Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • This topic is locked This topic is locked
12 replies to this topic

#1 Commander Gman

Commander Gman

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 May 2007 - 04:52 AM

Im currently checking my task manager and as a regular routine,check for processes
(searching for more)

I found wscntfy.exe to be a threat
http://www.bleepingcomputer.com/startups/K...al90-13012.html

Logfile of HijackThis v1.99.1
Scan saved at 5:46:56 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\ADOBE\ADOBE VERSION CUE CS2\BIN\VERSIONCUECS2.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\DeskSlide\DeskSlide.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Zapu\Zapu\wincm.exe
C:\Program Files\Zapu\Zapu\wDivi.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Raymond\Desktop\VGR\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide
O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Also,Xp starts to act quite wierd
when i shutdown,specifically when the text shows "Windows is shutting down",it stops after several minutes nothing happens

pls help sooner

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 May 2007 - 05:04 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Commander Gman :thumbsup:

wscntfy.exe (Windows Security Center)

The wscntfy.exe process provides a system tray icon that gives you 'at a glance' status information with regard to your computer's updates, virus protection and firewall.
You should not terminate this process as it is part of the XP SP2 security enancements.
This is part of Microsoft Windows (XP SP2).

**************************

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\wscntfy.exe
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply please.

If Jotti's too busy,try here:
Go here:http://www.virustotal.com/en/virustotalf.html
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\wscntfy.exe
Then click on 'Send'.
Post the results into your next reply please.
Posted Image
Posted Image

#3 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 May 2007 - 05:13 AM

Found this also in my task manager;
http://www.bleepingcomputer.com/startups/s....exe-16903.html
there are several spoolsv.exe when i search the list but i think,this one could be the one
I suspect that this process may be the answer to why im getting all of that spam in my yahoo email...
the same spam has always been sent to me

Also found wincm.exe which could be a high level threat
so far 3 threats that i need to remove which may/might be the answer to why my Xp acts wierd read the pages for info

http://fileinfo.prevx.com/QQ986116667848-W.../WINCM.EXE.html
http://forums.spywareinfo.com/index.php?showtopic=73397

searching....
here is the list of the rest of the suspicious processes
winlogon.exe
csrss.exe
smss.exe
realsched.exe

the 1st process (on my first post)was terrifying
But i have not made any of those yet

pls help sooner

Edited by Commander Gman, 26 May 2007 - 05:36 AM.

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#4 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 May 2007 - 05:25 AM

Wow while i was at the site scrolling/browsing, i got this several times attempting to do malicious action
Good thing Trend Micro Detected im Feeling very unsafe....
http://www.trendmicro.com/vinfo/grayware/v...%5FHIDEWIN%2EAA
Gosh....things just pop in and download without any notice
then each time it tries going in and Trend Micro blocks it,My Pc slows down a bit

Jotti is busy,going to alternative

Edited by Commander Gman, 26 May 2007 - 05:26 AM.

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#5 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 May 2007 - 05:34 AM

What the?? thesame thing keeps on bugging me again
tracked me down from jotti to here?

So...Virus Total uses different Scanners to scan the file?
Great Technique!!! :thumbsup:

Here is the results

AhnLab-V32007.5.24.005.25.2007no virus foundAntiVir7.4.0.2705.25.2007no virus foundAuthentium4.93.805.23.2007no virus foundAvast4.7.997.005.25.2007no virus foundAVG7.5.0.46705.25.2007no virus foundBitDefender7.205.26.2007no virus foundCAT-QuickHeal9.0005.25.2007no virus foundClamAVdevel-2007041605.25.2007no virus foundDrWeb4.3305.26.2007no virus foundeSafe7.0.15.005.24.2007no virus foundeTrust-Vet30.7.366505.26.2007no virus foundEwido4.005.26.2007no virus foundFileAdvisor105.26.2007No threat detectedFortinet2.85.0.005.26.2007no virus foundF-Prot4.3.2.4805.25.2007no virus foundF-Secure6.70.13030.005.25.2007no virus foundIkarusT3.1.1.805.26.2007no virus foundKaspersky4.0.2.2405.26.2007no virus foundMcAfee503905.25.2007no virus foundMicrosoft1.250305.26.2007no virus foundNOD32v2229205.25.2007no virus foundNorman5.80.0205.25.2007no virus foundPanda9.0.0.405.25.2007no virus foundPrevx1V205.26.2007no virus foundSophos4.18.005.25.2007no virus foundSunbelt2.2.907.005.26.2007no virus foundSymantec1005.26.2007no virus foundTheHacker6.1.6.12305.25.2007no virus foundVBA323.12.005.26.2007no virus foundVirusBuster4.3.23:905.25.2007no virus foundWebwasher-Gateway6.0.105.26.2007no virus found

Aditional Information File size: 13824 bytesMD5: 49911dd39e023bb6c45e4e436cfbd297SHA1: ba51674e7049e2bace2e2753c2d61e95550fc7fcBit9 info: http://fileadvisor.bit9.com/services/extin...45e4e436cfbd297
No threat i assume but why is it so? False Positive in the Startup Forums?

