WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 4/30/2005 6:44:02 PM 65536 C:\WINDOWS\IFinst27.exe UPX! 5/13/2003 5:38:48 PM 429032 C:\WINDOWS\mgs_snakeeater.jpg Checking %System% folder... UPX! 9/17/2001 1:20:02 PM 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll PEC2 9/3/2002 9:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc UPX! 11/24/2001 7:31:48 PM 65536 C:\WINDOWS\SYSTEM32\DVDAudio.ax UPX! 11/24/2001 7:28:14 PM 86528 C:\WINDOWS\SYSTEM32\DVDVideo.ax UPX! 5/14/2001 1:11:52 PM 536064 C:\WINDOWS\SYSTEM32\ivivideo.ax UPX! 11/8/2003 12:34:00 PM 36864 C:\WINDOWS\SYSTEM32\MPCDec.ax UPX! 10/31/2001 11:14:40 AM 30720 C:\WINDOWS\SYSTEM32\mplaa6.dll UPX! 10/31/2001 11:14:40 AM 30208 C:\WINDOWS\SYSTEM32\mplam6.dll UPX! 10/31/2001 11:14:40 AM 29184 C:\WINDOWS\SYSTEM32\mplapx.dll UPX! 10/31/2001 11:14:40 AM 30720 C:\WINDOWS\SYSTEM32\mplaw7.dll UPX! 10/31/2001 11:14:40 AM 215040 C:\WINDOWS\SYSTEM32\mplva6.dll UPX! 10/31/2001 11:14:40 AM 203264 C:\WINDOWS\SYSTEM32\mplvm6.dll UPX! 10/31/2001 11:14:40 AM 245760 C:\WINDOWS\SYSTEM32\mplvpx.dll UPX! 10/31/2001 11:14:40 AM 211456 C:\WINDOWS\SYSTEM32\mplvw7.dll PEC2 2/11/2004 9:38:40 PM 283648 C:\WINDOWS\SYSTEM32\NPSCAN.DLL PEC2 1/28/2004 8:28:14 PM 46080 C:\WINDOWS\SYSTEM32\npunzip.dll PEC2 7/11/1997 1:00:00 AM 163384 C:\WINDOWS\SYSTEM32\ODBCJET.HLP Umonitor 9/3/2002 9:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 9/3/2002 9:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... qoologic 7/25/2005 6:25:14 PM 3116 C:\WINDOWS\SYSTEM32\drivers\etc\hosts urllogic 7/25/2005 6:25:14 PM 3116 C:\WINDOWS\SYSTEM32\drivers\etc\hosts urllogic 7/25/2005 6:25:14 PM 3116 C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder for system and hidden files within the last 60 days... 7/13/2005 10:56:12 PM 0 C:\WINDOWS\LastGood\INF\codecs10.inf 7/13/2005 10:56:12 PM 0 C:\WINDOWS\LastGood\INF\codecs10.PNF 7/13/2005 10:56:06 PM 0 C:\WINDOWS\LastGood\INF\DRM10.inf 7/13/2005 10:56:06 PM 0 C:\WINDOWS\LastGood\INF\DRM10.PNF 7/26/2005 12:17:36 PM 0 C:\WINDOWS\LastGood\INF\Iesetup.inf 7/26/2005 12:17:36 PM 0 C:\WINDOWS\LastGood\INF\Iesetup.PNF 7/13/2005 10:56:58 PM 0 C:\WINDOWS\LastGood\INF\MPCD10.inf 7/13/2005 10:56:58 PM 0 C:\WINDOWS\LastGood\INF\MPCD10.PNF 7/13/2005 10:55:54 PM 0 C:\WINDOWS\LastGood\INF\MPPRE10.inf 7/13/2005 10:55:54 PM 0 C:\WINDOWS\LastGood\INF\MPPRE10.PNF 7/13/2005 10:57:06 PM 0 C:\WINDOWS\LastGood\INF\MPSTUB10.inf 7/13/2005 10:57:06 PM 0 C:\WINDOWS\LastGood\INF\MPSTUB10.PNF 7/13/2005 10:56:28 PM 0 C:\WINDOWS\LastGood\INF\WMDM10.inf 7/13/2005 10:56:28 PM 0 C:\WINDOWS\LastGood\INF\WMDM10.PNF 7/13/2005 10:56:22 PM 0 C:\WINDOWS\LastGood\INF\WMFSDK10.inf 7/13/2005 10:56:22 PM 0 C:\WINDOWS\LastGood\INF\WMFSDK10.PNF 7/13/2005 10:56:50 PM 0 C:\WINDOWS\LastGood\INF\WMP10.inf 7/13/2005 10:56:50 PM 0 C:\WINDOWS\LastGood\INF\WMP10.PNF 7/13/2005 10:57:12 PM 0 C:\WINDOWS\LastGood\INF\WMSET10.inf 7/13/2005 10:57:12 PM 0 C:\WINDOWS\LastGood\INF\WMSET10.PNF 7/13/2005 10:56:34 PM 0 C:\WINDOWS\LastGood\INF\WPD10.inf 7/13/2005 10:56:34 PM 0 C:\WINDOWS\LastGood\INF\WPD10.PNF 7/26/2005 3:33:06 PM 8192 C:\WINDOWS\system32\config\default.LOG 7/26/2005 3:10:38 PM 1024 C:\WINDOWS\system32\config\SAM.LOG 7/26/2005 3:13:50 PM 1024 C:\WINDOWS\system32\config\SECURITY.LOG 7/26/2005 3:28:44 PM 1024 C:\WINDOWS\system32\config\software.LOG 7/26/2005 3:23:44 PM 1024 C:\WINDOWS\system32\config\system.LOG 7/25/2005 4:29:16 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1ELVE4BC\desktop.ini 7/25/2005 4:29:16 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1U7G9QF\desktop.ini 7/25/2005 4:29:16 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q35E7IBZ\desktop.ini 7/25/2005 4:29:16 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WVSJ2JIZ\desktop.ini 7/7/2005 2:32:16 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\045c6f61-701a-4bfa-8a05-e8050105a2a8 6/2/2005 12:20:54 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1974a97c-5fad-487f-98fa-c1f9f1485bd5 5/29/2005 2:14:24 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1a36f8ff-93e2-48d5-b0bc-2bfcaecaffaa 