WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. Windows OS and Versions Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 Checking Selected Standard Folders Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... PEC2 2/27/2003 2:53:18 AM 340480 C:\WINDOWS\DOTEST.EXE PECompact2 8/24/2005 10:58:16 PM 15673233 C:\WINDOWS\lpt$vpn.801 qoologic 8/24/2005 10:58:16 PM 15673233 C:\WINDOWS\lpt$vpn.801 SAHAgent 8/24/2005 10:58:16 PM 15673233 C:\WINDOWS\lpt$vpn.801 PEC2 5/19/2001 5:08:44 PM 6656 C:\WINDOWS\pcboot.exe PEC2 3/15/2003 10:46:14 PM 168448 C:\WINDOWS\realtime.exe UPX! 5/3/2005 10:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll UPX! 1/10/2005 3:17:24 PM 170053 C:\WINDOWS\tsc.exe UPX! 7/17/2002 4:07:04 AM 43008 C:\WINDOWS\unwash.exe PECompact2 8/24/2005 10:58:16 PM 15673233 C:\WINDOWS\VPTNFILE.801 qoologic 8/24/2005 10:58:16 PM 15673233 C:\WINDOWS\VPTNFILE.801 SAHAgent 8/24/2005 10:58:16 PM 15673233 C:\WINDOWS\VPTNFILE.801 UPX! 2/18/2005 5:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll aspack 2/18/2005 5:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll UPX! 1/27/2006 11:27:08 AM 14336 C:\WINDOWS\vvdxtj.exe Checking %System% folder... UPX! 1/26/2004 7:26:26 PM 288768 C:\WINDOWS\SYSTEM32\c58bKs.dll UPX! 9/17/2001 1:20:02 PM 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll PEC2 7/21/2001 1:15:34 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 12/7/2005 9:05:52 AM 573952 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 12/7/2005 9:05:52 AM 573952 C:\WINDOWS\SYSTEM32\DivX.dll PEC2 2/14/1997 10:24:14 PM 197171 C:\WINDOWS\SYSTEM32\Dwapilib.tlb UPX! 10/19/2004 7:15:22 PM 188928 C:\WINDOWS\SYSTEM32\in10tvmk37s.dll UPX! 3/26/2004 5:19:36 PM 5120 C:\WINDOWS\SYSTEM32\in9bdlE.dlltmp PTech 1/29/2004 8:50:06 PM H 1879808 C:\WINDOWS\SYSTEM32\kyf.dat PTech 8/3/2005 9:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com UPX! 9/30/2003 11:35:48 AM 36864 C:\WINDOWS\SYSTEM32\MPCDec.ax UPX! 10/31/2001 11:14:40 AM 30720 C:\WINDOWS\SYSTEM32\mplaa6.dll UPX! 10/31/2001 11:14:40 AM 30208 C:\WINDOWS\SYSTEM32\mplam6.dll UPX! 10/31/2001 11:14:40 AM 29184 C:\WINDOWS\SYSTEM32\mplapx.dll UPX! 10/31/2001 11:14:40 AM 30720 C:\WINDOWS\SYSTEM32\mplaw7.dll UPX! 10/31/2001 11:14:40 AM 215040 C:\WINDOWS\SYSTEM32\mplva6.dll UPX! 10/31/2001 11:14:40 AM 203264 C:\WINDOWS\SYSTEM32\mplvm6.dll UPX! 10/31/2001 11:14:40 AM 245760 C:\WINDOWS\SYSTEM32\mplvpx.dll UPX! 10/31/2001 11:14:40 AM 211456 C:\WINDOWS\SYSTEM32\mplvw7.dll PECompact2 2/7/2006 9:23:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe aspack 2/7/2006 9:23:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe PEC2 10/1/2003 5:08:28 AM 278016 C:\WINDOWS\SYSTEM32\NPSCAN.DLL aspack 8/3/2004 11:56:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll UPX! 5/23/2003 2:08:52 AM 20992 C:\WINDOWS\SYSTEM32\ogg.dll PTech 2/16/2005 1:00:02 AM 1867060 C:\WINDOWS\SYSTEM32\Onshiau.xml UPX! 1/11/2005 5:43:14 PM 26989 C:\WINDOWS\SYSTEM32\OSSMTP.DLL Umonitor 8/3/2004 11:56:44 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe UPX! 10/21/2004 2:38:20 PM 77824 C:\WINDOWS\SYSTEM32\thinInstGUPM44.dll aspack 10/21/2004 2:38:20 PM 77824 C:\WINDOWS\SYSTEM32\thinInstGUPM44.dll UPX! 5/23/2003 2:08:52 AM 107008 C:\WINDOWS\SYSTEM32\vorbis.dll winsync 7/21/2001 1:23:44 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 8/3/2004 9:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 3/1/2006 5:31:48 PM S 2048 C:\WINDOWS\bootstat.dat 2/28/2006 6:40:06 PM H 54156 C:\WINDOWS\QTFont.qfn 1/3/2006 1:17:06 PM S 8792 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911564.cat 1/13/2006 12:34:32 PM S 7898 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat 1/3/2006 9:39:38 PM S 11223 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911927.cat 1/2/2006 3:09:36 PM S 11223 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat 1/13/2006 11:28:32 AM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913446.cat 3/1/2006 5:31:32 PM H 8192 C:\WINDOWS\SYSTEM32\config\default.LOG 2/24/2006 6:25:38 PM H 0 C:\WINDOWS\SYSTEM32\config\default_TU_45458.LOG 3/1/2006 5:32:14 PM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG 2/24/2006 6:25:38 PM H 0 