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 May 2007 - 05:41 AM

winlogon.exe
csrss.exe
smss.exe
realsched.exe


winlogon.exe is a process belonging to the Windows login manager.
It handles the login and logout procedures on your system.
This program is important for the stable and secure running of your computer and should not be terminated.

csrss.exe is the main executable for the Microsoft Client/Server Runtime Server Subsystem.
This process manages most graphical commands in Windows.
This program is important for the stable and secure running of your computer and should not be terminated.

smss.exe is a process which is a part of the Microsoft Windows Operating System.
It is called the Session Manager Subsystem and is responsible for handling sessions on your system.
This program is important for the stable and secure running of your computer and should not be terminated.

realsched.exe is a program which schedules for manual update checks for Real Networks products.
This is a non-essential process.
Disabling or enabling this is down to user preference however disabling may prevent notification of updates.

*****************************

Download Winpfind V2.0.2 and extract the contents to your desktop:
http://download.bleepingcomputer.com/oldtimer/winpfind.exe
Open the WinPFind folder and double click on Winpfind.exe
Leave the configuation settings as they are and click on 'Run Scan'.
The scan will take some time to complete so please be patient.
Once complete close the program.
Open the WinPFind folder,then copy and paste the entire content of winpfind.txt into your next reply.

*NOTE*
It may take more than one reply to post the whole winpfind.txt.
Posted Image
Posted Image

#7 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 May 2007 - 06:05 AM

WinPFind logfile created on: 5/26/2007 6:56:44 PM
WinPFind by OldTimer - v2.0.3 Folder = C:\Documents and Settings\Raymond\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

1023.36 Mb Total Physical Memory | 437.05 Mb Available Physical Memory | 42.71% Memory free
2.03 Gb Paging File | 1.54 Gb Available in Paging File | 75.88% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.21 Gb Free Space | 56.93% Space Free
Drive D: | 74.52 Gb Total Space | 58.09 Gb Free Space | 77.95% Space Free
Drive E: | 691.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: DB583D5D455346A
Current User Name: Raymond
Logged in as Administrator.
Current Boot Mode: Normal

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\Raymond\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
C:\PROGRAM FILES\Adobe\ADOBE VERSION CUE CS2\bin\VERSIONCUECS2.EXE (Adobe Systems Incorporated)
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()
C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
C:\Program Files\DeskSlide\DeskSlide.exe (George Obada)
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe (Mozilla Corporation)
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe (Trend Micro Incorporated.)
C:\Program Files\Trend Micro\Internet Security 2006\PcCtlCom.exe (Trend Micro Incorporated.)
C:\Program Files\Trend Micro\Internet Security 2006\Tmntsrv.exe (Trend Micro Incorporated.)
C:\Program Files\Trend Micro\Internet Security 2006\TmPfw.exe (Trend Micro Inc.)
C:\Program Files\Trend Micro\Internet Security 2006\tmproxy.exe (Trend Micro Inc.)
C:\PROGRAM FILES\Yahoo!\MESSENGER\YAHOOMESSENGER.EXE (Yahoo! Inc.)
C:\Program Files\Zapu\Zapu\wDivi.exe (IPortent)
C:\Program Files\Zapu\Zapu\wincm.exe (IPortent)
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

(Adobe Version Cue CS2) Adobe Version Cue CS2 [Win32_Own | Auto | Running]
= C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(InCDsrv) InCD Helper [Win32_Own | Auto | Running]
= C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running]
= C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Running]
= C:\Program Files\Trend Micro\Internet Security 2006\PcCtlCom.exe (Trend Micro Incorporated.)

(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running]
= C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Running]
= C:\Program Files\Trend Micro\Internet Security 2006\Tmntsrv.exe (Trend Micro Incorporated.)

(TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Running]
= C:\Program Files\Trend Micro\Internet Security 2006\TmPfw.exe (Trend Micro Inc.)

(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running]
= C:\Program Files\Trend Micro\Internet Security 2006\tmproxy.exe (Trend Micro Inc.)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Acrobat Assistant 7.0 = C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Adobe Version Cue CS2 = C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
InCD = C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
ISUSPM Startup = C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
ISUSScheduler = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
NvCplDaemon = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
NvMediaCenter = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
nwiz = C:\WINDOWS\system32\nwiz.exe ()
pccguide.exe = C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe (Trend Micro Incorporated.)
RemoteControl = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DAEMON Tools = C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
DeskSlide = C:\Program Files\DeskSlide\DeskSlide.exe (George Obada)
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Raymond\Start Menu\Programs\Startup >
C:\Documents and Settings\Raymond\Start Menu\Programs\Startup\desktop.ini ()

C:\Documents and Settings\Raymond\Start Menu\Programs\Startup\Zapu Acceleration Engine.lnk
C:\Program Files\Zapu\Zapu\wincm.exe (IPortent)

