Here is a new report: Log created by WinPatrol version 15.9.2008.5:15.9.2008.5
Scan saved at 2:23:40 PM, on 2/07/2009
Platform: Windows XP SP3 Home Edition Service Pack 3 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\Java\jre6\bin\jqs.exe
C:\PROGRAM FILES\McAfee\SITEADVISOR\McSACore.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRAM FILES\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRAM FILES\Java\jre6\bin\jusched.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\Office12\GROOVEMONITOR.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRAM FILES\THE WEATHER CHANNEL FW\Desktop\DESKTOPWEATHER.EXE
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\PROGRAM FILES\McAfee\MPF\MpfSrv.exe
C:\PROGRAM FILES\McAfee\MSK\msksrver.exe
C:\PROGRAM FILES\COMMON FILES\Nero\NERO BACKITUP 4\NBSERVICE.EXE
C:\PROGRAM FILES\Raxco\PERFECTDISK2008\PD91AGENT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\PROGRAM FILES\Lavasoft\Ad-Aware\AAWSERVICE.EXE
C:\PROGRAM FILES\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O1 - Hosts: 127.0.0.
O2 - BHO: - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} -
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O4 - HKLM\..\Run: [AlcxMonitor]ALCXMNTR.EXE
O4 - HKLM\..\Run: [mcagent_exe]C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI]C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [IgfxTray]C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Ad-Watch]C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GrooveMonitor]C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [HP Software Update]C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig]C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DW6]C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre6\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhomeO14 - IERESET.INF: SEARCH_PAGE_URL =
http://www.microsoft.com/isapi/redir.dl ... r=iesearchO14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://download.microsoft.com/download/ ... ontrol.cabO16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
http://www.creative.com/softwareupdate/ ... TSUEng.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3202982046O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (
http://fpdownload.macromedia.com/get/fl ... /ultrashim) -
http://fpdownload.macromedia.com/get/fl ... rashim.cabO16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cabO16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/softwareupdate/ ... /CTPID.cabO21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Java Quick Starter - - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent - McAfee, Inc. - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service - McAfee, Inc. - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16762
MSIE: Internet Explorer (7.00.6000.16762)
Firefox 3.0.6 installed in C:\Program Files\Mozilla Firefox.
5 IE Cookies in Folder: C:\Documents and Settings\TORRES FAMILY\Cookies\
0 Mozilla Cookies in Folder: C:\Documents and Settings\TORRES FAMILY\Application Data\Mozilla\FireFox\Profiles\0mgilpmc.default
WP00 - HKLM\CS1: BootExecute = PDBoot.exe
WP00 - HKLM\CCS: BootExecute = PDBoot.exe
WP00 - HKLM\CS3: BootExecute = PDBoot.exe
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\DOCUME~1\TORRES~2\LOCALS~1\Temp\~nsu.tmp\Au_.exe
WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\DOCUME~1\TORRES~2\LOCALS~1\Temp\~nsu.tmp\Au_.exe
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe
WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://
WP31 - Scheduled Tasks: [RegCure.job]C:\Program Files\RegCure\RegCure.exe 02/01/2009 3:06 AM
WP31 - Scheduled Tasks: [RegCure Program Check.job]C:\Program Files\RegCure\RegCure.exe 02/06/2009 5:00 PM
WP31 - Scheduled Tasks: [McQcTask.job]c:\Program Files\McAfee\MQC\QcConsol.exe Never
WP31 - Scheduled Tasks: [McDefragTask.job]c:\Program Files\McAfee\MQC\QcConsol.exe Never
WP31 - Scheduled Tasks: [Ad-Aware Update (Weekly).job]C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe 02/05/2009 2:35 AM
WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL 1.9.0009.0
WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\WINDOWS\system32\icardie.dll 7.00.6000.16762
WP16 - ActiveX: {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [DeviceEnum Class] C:\PROGRAM FILES\HP\Common\HPDEVICEDETECTION.DLL 4.0.12.0
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\system32\wuweb.dll 7.2.6001.788
WP16 - ActiveX: {6C269571-C6D7-4818-BCA4-32A035E8C884} [Creative Software AutoUpdate] C:\WINDOWS\Downloaded Program Files\CTSUEngn.ocx 1.51.1.0
WP16 - ActiveX: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [MUWebControl Class] C:\WINDOWS\system32\muweb.dll 7.2.6001.788
WP16 - ActiveX: {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [GMNRev Class] C:\PROGRAM FILES\HP\Common\HPGMNRev.dll 8.7.13.0
WP16 - ActiveX: {7584c670-2274-4efb-b00b-d6aaba6d3850} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16762
WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_11] C:\PROGRAM FILES\Java\jre6\bin\jp2iexp.dll
WP16 - ActiveX: {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} [Microsoft Terminal Services Client Control (redist)] C:\WINDOWS\system32\mstscax.dll 6.0.6001.18000
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx 10,0,12,36
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {F6ACF75C-C32C-447B-9BEF-46B766368D29} [Creative Software AutoUpdate Support Package] C:\WINDOWS\Downloaded Program Files\CTPID.ocx 1.0.0.0
WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {00024522-0000-0000-C000-000000000046} [RefEdit.Ctrl] C:\Program Files\Microsoft Office\Office12\REFEDIT.DLL 12.0.6211.1000
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 11.0.5721.5145
WP16 - ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} [Shockwave ActiveX Control] C:\WINDOWS\system32\Adobe\Director\SwDir.dll 11.0.3
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\PROGRAM FILES\MICROSOFT CAPICOM 2.1.0.2\Lib\X86\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.4110
WP16 - ActiveX: {550C8FFB-4DC0-4756-828C-862E6D0AE74F} [Chain Class] C:\PROGRAM FILES\MICROSOFT CAPICOM 2.1.0.2\Lib\X86\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {91D221C4-0CD4-461C-A728-01D509321556} [Store Class] C:\PROGRAM FILES\MICROSOFT CAPICOM 2.1.0.2\Lib\X86\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16762
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\system32\FM20.DLL 12.0.6211.1000
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 7.00.6000.16788
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx 10,0,12,36
WP16 - ActiveX: {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} [Certificate Class] C:\PROGRAM FILES\MICROSOFT CAPICOM 2.1.0.2\Lib\X86\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.5512
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\PROGRAM FILES\MICROSOFT CAPICOM 2.1.0.2\Lib\X86\capicom.dll 2, 1, 0, 2
WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\sqmdata00.sqm
WP32 - Hidden File: C:\sqmdata01.sqm
WP32 - Hidden File: C:\sqmdata02.sqm
WP32 - Hidden File: C:\sqmdata03.sqm
WP32 - Hidden File: C:\sqmnoopt00.sqm
WP32 - Hidden File: C:\sqmnoopt01.sqm
WP32 - Hidden File: C:\sqmnoopt02.sqm
WP32 - Hidden File: C:\sqmnoopt03.sqm
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\TORRES FAMILY\Local Settings\Temp\etilqs_vDqWBXSVh7JxLSo1oG7m
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [WinRAR archive]C:\Program Files\WinRAR\WinRAR.exe %1
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Office Word 97 - 2003 Document]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Outlook Express Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /f %1
WP33 - File Type .MP3: [MP3 Audio]C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe %1
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [RealMedia File]C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office Excel 97-2003 Worksheet]C:\Program Files\Microsoft Office\Office12\EXCEL.EXE /e
Memory currently in use: 62%
Physical Memory Free: 389,452 KB
Paging File Free: 1,846,240 KB
Virtual Memory Free: 2,059,764 KB
--