WinPFind logfile created on: 3/21/2007 6:36:39 PM
WinPFind by OldTimer - v2.0.2 Folder = C:\Documents and Settings\Wilhite\Desktop\WinPFind\
»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»
777596 Kb Total Physical Memory | 253092 Kb Available Physical Memory | 32.55% Memory free
1901148 Kb Paging File | 1463924 Kb Available in Paging File | 77.00% Paging File free
Paging file location: C:\pagefile.sys 1140 2280
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74927156 Kb Total Space | 57253816 Kb Free Space | 76.41% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»
C:\Documents and Settings\Wilhite\Desktop\abc.exe (Soeperman Enterprises Ltd.)
C:\Documents and Settings\Wilhite\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
C:\Program Files\MySpace\IM\MySpaceIM.exe ()
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running]
= C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)
(EvtEng) EvtEng [Win32_Own | Auto | Running]
= C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
(ISSVC) IS Service [Win32_Own | Auto | Running]
= C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running]
= C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\HPZipm12.exe (HP)
(RegSrvc) RegSrvc [Win32_Own | Auto | Running]
= C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running]
= C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec)
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running]
= C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
(SymSecurePort) Symantec SecurePort [Win32_Own | Auto | Running]
= C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running]
= C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»
>>>>> Run Keys and Auto-Start Folders <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
= (File not found)
Apoint = C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
dla = C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
DVDLauncher = C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
igfxpers = C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
igfxtray = C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
IntelWireless = C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
ISUSPM Startup = C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
ISUSScheduler = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MSKDetectorExe = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
PCMService = C:\Program Files\Dell\Media Experience\PCMService.exe (File not found)
vptray = C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MySpaceIM = C:\Program Files\MySpace\IM\MySpaceIM.exe ()
updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1
< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
= C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
= C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
< User Startup Folder = C:\Documents and Settings\Wilhite\Start Menu\Programs\Startup >
C:\Documents and Settings\Wilhite\Start Menu\Programs\Startup\desktop.ini ()
>>>>> MsConfig Disabled Items <<<<<
>>>>> Disabled Startup Folder Items <<<<<
>>>>> File Associations <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found
>>>>> Registry Shell Spawning <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -> "%1" %* (File not found)
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -> "%1" %* (File not found)
htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -> "%1" %* (File not found)
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)
txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
>>>>> ActiveX StubPath settings <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
>>>>> WOW Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
>>>>> Session Manager Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =
PendingFileRenameOperations = \??\C:\Config.Msi\8f605.rbf;
>>>>> Items Started Through Miscellaneous Registry Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
{b292ec9f-a074-4115-8342-1f459702d8d2} = characterizing ( HKLM = C:\WINDOWS\system32\fyxkaah.dll () )
>>>>> Security Providers <<<<<
>>>>> Winlogon Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System]
kduqx.exe (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
DllName = C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
DllName = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
DllName = C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
>>>>> Policy Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
NoCDBurning = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145
>>>>> Desktop Components <<<<<
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home
>>>>> HOSTS File <<<<<
HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 4/21/2006 11:02:54 PM)
127.0.0.1 localhost
>>>>> Internet Explorer Settings <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL =
http://www.insightbb.com
Default_Search_URL =
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Local Page = %SystemRoot%\system32\blank.htm
Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.html
Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page =
http://www.yahoo.com/
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL =
http://www.google.com/ig/dell?hl=en
Local Page = C:\WINDOWS\system32\blank.htm
Search Bar =
http://red.clientapps.yahoo.com/customi ... ch/ie.html
Search Page =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
Start Page =
http://www.insightbb.com/
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0
>>>>> Browser Helper Objects <<<<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
- MyWebSearch Search Assistant BHO ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
- Yahoo! Toolbar Helper ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- Adobe PDF Reader Link Helper ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- Reg Data - Value does not exist ( HKLM = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
- DriveLetterAccess ( HKLM = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}]
- ( HKLM = C:\Program Files\Video Access ActiveX Object\isadd.dll (File not found) )
>>>>> Bars, Toolbars and Extensions <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - Protection Bar ( HKLM = Reg Data - Key not found (File not found) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} = 8194 - Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8195
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKLM C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKCU C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}]
ButtonText = PartyPoker.com
MenuText = PartyPoker.com
Exec = C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
@ = http:\edits.mywebsearch.com\toolbaredits\menusearch.jht (File not found)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel]
@ = 000 (File not found)
>>>>> Approved Shell Extensions <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) )
{5464D816-CF16-4784-B9F3-75C0DB52B499} = YMailShellExt Class ( HKLM = C:\Program Files\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.) )
{5CA3D70E-1895-11CF-8E15-001234567890} = DriveLetterAccess ( HKLM = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = VpshellEx Class ( HKLM = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation) )
>>>>> Context Menu Handlers / Column Handlers <<<<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\LDVPMenu]
@ = {BDA77241-42F6-11d0-85E2-00AA001FE28C} ( HKLM = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation) )
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Yahoo! Mail]
@ = {5464D816-CF16-4784-B9F3-75C0DB52B499} ( HKLM = C:\Program Files\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.) )
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\igfxcui]
@ = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} ( HKLM = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation) )
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu]
@ = {BDA77241-42F6-11d0-85E2-00AA001FE28C} ( HKLM = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation) )
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )
>>>>> User Agent Post Platform <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
>>>>> TCP/IP Configuration <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{385E8FA0-FCEC-4691-AEBA-E673DAC15502}] ( Intel(R) PRO/Wireless 2200BG Network Connection )
DefaultGateway =
DhcpDefaultGateway = 192.168.1.1;
DhcpIPAddress = 192.168.1.101
DhcpNameServer = 74.137.112.196 74.137.112.195
DhcpServer = 192.168.1.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer = 85.255.115.52,85.255.112.202
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7254E6F4-AF2E-4CB5-8351-8D50358BEBB1}] ( Broadcom 440x 10/100 Integrated Controller )
DefaultGateway =
DhcpIPAddress = 192.168.0.65
DhcpServer = 192.168.0.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer = 85.255.115.52,85.255.112.202
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA6B4021-4E25-4233-A5AF-A8F30ABE2D77}] ( 1394 Net Adapter )
DefaultGateway =
DhcpNameServer = 85.255.115.52,85.255.112.202
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer = 85.255.115.52,85.255.112.202
SubnetMask = 0.0.0.0;
>>>>> WinSock2 Parameters <<<<<
>>>>> Protocol Handlers <<<<<
>>>>> Protocol Filters <<<<<
>>>>> Downloaded Program Files <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE =
http://download.macromedia.com/pub/shoc ... wflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf
»»»»»»»»»»»»»»»»»»»» Files Created Within 60 Days »»»»»»»»»»»»»
C:\Documents and Settings\Wilhite\My Documents\PAIN002596328021320071IDC[1].pdf [Ver = | Size = 9462 bytes | Created Date = 3/1/2007 4:27:16 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk [Ver = | Size = 841 bytes | Created Date = 3/21/2007 2:01:33 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk [Ver = | Size = 1740 bytes | Created Date = 3/21/2007 1:52:09 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk [Ver = | Size = 1876 bytes | Created Date = 2/18/2007 12:00:34 PM | Attr = ]
C:\Documents and Settings\Wilhite\Desktop\abc.exe Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Created Date = 3/21/2007 5:05:59 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\abc.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\APA Basics.ppt [Ver = | Size = 242688 bytes | Created Date = 2/21/2007 8:58:49 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\APA Basics.ppt:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\GROUP PORTION.doc [Ver = | Size = 27136 bytes | Created Date = 3/19/2007 6:22:03 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\GROUP PORTION.doc:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\LimeWire 4.8.1.lnk [Ver = | Size = 1578 bytes | Created Date = 2/2/2007 9:58:15 PM | Attr = ]
C:\Documents and Settings\Wilhite\Desktop\Phase 3 Discussion Board.doc [Ver = | Size = 26624 bytes | Created Date = 3/19/2007 6:21:09 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Phase 3 Discussion Board.doc:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\Phase 3 Group Portion.doc [Ver = | Size = 964 bytes | Created Date = 3/20/2007 9:18:39 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Phase 3 Group Portion.doc:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\Sara Petersen.doc [Ver = | Size = 31744 bytes | Created Date = 3/19/2007 6:22:43 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Sara Petersen.doc:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\Spybot - Search & Destroy.lnk [Ver = | Size = 933 bytes | Created Date = 3/21/2007 1:19:03 PM | Attr = ]
C:\Documents and Settings\Wilhite\Desktop\Thumbs.db [Ver = | Size = 5120 bytes | Created Date = 3/15/2007 2:26:33 PM | Attr = HS]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Thumbs.db:encryptable (0 bytes)
C:\Documents and Settings\Wilhite\Desktop\winpfind.exe [Ver = | Size = 264211 bytes | Created Date = 3/21/2007 5:33:58 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\winpfind.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [Ver = | Size = 1757 bytes | Created Date = 3/21/2007 1:52:09 PM | Attr = ]
C:\WINDOWS\OpPrintServer.INI [Ver = | Size = 0 bytes | Created Date = 2/18/2007 12:01:20 PM | Attr = ]
C:\WINDOWS\vpc32.INI [Ver = | Size = 0 bytes | Created Date = 3/15/2007 3:04:52 PM | Attr = ]
C:\WINDOWS\System32\epoPGPsdk.dll PGP Corporation [Ver = 3.5.3 | Size = 1495552 bytes | Created Date = 3/15/2007 12:19:47 PM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.TMP [Ver = | Size = 1602 bytes | Created Date = 3/15/2007 12:54:35 PM | Attr = ]
C:\WINDOWS\System32\profile.dat [Ver = | Size = 40 bytes | Created Date = 3/15/2007 12:30:30 PM | Attr = ]
C:\WINDOWS\System32\S32EVNT1.DLL Symantec Corporation [Ver = 12.1.2.1 | Size = 48816 bytes | Created Date = 3/15/2007 12:28:21 PM | Attr = ]
C:\WINDOWS\System32\drivers\SYMEVENT.SYS Symantec Corporation [Ver = 12.1.2.1 | Size = 109744 bytes | Created Date = 3/15/2007 12:28:21 PM | Attr = ]
»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»
C:\hiberfil.sys [Ver = | Size = 796327936 bytes | Modified Date = 3/21/2007 2:41:48 PM | Attr = HS]
C:\Documents and Settings\Wilhite\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 83456 bytes | Modified Date = 3/16/2007 5:39:56 PM | Attr = ]
C:\Documents and Settings\Wilhite\Local Settings\Application Data\IconCache.db [Ver = | Size = 4287434 bytes | Modified Date = 3/1/2007 5:27:48 PM | Attr = H ]
C:\Documents and Settings\Wilhite\My Documents\BackCompat_01-2007.zip [Ver = | Size = 10993720 bytes | Modified Date = 3/17/2007 9:22:26 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\My Documents\BackCompat_01-2007.zip:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\My Documents\PAIN002596328021320071IDC[1].pdf [Ver = | Size = 9462 bytes | Modified Date = 3/1/2007 5:27:18 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk [Ver = | Size = 841 bytes | Modified Date = 3/21/2007 3:01:34 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk [Ver = | Size = 1740 bytes | Modified Date = 3/21/2007 2:52:10 PM | Attr = ]