C:\Documents and Settings\Raymond\Start Menu\Programs\Startup\Zapu.lnk
C:\Program Files\Zapu\Zapu\wDivi.exe (IPortent)

>>>>> MsConfig Disabled Items <<<<<

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = ( HKLM = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) )


>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
DllName = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 1/13/2006 9:55:32 AM)
127.0.0.1 localhost

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Local Page = %SystemRoot%\system32\blank.htm
Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.google.com.ph/firefox?client=fi...:en-US:official

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- AcroIEHlprObj Class ( HKLM = C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
- Yahoo! IE Services Button ( HKLM = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
- AcroIEToolbarHelper Class ( HKLM = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) )

>>>>> HKLM Internet Explorer Bars <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}]
- Adobe PDF ( HKLM = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) )

>>>>> HKLM Internet Explorer ToolBars <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF ( HKLM = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) )

>>>>> HKCU Internet Explorer ToolBars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF ( HKLM = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) )

>>>>> HKCU Internet Explorer CmdMapping <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} = 8192 - Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
{2670000A-7350-4f3c-8081-5663EE0C6C49} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} = 8194 - Yahoo! IE Services Button ( HKLM = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) )
{92780B25-18CC-41C8-B9BE-3C9C571A8263} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8196

>>>>> HKLM Internet Explorer Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - Java Plug-in 1.6.0_01 ( HKLM C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - Java Plug-in 1.6.0_01 ( HKCU C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}]
ButtonText = Send to OneNote
MenuText = S&end to OneNote
ClsidExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} - Send to OneNote from Internet Explorer button ( HKLM C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
ButtonText = Yahoo! Services
ClsidExtension = {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button ( HKLM C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}]
ButtonText = Research

>>>>> HKCU Internet Explorer Menu Extensions <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Yahoo! Search]
@ = C:\Program Files\Yahoo!\Common\YCSRCH.HTM ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF]
@ = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF]
@ = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to Adobe PDF]
@ = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to existing PDF]
@ = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to Adobe PDF]
@ = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to existing PDF]
@ = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF]
@ = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to existing PDF]
@ = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel]
@ = 000 (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Dictionary]
@ = C:\Program Files\Yahoo!\Common\YCDICT.HTM ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Maps]
@ = C:\Program Files\Yahoo!\Common\ycmap.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &SMS]
@ = C:\Program Files\Yahoo!\Common\YCsms.htm ()

>>>>> HKLM Internet Explorer Plugins Extensions <<<<<

>>>>> HKLM Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
= CorelDRAW Shell Extension Component ( CLSID not found! )
{48F45200-91E6-11CE-8A4F-0080C81A28D4} = TMD Shell Extension ( HKLM = C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll (Trend Micro Incorporated.) )
{5464D816-CF16-4784-B9F3-75C0DB52B499} = YMailShellExt Class ( HKLM = C:\Program Files\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.) )
{771A9DA0-731A-11CE-993C-00AA004ADB6C} = VBPropSheet ( HKLM = C:\Program Files\Trend Micro\Internet Security 2006\VBProp.dll (Trend Micro Incorporated.) )
{80933416-C33F-407E-BCC1-6246E3EE34DF} = ExtractNow ( HKLM = C:\Program Files\ExtractNow\extractmenu.dll (Nathan Moinvaziri) )
{8BE13461-936F-11D1-A87D-444553540000} = Eraser Shell Extension ( HKLM = C:\WINDOWS\system32\erasext.dll (-) )
{950FF917-7A57-46BC-8017-59D9BF474000} = Shell Extension for CDRW ( HKLM = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG) )
{9DED7A30-D572-4D21-8D82-6945EA697400} = Macromedia FlashPaper Context Menu ( CLSID not found! )
{9DED7A30-D572-4D21-8D82-6945EA697400} = FlashPaperContextHandler Class ( HKCU = C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll () )
{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} = XnViewShell Class ( HKLM = C:\Program Files\XnView\XnViewShellExt.dll () )
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = Acrobat Elements Context Menu ( HKLM = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.) )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}]
- TMD Shell Extension ( HKLM = C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll (Trend Micro Incorporated.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu]
@ = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} ( HKLM = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\CopyMoveTo]
@ = {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} ( HKLM = C:\WINDOWS\system32\CopyToSendTo.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Erasext]
@ = {8BE13461-936F-11D1-A87D-444553540000} ( HKLM = C:\WINDOWS\system32\erasext.dll (-) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ExtractNow]
@ = {80933416-C33F-407E-BCC1-6246E3EE34DF} ( HKLM = C:\Program Files\ExtractNow\extractmenu.dll (Nathan Moinvaziri) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\IXnView]
@ = {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} ( HKLM = C:\Program Files\XnView\XnViewShellExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\UnlockerShellExtension]
@ = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} ( HKLM = C:\Program Files\Unlocker\UnlockerCOM.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Yahoo! Mail]
@ = {5464D816-CF16-4784-B9F3-75C0DB52B499} ( HKLM = C:\Program Files\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\CopyMoveTo]
@ = {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} ( HKLM = C:\WINDOWS\system32\CopyToSendTo.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\UnlockerShellExtension]
@ = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} ( HKLM = C:\Program Files\Unlocker\UnlockerCOM.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\InCDMenu]
@ = {950FF917-7A57-46BC-8017-59D9BF474000} ( HKLM = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}]
- TMD Shell Extension ( HKLM = C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll (Trend Micro Incorporated.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\CopyMoveTo]
@ = {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} ( HKLM = C:\WINDOWS\system32\CopyToSendTo.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Erasext]
@ = {8BE13461-936F-11D1-A87D-444553540000} ( HKLM = C:\WINDOWS\system32\erasext.dll (-) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ExtractNow]
@ = {80933416-C33F-407E-BCC1-6246E3EE34DF} ( HKLM = C:\Program Files\ExtractNow\extractmenu.dll (Nathan Moinvaziri) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension]
@ = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} ( HKLM = C:\Program Files\Unlocker\UnlockerCOM.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoRemoteRecursiveEvents = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145
NoInternetIcon = 0
ClearRecentDocsOnExit = 1
NoLowDiskSpaceChecks = 1
NoSaveSettings = 0

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]*

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]
Windows Update Menu Text = Microsoft Update

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\Feature Control]
IMAGING_EMF_USE_RCLFRAMESIZE_KB905299 = 1

>>>>> Security Providers <<<<<

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
ComSpec = %SystemRoot%\system32\cmd.exe ( C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) )
TEMP = %SystemRoot%\TEMP
TMP = %SystemRoot%\TEMP
windir = %SystemRoot%

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path]
%SystemRoot%\system32
%SystemRoot%
%SystemRoot%\System32\Wbem
C:\Program Files\Common Files\Adobe\AGL
C:\Program Files\QuickTime\QTSystem\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT]
.COM
.EXE
.BAT
.CMD
.VBS
.VBE
.JS
.JSE
.WSF
.WSH

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> User Agent Post Platform <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> Reg Data - Key not found
htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)

https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> "regedit.exe" "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -> C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57D54136-26A0-497B-87AD-CAE3A3142AFB}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C452B322-DD12-4FD0-803F-19A7C88F461B}] ( VIA Rhine II Fast Ethernet Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.0.1;
DhcpIPAddress = 192.168.0.118
DhcpNameServer = 58.69.254.134 203.87.128.3
DhcpServer = 192.168.0.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Default Protocols [HKLM] <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@ivt - 1 = Local intranet
file - 3 = Internet
ftp - 3 = Internet
http - 3 = Internet
https - 3 = Internet
shell - 0 = My Computer

>>>>> Protocol Handlers <<<<<

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation]
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll
INF = C:\Program Files\Yahoo!\Common\yinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
INF =

»»»»»»»»»»»»»»»»»»»» Files / Folders Created Within 30 Days »»»»»»»»»»»»»

