\Best Buy Digital Music Store.lnk -> [Ver = | Size = 675 bytes | Modified Date = 2/2/2008 10:26:40 AM | Attr = ]
TurboTax Deluxe 2007.lnk -> %AllUsersProfile%\Desktop\TurboTax Deluxe 2007.lnk -> [Ver = | Size = 1766 bytes | Modified Date = 1/23/2008 11:25:16 AM | Attr = ]
2007 Bolen J Tax Return.pdf -> %UserProfile%\Desktop\2007 Bolen J Tax Return.pdf -> [Ver = | Size = 125139 bytes | Modified Date = 1/24/2008 11:02:28 AM | Attr = ]
AT&T Yahoo! Mail - [email protected] -> %UserProfile%\Desktop\AT&T Yahoo! Mail - [email protected] -> [Ver = | Size = 335 bytes | Modified Date = 1/31/2008 7:44:36 AM | Attr = ]
@Alternate Data Stream - 6598 bytes -> %UserProfile%\Desktop\AT&T Yahoo! Mail - [email protected]:favicon
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/11/2008 11:47:55 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
avenger -> %UserProfile%\Desktop\avenger -> [Folder | Created Date = 2/12/2008 8:15:08 AM | Attr = ]
avenger.zip -> %UserProfile%\Desktop\avenger.zip -> [Ver = | Size = 127378 bytes | Modified Date = 2/12/2008 8:14:23 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
Best Buy MP3 Help.lnk -> %UserProfile%\Desktop\Best Buy MP3 Help.lnk -> [Ver = | Size = 1620 bytes | Modified Date = 2/2/2008 10:26:40 AM | Attr = ]
dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/11/2008 7:58:52 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2/11/2008 9:12:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmer.exe:Zone.Identifier
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [Ver = | Size = 695350 bytes | Modified Date = 2/11/2008 7:59:40 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmer.zip:Zone.Identifier
Internet Explorer.lnk -> %UserProfile%\Desktop\Internet Explorer.lnk -> [Ver = | Size = 767 bytes | Modified Date = 2/3/2008 4:22:00 PM | Attr = ]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/11/2008 8:25:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
rc.iso -> %UserProfile%\Desktop\rc.iso -> [Ver = | Size = 7716864 bytes | Modified Date = 2/13/2008 12:04:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\rc.iso:Zone.Identifier
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/11/2008 11:52:47 PM | Attr = ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480446 bytes | Modified Date = 2/11/2008 11:49:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
WinPFind3u -> %UserProfile%\Desktop\WinPFind3u -> [Folder | Created Date = 2/11/2008 7:58:23 AM | Attr = ]
winpfind3u.exe -> %UserProfile%\Desktop\winpfind3u.exe -> [Ver = | Size = 404656 bytes | Modified Date = 2/11/2008 7:58:11 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\winpfind3u.exe:Zone.Identifier
Scanner -> %CommonProgramFiles%\Scanner -> [Folder | Created Date = 2/3/2008 10:41:45 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 2/13/2008 10:49:54 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/11/2008 9:06:20 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2/10/2008 9:03:04 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/13/2008 10:48:51 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -
  • 0

#59
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
heading to bed. will check in the morning. Thanks. :)
  • 0

#60
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. From what I can see everything looks good. The report got cutoff before the end so I will need the rest of it. Open the file WinPFind35.txt that is located in the WinPFind53u folder with Notepad and start at the line that says [Files/Folders - Modified Within 30 days] and copy from there to the end of the file and paste that back here. I'm not expecting to see anything but I should take a look at the information.

And now the million dollar quesiton: How are things running? Are there any issues that you are currently encountering?

Let me know.

Cheers.

OT
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP