WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... PECompact2 16/08/2005 07:28:52 15649617 G:\WINDOWS\LPT$VPN.785 qoologic 16/08/2005 07:28:52 15649617 G:\WINDOWS\LPT$VPN.785 SAHAgent 16/08/2005 07:28:52 15649617 G:\WINDOWS\LPT$VPN.785 UPX! 05/10/2005 18:57:44 38912 G:\WINDOWS\mtuninst.exe UPX! 03/05/2005 11:44:44 25157 G:\WINDOWS\RMAgentOutput.dll UPX! 28/02/2005 17:40:36 170053 G:\WINDOWS\tsc.exe PECompact2 16/08/2005 07:28:52 15649617 G:\WINDOWS\VPTNFILE.785 qoologic 16/08/2005 07:28:52 15649617 G:\WINDOWS\VPTNFILE.785 SAHAgent 16/08/2005 07:28:52 15649617 G:\WINDOWS\VPTNFILE.785 UPX! 18/02/2005 18:40:14 1044560 G:\WINDOWS\vsapi32.dll aspack 18/02/2005 18:40:14 1044560 G:\WINDOWS\vsapi32.dll Checking %System% folder... PEC2 23/08/2001 13:00:00 41397 G:\WINDOWS\SYSTEM32\dfrg.msc aspack 07/08/2003 15:01:52 126464 G:\WINDOWS\SYSTEM32\lame_enc.dll PTech 12/07/2005 18:04:22 520456 G:\WINDOWS\SYSTEM32\LegitCheckControl.dll PECompact2 09/09/2005 04:08:28 1997664 G:\WINDOWS\SYSTEM32\MRT.exe aspack 09/09/2005 04:08:28 1997664 G:\WINDOWS\SYSTEM32\MRT.exe aspack 05/01/2002 15:40:18 332288 G:\WINDOWS\SYSTEM32\msvcp70.dll aspack 02/06/2004 17:46:12 528896 G:\WINDOWS\SYSTEM32\NCTAudioCompress2.dll aspack 02/06/2004 17:51:08 622592 G:\WINDOWS\SYSTEM32\NCTAudioFile2.dll aspack 04/06/2004 14:41:02 150528 G:\WINDOWS\SYSTEM32\NCTAVIFile.dll aspack 12/05/2004 19:01:08 367616 G:\WINDOWS\SYSTEM32\NCTMPEGFile.dll aspack 04/06/2004 17:09:32 101376 G:\WINDOWS\SYSTEM32\NCTQuickTimeFile.dll aspack 04/06/2004 14:40:18 83968 G:\WINDOWS\SYSTEM32\NCTRMFile.dll aspack 08/06/2004 12:39:16 235520 G:\WINDOWS\SYSTEM32\NCTVideoCompress.dll aspack 08/06/2004 12:50:56 66560 G:\WINDOWS\SYSTEM32\NCTVideoFile.dll aspack 04/06/2004 17:08:20 90112 G:\WINDOWS\SYSTEM32\NCTWMVFile.dll aspack 04/08/2004 08:56:36 708096 G:\WINDOWS\SYSTEM32\ntdll.dll UPX! 05/10/2005 18:57:42 136704 G:\WINDOWS\SYSTEM32\oins.exe Umonitor 04/08/2004 08:56:44 657920 G:\WINDOWS\SYSTEM32\rasdlg.dll winsync 23/08/2001 13:00:00 1309184 G:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 04/08/2004 06:41:38 1309184 G:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in G:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 13/10/2005 16:12:40 S 2048 G:\WINDOWS\bootstat.dat 11/10/2005 23:01:04 H 54156 G:\WINDOWS\QTFont.qfn 08/09/2005 10:40:16 H 116 G:\WINDOWS\Wintpfg32.blx 13/10/2005 00:23:30 HS 11270 G:\WINDOWS\system32\KGyGaAvL.sys 13/10/2005 03:38:46 HS 3072 G:\WINDOWS\system32\Thumbs.db 05/10/2005 19:18:08 H 401408 G:\WINDOWS\system32\??ool32.exe 13/10/2005 16:13:06 H 1024 G:\WINDOWS\system32\config\default.LOG 13/10/2005 16:14:54 H 1024 G:\WINDOWS\system32\config\SAM.LOG 13/10/2005 16:13:06 H 1024 G:\WINDOWS\system32\config\SECURITY.LOG 13/10/2005 16:14:58 H 1024 G:\WINDOWS\system32\config\software.LOG 13/10/2005 16:13:54 H 1024 G:\WINDOWS\system32\config\system.LOG 14/09/2005 17:30:14 H 1024 G:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 30/08/2005 16:41:12 HS 388 G:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1b6867c0-f5d1-4aa6-b64d-e66c1ed9fb65 31/10/2005 17:20:56 HS 388 G:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1bafe4fc-ada2-4304-ac6c-21e6fb81ad4f 13/10/2005 03:38:46 HS 5120 G:\WINDOWS\system32\oobe\Thumbs.db 13/10/2005 16:12:42 H 6 G:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04/08/2004 08:56:58 68608 G:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 18/05/2005 15:17:54 18726912 G:\WINDOWS\SYSTEM32\ALSNDMGR.CPL Microsoft Corporation 04/08/2004 08:56:58 549888 G:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 04/08/2004 08:56:58 110592 G:\WINDOWS\SYSTEM32\bthprops.cpl Logitech Inc. 08/10/2004 13:23:58 282624 G:\WINDOWS\SYSTEM32\camcpl.cpl Microsoft Corporation 04/08/2004 08:56:58 135168 G:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 04/08/2004 08:56:58 80384 G:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04/08/2004 08:56:58 155136 G:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 04/08/2004 08:56:58 358400 G:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04/08/2004 08:56:58 129536 G:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 04/08/2004 08:56:58 380416 G:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 04/08/2004 08:56:58 68608 G:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 03/06/2005 03:52:54 49265 G:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 23/08/2001 13:00:00 187904 G:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 04/08/2004 08:56:58 618496 G:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 23/08/2001 13:00:00 35840 G:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 04/08/2004 08:56:58 25600 G:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04/08/2004 08:56:58 257024 G:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 23/08/2001 13:00:00 36864 G:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 04/08/2004 08:56:58 32768 G:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 04/08/2004 08:56:58 114688 G:\WINDOWS\SYSTEM32\powercfg.cpl Apple Computer, Inc. 08/04/2004 14:12:42 323072 G:\WINDOWS\SYSTEM32\QuickTime.cpl Microsoft Corporation 04/08/2004 08:56:58 298496 G:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 23/08/2001 13:00:00 28160 G:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04/08/2004 08:56:58 94208 G:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 04/08/2004 08:56:58 148480 G:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26/05/2005 04:16:30 174360 G:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 04/08/2004 08:56:58 68608 G:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 04/08/2004 08:56:58 549888 G:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 04/08/2004 08:56:58 110592 G:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl Microsoft Corporation 23/08/2001 13:00:00 187904 G:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 23/08/2001 13:00:00 35840 G:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 23/08/2001 13:00:00 36864 G:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 04/08/2004 08:56:58 32768 G:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 23/08/2001 13:00:00 28160 G:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 26/05/2005 04:16:30 174360 G:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl Realtek Semiconductor Corp. 08/10/2003 09:05:36 R 13426176 G:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\ALSNDMGR.CPL Realtek Semiconductor Corp. 08/10/2003 09:05:36 R 13426176 G:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\ALSNDMGR.CPL Realtek Semiconductor Corp. 18/05/2005 15:17:54 18726912 G:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\ALSNDMGR.CPL »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 06/07/2004 12:07:52 HS 84 G:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 06/07/2004 12:42:18 HS 62 G:\Documents and Settings\All Users\Application Data\desktop.ini Checking files in %USERPROFILE%\Startup folder... 06/07/2004 12:07:52 HS 84 G:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 25/06/2005 23:50:22 1406 G:\Documents and Settings\Administrator\Application Data\AdobeDLM.log 06/07/2004 12:42:18 HS 62 G:\Documents and Settings\Administrator\Application Data\desktop.ini 25/06/2005 23:50:22 0 G:\Documents and Settings\Administrator\Application Data\dm.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = Maxthon = IEAK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StuffIt Compress Menu = HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\Program Files\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = G:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = G:\PROGRA~1\Yahoo!\Common\ymmapi.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Compress Menu = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\Program Files\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = G:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = G:\Program Files\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = G:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = G:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = G:\PROGRA~1\SPYBOT~1\SDHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} UberButton Class = G:\Program Files\Yahoo!\Common\yiesrvc.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} PCTools Site Guard = G:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A} YahooTaggedBM Class = G:\Program Files\Yahoo!\Common\YIeTagBm.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC} PCTools Browser Monitor = G:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = G:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {724d43a0-0d85-11d4-9908-00400523e39a} = &RoboForm : G:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : G:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} ButtonText = Spyware Doctor : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46} ButtonText = Fill Forms : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49} ButtonText = Save : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} ButtonText = Yahoo! Services : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a} ButtonText = RoboForm : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : G:\Program Files\AIM\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} ButtonText = Share in Hello : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : G:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = G:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] SunJavaUpdateSched G:\Program Files\Java\jre1.5.0_04\bin\jusched.exe QuickTime Task "G:\Program Files\QuickTime\qttask.exe" -atboottime SoundMan SOUNDMAN.EXE MSConfig C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] MsnMsgr "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background MSMSGS "G:\Program Files\Messenger\msmsgs.exe" /background Yahoo! Pager "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet googletalk "G:\Program Files\Google\Google Talk\googletalk.exe" /autostart [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 2 services 0 startup 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = G:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = G:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = G:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 13/10/2005 16:19:22