C:\Documents and Settings\All Users\Application Data\McAfee [Folder | Created Date = 5/8/2007 11:27:42 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\SiteAdvisor [Folder | Created Date = 5/8/2007 11:27:42 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [Folder | Created Date = 4/30/2007 8:51:39 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\Apple Computer [Folder | Created Date = 4/27/2007 6:03:17 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\DeskSlide [Folder | Created Date = 4/27/2007 7:05:16 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\gtopala [Folder | Created Date = 4/30/2007 9:47:57 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\Lavasoft [Folder | Created Date = 4/27/2007 6:11:17 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\SiteAdvisor [Folder | Created Date = 5/8/2007 11:27:42 AM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\SUPERAntiSpyware.com [Folder | Created Date = 4/30/2007 8:51:32 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\XnView [Folder | Created Date = 5/7/2007 8:44:49 AM | Attr = ]
C:\Documents and Settings\Raymond\Local Settings\Application Data\Macromedia [Folder | Created Date = 4/27/2007 9:27:34 AM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\AdobeStockPhotos [Folder | Created Date = 5/24/2007 2:05:29 PM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\Command and Conquer Generals Zero Hour Data [Folder | Created Date = 5/4/2007 9:23:51 AM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\Corel User Files [Folder | Created Date = 5/1/2007 10:30:30 PM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\Gman [Folder | Created Date = 4/30/2007 9:28:24 PM | Attr = R ]
C:\Documents and Settings\Raymond\My Documents\GTA San Andreas User Files [Folder | Created Date = 4/30/2007 10:12:42 PM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\My Music [Folder | Created Date = 4/30/2007 9:28:41 PM | Attr = R ]
C:\Documents and Settings\Raymond\My Documents\My Pictures [Folder | Created Date = 4/30/2007 10:18:57 PM | Attr = R ]
C:\Documents and Settings\Raymond\Desktop\Command & Conquer Tiberian Sun Add-ons [Folder | Created Date = 5/26/2007 5:22:44 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Exercise Files [Folder | Created Date = 4/27/2007 5:56:07 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Firefox Setup 2.0.0.3.exe Mozilla [Ver = 4.42 | Size = 6006832 bytes | Created Date = 5/25/2007 8:36:04 AM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\FreeLancer Saved Games [Folder | Created Date = 5/25/2007 8:57:50 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\My Documents [Folder | Created Date = 4/30/2007 9:29:11 PM | Attr = R ]
C:\Documents and Settings\Raymond\Desktop\Red Alert 2 Saved Games [Folder | Created Date = 5/26/2007 5:31:12 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Red Alert Saved Games [Folder | Created Date = 5/26/2007 5:30:38 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Sims Soundtrack, the - Build 2.mp3 [Ver = | Size = 4926397 bytes | Created Date = 5/24/2007 9:28:20 AM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Sims Soundtrack, the - Build 5.mp3 [Ver = | Size = 6370446 bytes | Created Date = 5/24/2007 9:28:20 AM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Tiberian Dawn Save Games [Folder | Created Date = 5/26/2007 5:29:38 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\VGR [Folder | Created Date = 4/30/2007 10:02:17 PM | Attr = R ]
C:\Documents and Settings\Raymond\Desktop\WinPFind [Folder | Created Date = 5/26/2007 6:56:14 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Created Date = 5/26/2007 6:54:14 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\XnView-win-full.exe Gougelet Pierre-e [Ver = 1.90.3 | Size = 8727909 bytes | Created Date = 5/7/2007 1:03:36 PM | Attr = ]
C:\Documents and Settings\Raymond\Start Menu\Programs\Startup\Zapu Acceleration Engine.lnk [Ver = | Size = 1562 bytes | Created Date = 4/27/2007 6:08:53 PM | Attr = ]
C:\Documents and Settings\Raymond\Start Menu\Programs\Startup\Zapu.lnk [Ver = | Size = 1562 bytes | Created Date = 4/27/2007 6:08:53 PM | Attr = ]
C:\Program Files\Common Files\Ahead [Folder | Created Date = 5/25/2007 9:17:36 AM | Attr = ]
C:\Program Files\Common Files\LightScribe [Folder | Created Date = 5/25/2007 9:22:24 AM | Attr = ]
C:\Program Files\Common Files\Macromedia Shared [Folder | Created Date = 4/27/2007 9:27:36 AM | Attr = ]