7/25/2005 5:29:40 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1bcbf949-0f30-491c-ab73-3acc892d082d 7/25/2005 7:03:48 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1e042648-c918-4b97-bfcb-028aba224d53 7/26/2005 11:49:32 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\22a7641f-d389-48dd-8908-d68852162539 7/11/2005 11:44:58 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\27eabdff-c62c-43ef-9b0f-ada4e95db6d7 7/1/2005 3:04:38 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\27f3577a-f79e-444f-bd93-bc1e4f4372b0 7/24/2005 11:29:32 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2ed4891d-5081-427c-8745-e607832ea1fd 7/18/2005 9:28:28 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3194f6cf-c280-4ac7-a80a-159b28e6fb9c 5/31/2005 12:03:30 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\326f056d-7d4f-43ad-8f53-5f9a523b3483 7/19/2005 4:19:18 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\35443cb4-59b0-4677-b63e-c323e5f02c18 6/20/2005 9:15:16 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3932dfef-729d-456d-a441-147f7b2dc668 6/29/2005 10:43:28 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3a1af973-6d72-4f40-8b43-de63f13740fb 6/9/2005 3:21:46 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\41d8432b-04e9-4016-9985-e5ef2e63fd2f 6/7/2005 6:54:32 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\43b0e12f-ac28-42eb-84ba-7e87d5d16a93 6/18/2005 7:30:08 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\45711cef-e90b-40b6-9cc0-aad54121b724 6/4/2005 12:08:50 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\45d3d8eb-cebd-433f-ad76-7259e084d9e6 6/21/2005 3:33:32 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\49a66804-244b-40e4-a43e-08a2912ab9b2 6/25/2005 12:18:44 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4d32e643-dd2e-4710-b300-0eb6af2fc0ff 7/25/2005 2:48:12 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4e7d18e2-99db-4d54-af90-fd2fca7a58af 7/2/2005 2:44:46 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\551ea6e3-0958-4a2f-8c69-5c556a106523 6/8/2005 3:22:22 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\571b54e9-1e18-4eda-84a2-aa8b0daf1b8b 6/11/2005 12:17:40 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\5c7477f9-1813-4dd0-8bbb-a72c699ce56f 6/12/2005 1:15:46 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\5d899909-ec2b-4c4e-b112-a80d2d2f0435 5/28/2005 12:37:30 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\603ce9ad-f9b9-4165-bbab-ec0dfb106e0e 6/16/2005 3:34:22 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\64193344-44f6-4981-b4a4-aed6880863f9 7/5/2005 11:30:14 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\686c852f-5636-4c39-96c9-b638f8885340 7/8/2005 8:59:42 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7be97d0d-a9b2-4dfb-879b-66fbe729b7d3 7/8/2005 8:54:24 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\878a6f71-71c3-4c8e-95fc-d1d24fd77661 6/5/2005 1:33:48 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\87d7669c-4670-4a29-b5b5-d43467fcbfa8 7/26/2005 10:02:50 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\9193061b-57ee-461d-99e7-bdbb98f2f8e5 6/3/2005 8:10:40 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\938a55c7-03d8-49ee-99f0-dda7ee5f0198 6/14/2005 11:05:48 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\9f2c71aa-2e3d-4f78-8db9-18b8e631639c 7/23/2005 12:30:10 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a28ffbf3-3577-4caa-ba21-4f20f5eccb1e 7/26/2005 3:09:02 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a41c722e-932a-43b1-9340-924c7971e275 7/26/2005 12:18:30 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\acf1c533-4d9b-41e3-a04c-1b86d1d4fb02 6/13/2005 4:06:36 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b09228b7-0dc4-47fa-9066-6a9fc6f5579a 6/12/2005 11:19:02 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b14eab4c-eb53-4062-913b-d7b8f7124382 7/25/2005 5:15:18 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b3cc3f06-e16b-4ee8-84c3-661006f4920d 7/26/2005 10:33:52 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b8e01ec3-306a-4160-b027-04df9f48f62f 5/29/2005 9:51:02 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\baa2efa7-4250-4e56-ad01-48b5ff70f73a 6/8/2005 3:35:06 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\bcf5e055-0d88-463a-931f-74db39677beb 6/21/2005 4:18:40 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c1069417-093e-4d28-befb-103843803d95 6/19/2005 4:01:28 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c3fb7b5e-fb2c-4460-b194-8f1bea46d324 6/10/2005 11:18:40 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c75fe916-f2b7-4cef-81bd-a99dfb8ea8d4 6/3/2005 1:49:20 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\d8ec0dfd-ed7e-46ed-adfd-33a2f2f9b6db 7/12/2005 3:14:50 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e1f83d26-7a94-4d03-b82e-e67ff995f2bb 7/5/2005 7:12:16 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ec86a5fd-d755-4c57-8882-4224ad9ebf37 6/5/2005 9:57:22 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ee84d055-f454-4de6-90a3-23beeb7f9dbf 7/25/2005 10:40:02 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f2e0f95f-5702-46d6-ac5c-f2daf50b05c8 7/5/2005 2:22:18 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f361d987-ac75-45cc-94e2-0390056ece0c 6/5/2005 2:44:08 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f5475783-6e95-4c3d-9f43-fba80830a56d 6/17/2005 7:48:20 AM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f6eb366b-aa55-40fc-aab3-1151a115f61f 7/24/2005 10:42:58 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\fc3354b0-e76b-4480-9f1e-89b2b7760993 6/25/2005 10:16:36 PM 13698 C:\WINDOWS\system32\Restore\filelist.xml 7/26/2005 3:10:36 PM 6 C:\WINDOWS\Tasks\SA.DAT »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 4/25/2005 5:47:42 PM 1918 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk 1/6/2004 12:36:02 PM 761 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Find Fast.lnk 1/6/2004 12:35:56 PM 736 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Office Startup.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... Checking files in %USERPROFILE%\Startup folder... Checking files in %USERPROFILE%\Application Data folder... »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Zone Labs Client C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe vptray C:\PROGRA~1\SYMANT~1\VPTray.exe TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe QuickTime Task "C:\WINDOWS\System32\qttask.exe" -atboottime PopUp Buster+ C:\Program Files\PopUpBuster\popupbuster.exe PHIME2002ASync C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName nwiz nwiz.exe /install NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup KernelFaultCheck %systemroot%\system32\dumprep 0 -k IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 IgfxTray C:\WINDOWS\System32\igfxtray.exe HotKeysCmds C:\WINDOWS\System32\hkcmd.exe eanth_critical_update_alert C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon.exe C:\WINDOWS\System32\ctfmon.exe Yahoo! Pager C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet STYLEXP C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide FreeRAM XP "C:\Documents and Settings\Owner.DEBORAH-ZLB4L6K\Desktop\Programs\framxpro\FreeRAM XP Pro 1.40.exe" -win Desktop Architect "C:\Program Files\Desktop Architect\datray.exe" -S HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoViewContextMenu 0 NoActiveDesktopChanges 0 DisableLocalMachineRun 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 DisableLocalUserRun 0 NoActiveDesktopChanges 0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableRegistryTools 0 DisableTaskMgr 0 NoDispAppearancePage 0 NoDispBackgroundPage 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon UserInit = C:\WINDOWS\System32\Userinit.exe Shell = Explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon = C:\WINDOWS\System32\NavLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.2.4 - Log file written to "WinPFind.Txt" in the WinPFind folder.