C:\Documents and Settings\Wilhite\Desktop\abc.exe Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 3/21/2007 6:06:06 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\abc.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\APA Basics.ppt [Ver = | Size = 242688 bytes | Modified Date = 2/21/2007 9:58:52 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\APA Basics.ppt:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\GROUP PORTION.doc [Ver = | Size = 27136 bytes | Modified Date = 3/19/2007 7:22:08 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\GROUP PORTION.doc:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\Phase 3 Discussion Board.doc [Ver = | Size = 26624 bytes | Modified Date = 3/19/2007 7:21:14 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Phase 3 Discussion Board.doc:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\Phase 3 Group Portion.doc [Ver = | Size = 964 bytes | Modified Date = 3/20/2007 10:18:44 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Phase 3 Group Portion.doc:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\Sara Petersen.doc [Ver = | Size = 31744 bytes | Modified Date = 3/19/2007 7:22:48 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Sara Petersen.doc:Zone.Identifier (26 bytes)
C:\Documents and Settings\Wilhite\Desktop\Spybot - Search & Destroy.lnk [Ver = | Size = 933 bytes | Modified Date = 3/21/2007 2:19:04 PM | Attr = ]
C:\Documents and Settings\Wilhite\Desktop\Thumbs.db [Ver = | Size = 5120 bytes | Modified Date = 3/15/2007 3:26:34 PM | Attr = HS]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Thumbs.db:encryptable (0 bytes)
C:\Documents and Settings\Wilhite\Desktop\winpfind.exe [Ver = | Size = 264211 bytes | Modified Date = 3/21/2007 6:34:04 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\winpfind.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [Ver = | Size = 1757 bytes | Modified Date = 3/21/2007 2:52:10 PM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 3/21/2007 2:41:50 PM | Attr = S]
C:\WINDOWS\randseed.rnd [Ver = | Size = 512 bytes | Modified Date = 3/14/2007 5:55:10 PM | Attr = ]
C:\WINDOWS\vpc32.INI [Ver = | Size = 0 bytes | Modified Date = 3/15/2007 4:04:54 PM | Attr = ]
C:\WINDOWS\System32\fyxkaah.dll [Ver = | Size = 7168 bytes | Modified Date = 3/17/2007 12:59:56 PM | Attr = S]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 41584 bytes | Modified Date = 3/15/2007 1:54:36 PM | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 314390 bytes | Modified Date = 3/15/2007 1:54:36 PM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.TMP [Ver = | Size = 1602 bytes | Modified Date = 3/15/2007 1:54:36 PM | Attr = ]
C:\WINDOWS\System32\profile.dat [Ver = | Size = 40 bytes | Modified Date = 3/17/2007 12:59:24 PM | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 2206 bytes | Modified Date = 3/21/2007 2:42:26 PM | Attr = ]
»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
@Alternate Data Stream - C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F (126 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\My Documents\07 NCO Exchange Announcement.doc:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\My Documents\Accident Avoidance Training for June.xls:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\My Documents\BackCompat_01-2007.zip:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\My Documents\RememberitWell.pps:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\My Documents\STG15283:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\My Documents\Thumbs.db:encryptable (0 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\abc.exe:Zone.Identifier (26 bytes)
[UPX! , UPX0 , ]C:\Documents and Settings\Wilhite\Desktop\abc.exe (Soeperman Enterprises Ltd.)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\APA Basics.ppt:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Budget Planner Demo.xls:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\GROUP PORTION.doc:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Phase 3 Discussion Board.doc:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Phase 3 Group Portion.doc:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Sara Petersen.doc:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\Thumbs.db:encryptable (0 bytes)
@Alternate Data Stream - C:\Documents and Settings\Wilhite\Desktop\winpfind.exe:Zone.Identifier (26 bytes)
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[Thawte Consulting , USERTRUST , ]C:\WINDOWS\System32\epoPGPsdk.dll (PGP Corporation)
[UPX! , UPX0 , ]C:\WINDOWS\System32\fyxkaah.dll ()
[PEC2 , ]C:\WINDOWS\System32\KGyGaAvL.sys ()
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
< End of report >