C:\Program Files\Common Files\Wise Installation Wizard [Folder | Created Date = 4/27/2007 6:10:38 PM | Attr = ]
C:\Program Files\Common Files\xing shared [Folder | Created Date = 5/25/2007 9:40:44 AM | Attr = ]
C:\WINDOWS\FontData.fdb [Ver = | Size = 39240 bytes | Created Date = 4/29/2007 6:28:54 PM | Attr = ]
C:\WINDOWS\InCD [Folder | Created Date = 5/25/2007 9:36:01 AM | Attr = ]
C:\WINDOWS\IsUninst.exe InstallShield Software Corporation [Ver = 5.00.149.0 | Size = 312320 bytes | Created Date = 4/27/2007 11:57:09 AM | Attr = ]
C:\WINDOWS\NuNinst.cfg [Ver = | Size = 59275 bytes | Created Date = 5/25/2007 9:36:08 AM | Attr = ]
C:\WINDOWS\NuNinst.exe Nero AG [Ver = 1, 2, 3, 129 | Size = 3051520 bytes | Created Date = 5/25/2007 9:36:07 AM | Attr = ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 5/26/2007 5:23:55 PM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 5/26/2007 5:23:55 PM | Attr = H ]
C:\WINDOWS\UNNeroVision.cfg [Ver = | Size = 154582 bytes | Created Date = 5/25/2007 9:18:28 AM | Attr = ]
C:\WINDOWS\UNNeroVision.exe Nero AG [Ver = 1, 2, 3, 96 | Size = 2977792 bytes | Created Date = 5/25/2007 9:18:27 AM | Attr = ]
C:\WINDOWS\UNNMP.cfg [Ver = | Size = 49871 bytes | Created Date = 5/25/2007 9:22:59 AM | Attr = ]
C:\WINDOWS\UNNMP.exe Nero AG [Ver = 1, 2, 3, 96 | Size = 2977792 bytes | Created Date = 5/25/2007 9:22:57 AM | Attr = ]
C:\WINDOWS\System32\Eraser.dll - [Ver = 5.82 | Size = 618496 bytes | Created Date = 4/27/2007 6:07:52 PM | Attr = ]
C:\WINDOWS\System32\eraserl.exe - [Ver = 5.82 | Size = 241664 bytes | Created Date = 4/27/2007 6:07:52 PM | Attr = ]
C:\WINDOWS\System32\erasext.dll - [Ver = 5.82 | Size = 286720 bytes | Created Date = 4/27/2007 6:07:52 PM | Attr = ]
C:\WINDOWS\System32\ImagX7.dll Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 1568768 bytes | Created Date = 5/25/2007 9:17:42 AM | Attr = ]
C:\WINDOWS\System32\ImagXpr7.dll Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 476320 bytes | Created Date = 5/25/2007 9:17:42 AM | Attr = ]
C:\WINDOWS\System32\ImagXR7.dll Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 262144 bytes | Created Date = 5/25/2007 9:17:42 AM | Attr = ]
C:\WINDOWS\System32\ImagXRA7.dll Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 471040 bytes | Created Date = 5/25/2007 9:17:42 AM | Attr = ]
C:\WINDOWS\System32\NeroCheck.exe Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 5/25/2007 9:20:51 AM | Attr = ]
C:\WINDOWS\System32\picn20.dll Pegasus Imaging Corp. [Ver = 1.0.0.54 | Size = 38912 bytes | Created Date = 5/25/2007 9:17:42 AM | Attr = ]
C:\WINDOWS\System32\pncrt.dll Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 5/25/2007 9:40:29 AM | Attr = ]
C:\WINDOWS\System32\pndx5016.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 5/25/2007 9:40:30 AM | Attr = ]
C:\WINDOWS\System32\pndx5032.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 5/25/2007 9:40:30 AM | Attr = ]
C:\WINDOWS\System32\rewire.dll Propellerhead Software AB [Ver = 1, 5, 2, 89 | Size = 225280 bytes | Created Date = 4/27/2007 11:50:54 AM | Attr = ]
C:\WINDOWS\System32\rmoc3260.dll RealNetworks, Inc. [Ver = 6.0.9.2764 | Size = 185952 bytes | Created Date = 5/25/2007 9:40:38 AM | Attr = ]
C:\WINDOWS\System32\TwnLib20.dll Pegasus Software [Ver = 2.02.010 | Size = 106496 bytes | Created Date = 5/25/2007 9:17:42 AM | Attr = ]
C:\WINDOWS\System32\TwnLib4.dll Pegasus Imaging Corp. [Ver = 4.0.14.0 | Size = 364544 bytes | Created Date = 5/25/2007 9:17:42 AM | Attr = ]
C:\WINDOWS\System32\vorbis.acm HMS http://hp.vector.co.jp/authors/VA012897/ [Ver = 0, 0, 3, 6 | Size = 1294336 bytes | Created Date = 4/27/2007 11:50:44 AM | Attr = ]
C:\WINDOWS\System32\drivers\InCDfs.sys Nero AG [Ver = 4, 3, 23, 0 | Size = 102016 bytes | Created Date = 5/25/2007 9:36:02 AM | Attr = ]
C:\WINDOWS\System32\drivers\InCDpass.sys Nero AG [Ver = 4, 3, 23, 0 | Size = 29440 bytes | Created Date = 5/25/2007 9:36:02 AM | Attr = ]
C:\WINDOWS\System32\drivers\InCDrec.sys Nero AG [Ver = 4, 3, 23, 0 | Size = 8704 bytes | Created Date = 5/25/2007 9:36:03 AM | Attr = ]
C:\WINDOWS\System32\drivers\InCDrm.sys Nero AG [Ver = 4, 3, 23, 0 | Size = 32640 bytes | Created Date = 5/25/2007 9:36:02 AM | Attr = ]
C:\WINDOWS\System32\drivers\ndisrd.sys NT Kernel Resources [Ver = 2, 4, 1, 1 | Size = 15340 bytes | Created Date = 4/27/2007 6:08:52 PM | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files / Folders Modified Within 30 Days »»»»»»»»»»»»»

C:\Config.Msi [Folder | Modified Date = 5/25/2007 9:22:30 AM | Attr = ]
C:\hiberfil.sys [Ver = | Size = 1073139712 bytes | Modified Date = 5/26/2007 5:39:08 PM | Attr = HS]
C:\Program Files [Folder | Modified Date = 5/25/2007 8:58:12 PM | Attr = R ]
C:\WINDOWS [Folder | Modified Date = 5/26/2007 5:23:56 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Macromedia [Folder | Modified Date = 4/27/2007 9:24:48 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\McAfee [Folder | Modified Date = 5/8/2007 11:27:44 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\SiteAdvisor [Folder | Modified Date = 5/8/2007 11:27:44 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [Folder | Modified Date = 4/30/2007 8:51:40 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\Adobe [Folder | Modified Date = 5/24/2007 2:05:36 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\Apple Computer [Folder | Modified Date = 4/27/2007 6:03:18 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\DeskSlide [Folder | Modified Date = 4/30/2007 10:22:48 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\gtopala [Folder | Modified Date = 4/30/2007 9:47:58 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\Lavasoft [Folder | Modified Date = 4/27/2007 6:11:18 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\Macromedia [Folder | Modified Date = 4/27/2007 9:31:40 AM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\SiteAdvisor [Folder | Modified Date = 5/8/2007 11:27:44 AM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\SUPERAntiSpyware.com [Folder | Modified Date = 4/30/2007 8:51:34 PM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\U3 [Folder | Modified Date = 5/25/2007 8:53:32 AM | Attr = ]
C:\Documents and Settings\Raymond\Application Data\XnView [Folder | Modified Date = 5/24/2007 7:03:02 AM | Attr = ]
C:\Documents and Settings\Raymond\Local Settings\Application Data\Adobe [Folder | Modified Date = 5/6/2007 7:27:28 PM | Attr = ]
C:\Documents and Settings\Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 10240 bytes | Modified Date = 5/11/2007 2:52:56 PM | Attr = ]
C:\Documents and Settings\Raymond\Local Settings\Application Data\Macromedia [Folder | Modified Date = 4/27/2007 9:28:50 AM | Attr = ]
C:\Documents and Settings\Raymond\Local Settings\Application Data\Microsoft [Folder | Modified Date = 4/30/2007 9:27:46 PM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\AdobeStockPhotos [Folder | Modified Date = 5/24/2007 2:05:30 PM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\Command and Conquer Generals Zero Hour Data [Folder | Modified Date = 5/4/2007 9:24:04 AM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\Corel User Files [Folder | Modified Date = 5/1/2007 10:30:32 PM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\Gman [Folder | Modified Date = 5/1/2007 8:14:34 PM | Attr = R ]
C:\Documents and Settings\Raymond\My Documents\GTA San Andreas User Files [Folder | Modified Date = 5/23/2007 6:38:44 AM | Attr = ]
C:\Documents and Settings\Raymond\My Documents\My Music [Folder | Modified Date = 4/30/2007 9:42:28 PM | Attr = R ]
C:\Documents and Settings\Raymond\My Documents\My Pictures [Folder | Modified Date = 4/30/2007 10:19:18 PM | Attr = R ]
C:\Documents and Settings\Raymond\My Documents\Stronghold 2 [Folder | Modified Date = 4/29/2007 9:41:04 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [Ver = | Size = 1602 bytes | Modified Date = 5/25/2007 8:50:32 AM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Apps [Folder | Modified Date = 5/25/2007 9:43:22 AM | Attr = R ]
C:\Documents and Settings\Raymond\Desktop\Command & Conquer Tiberian Sun Add-ons [Folder | Modified Date = 5/26/2007 5:22:46 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Firefox Setup 2.0.0.3.exe Mozilla [Ver = 4.42 | Size = 6006832 bytes | Modified Date = 5/25/2007 8:48:26 AM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\FreeLancer Saved Games [Folder | Modified Date = 5/25/2007 9:01:28 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\My Documents [Folder | Modified Date = 4/30/2007 10:23:16 PM | Attr = R ]
C:\Documents and Settings\Raymond\Desktop\Red Alert 2 Saved Games [Folder | Modified Date = 5/26/2007 5:34:58 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Red Alert Saved Games [Folder | Modified Date = 5/26/2007 5:31:36 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\Security [Folder | Modified Date = 5/10/2007 9:05:24 AM | Attr = R ]
C:\Documents and Settings\Raymond\Desktop\Tiberian Dawn Save Games [Folder | Modified Date = 5/26/2007 5:30:06 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\VGR [Folder | Modified Date = 5/26/2007 5:46:58 PM | Attr = R ]
C:\Documents and Settings\Raymond\Desktop\WinPFind [Folder | Modified Date = 5/26/2007 6:56:16 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Modified Date = 5/26/2007 6:54:20 PM | Attr = ]
C:\Documents and Settings\Raymond\Desktop\XnView-win-full.exe Gougelet Pierre-e [Ver = 1.90.3 | Size = 8727909 bytes | Modified Date = 5/7/2007 1:08:22 PM | Attr = ]
C:\Program Files\Common Files\Ahead [Folder | Modified Date = 5/25/2007 9:17:38 AM | Attr = ]
C:\Program Files\Common Files\LightScribe [Folder | Modified Date = 5/25/2007 9:22:28 AM | Attr = ]
C:\Program Files\Common Files\Macromedia [Folder | Modified Date = 4/27/2007 9:27:38 AM | Attr = ]
C:\Program Files\Common Files\Macromedia Shared [Folder | Modified Date = 4/27/2007 9:27:38 AM | Attr = ]
C:\Program Files\Common Files\Real [Folder | Modified Date = 5/25/2007 9:40:44 AM | Attr = ]
C:\Program Files\Common Files\Wise Installation Wizard [Folder | Modified Date = 4/30/2007 8:51:04 PM | Attr = ]
C:\Program Files\Common Files\xing shared [Folder | Modified Date = 5/25/2007 9:40:46 AM | Attr = ]
C:\Documents and Settings\Raymond\Start Menu\Programs\Startup\Zapu Acceleration Engine.lnk [Ver = | Size = 1562 bytes | Modified Date = 4/27/2007 6:08:54 PM | Attr = ]
C:\Documents and Settings\Raymond\Start Menu\Programs\Startup\Zapu.lnk [Ver = | Size = 1562 bytes | Modified Date = 4/27/2007 6:08:54 PM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 5/26/2007 5:39:10 PM | Attr = S]
C:\WINDOWS\FontData.fdb [Ver = | Size = 39240 bytes | Modified Date = 4/29/2007 6:28:58 PM | Attr = ]
C:\WINDOWS\InCD [Folder | Modified Date = 5/25/2007 9:36:02 AM | Attr = ]
C:\WINDOWS\inf [Folder | Modified Date = 5/11/2007 2:50:10 PM | Attr = H ]
C:\WINDOWS\Installer [Folder | Modified Date = 5/25/2007 9:22:30 AM | Attr = HS]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 5/26/2007 5:23:56 PM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 5/26/2007 5:23:56 PM | Attr = H ]
C:\WINDOWS\system [Folder | Modified Date = 5/9/2007 3:04:28 PM | Attr = ]
C:\WINDOWS\system32 [Folder | Modified Date = 5/25/2007 9:40:40 AM | Attr = ]
C:\WINDOWS\Temp [Folder | Modified Date = 5/25/2007 9:33:46 PM | Attr = ]
C:\WINDOWS\System32\CatRoot2 [Folder | Modified Date = 5/26/2007 5:24:16 PM | Attr = ]
C:\WINDOWS\System32\drivers [Folder | Modified Date = 5/25/2007 9:36:04 AM | Attr = ]
C:\WINDOWS\System32\KGyGaAvL.sys [Ver = | Size = 2828 bytes | Modified Date = 5/24/2007 5:01:38 PM | Attr = HS]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 41237 bytes | Modified Date = 5/26/2007 5:39:20 PM | Attr = ]
C:\WINDOWS\System32\pncrt.dll Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 5/25/2007 9:40:30 AM | Attr = ]
C:\WINDOWS\System32\pndx5016.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 5/25/2007 9:40:32 AM | Attr = ]
C:\WINDOWS\System32\pndx5032.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 5/25/2007 9:40:32 AM | Attr = ]
C:\WINDOWS\System32\rmoc3260.dll RealNetworks, Inc. [Ver = 6.0.9.2764 | Size = 185952 bytes | Modified Date = 5/25/2007 9:40:40 AM | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 2228 bytes | Modified Date = 5/25/2007 7:54:50 AM | Attr = ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
[Thawte Consulting , ]C:\Documents and Settings\Raymond\Desktop\Firefox Setup 2.0.0.3.exe (Mozilla)
[UPX! , UPX0 , ]C:\WINDOWS\RootkitRevealer.exe (Sysinternals - www.sysinternals.com)
[UPX! , UPX0 , ]C:\WINDOWS\upx.exe (The UPX Team http://upx.sf.net)
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[PTech , ]C:\WINDOWS\System32\LegitCheckControl.dll (Microsoft® Corporation)
[UPX! , UPX0 , ]C:\WINDOWS\System32\msnsc.exe (dgelwin )
[UPX! , UPX0 , ]C:\WINDOWS\System32\MSVirtualCD.cpl ( )
[Thawte Consulting , ]C:\WINDOWS\System32\rmoc3260.dll (RealNetworks, Inc.)
[UPX! , UPX0 , ]C:\WINDOWS\System32\TweakUI.cpl ( )
[UPX! , UPX0 , ]C:\WINDOWS\System32\VCdControlTool.exe ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\VSFilter.dll (Gabest)
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[aspack , UPX! , ]C:\WINDOWS\System32\drivers\VsapiNT.sys (Trend Micro Inc.)

< End of report >

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 May 2007 - 06:32 AM

C:\Program Files\Zapu\Zapu\wincm.exe (IPortent)
wincm.exe is legit,it belongs to Zapu and is nothing to be concerned about.

Zapu - The Internet Speed Accelerator:
http://www.zapu.com/default.asp

There's nothing malicious in the WinPFind log and your Hijackthis log is clean.
:thumbsup:
Posted Image
Posted Image

#9 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 May 2007 - 06:36 AM

If that is then..

Also,Xp starts to act quite wierd
when i shutdown,specifically when the text shows "Windows is shutting down",it stops after several minutes nothing happens

:flowers:

Also gonna do several scans
I'll let you know if something comes up :thumbsup:
Thanks again :huh:
-CG

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#10 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 May 2007 - 07:54 AM

Ok as so far..up to date,nothing shows up in my scanners
So its up to me to solve the last part of my problem
You may now close this topic
thanks again
-CG :thumbsup:

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#11 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 May 2007 - 09:10 AM

what the???
wait before you close the topic

I discovered something wierd...
In C:/Windows
there is an .exe program named "Rootkit Revealer"
From sysinternal.com
Is it adware/spyware?
I think i activated it then my pc hanged so i restarted it

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#12 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 May 2007 - 09:13 AM

Oh sorry,checked the info
http://www.microsoft.com/technet/sysintern...itRevealer.mspx
Almost thought of it as malware because of the hanging part

Edited by Commander Gman, 26 May 2007 - 09:22 AM.

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 May 2007 - 09:49 AM

Since your problem appears to be resolved,this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users