C:\WINDOWS\SYSTEM32\config\SAM_TU_21843.LOG 3/1/2006 5:31:52 PM H 16384 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG 2/24/2006 6:25:30 PM H 0 C:\WINDOWS\SYSTEM32\config\SECURITY_TU_59673.LOG 3/1/2006 5:33:02 PM H 73728 C:\WINDOWS\SYSTEM32\config\software.LOG 2/24/2006 6:25:36 PM H 0 C:\WINDOWS\SYSTEM32\config\software_TU_93467.LOG 3/1/2006 5:32:20 PM H 1122304 C:\WINDOWS\SYSTEM32\config\system.LOG 2/24/2006 6:25:38 PM H 0 C:\WINDOWS\SYSTEM32\config\system_TU_68915.LOG 2/26/2006 2:59:02 PM H 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\NTUSER.DAT.LOG 2/9/2006 12:42:20 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\69b306fa-f5dd-4336-a041-5ff70dec7935 2/9/2006 12:42:20 AM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred 2/25/2006 3:13:36 PM H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... 8/19/2003 9:20:04 AM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Cirrus Logic, Inc. 11/7/2001 11:09:44 AM 614912 C:\WINDOWS\SYSTEM32\cwaprops.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Intel Corporation 8/8/2001 12:00:08 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems 2/20/2003 3:42:34 PM 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 8/17/2001 9:37:02 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/17/2001 9:37:02 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl 12/10/2005 3:06:00 AM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Sun Microsystems 2/7/2002 12:35:28 PM 45151 C:\WINDOWS\SYSTEM32\plugincpl140.cpl Sun Microsystems 4/30/2002 6:02:12 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cpl Sun Microsystems 11/1/2002 8:15:54 PM 45175 C:\WINDOWS\SYSTEM32\plugincpl140_03.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft 3/3/1999 12:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/17/2001 9:37:02 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 8/17/2001 9:37:02 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 8/17/2001 9:37:02 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 8/17/2001 9:37:02 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl NVIDIA Corporation 10/6/2003 2:16:00 PM 73728 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\nvtuicpl.cpl Checking Selected Startup Folders Checking files in %ALLUSERSPROFILE%\Startup folder... 2/4/2002 8:34:52 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 2/4/2002 12:24:42 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 8/23/2004 12:14:20 PM 8 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt 4/8/2005 3:15:06 PM H 63 C:\Documents and Settings\All Users\Application Data\Ts_infos.ini Checking files in %USERPROFILE%\Startup folder... 9/17/2001 6:22:52 PM 36864 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe 2/4/2002 8:34:52 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 2/4/2002 12:24:42 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini Checking Selected Registry Keys [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] YPC 3.0.1 = Yahoo! Parental Controls ESB{6D265C7C-D2C3-415C-9225-2B07AEDC07F2} = SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Program Files\AVPersonal\AVShlExt.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Program Files\AVPersonal\AVShlExt.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} Yahoo! Companion BHO = C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} Google Toolbar Helper = c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\system32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\Program Files\AIM\aim.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background ctfmon.exe C:\WINDOWS\system32\ctfmon.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services SCardDrv 3 SBService 2 navapsvc 2 ccPwdSvc 3 Macromedia Licensing Service 3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup location Common Startup command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE item Adobe Reader Speed Launch path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup location Common Startup command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE item Adobe Reader Speed Launch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk backup C:\WINDOWS\pss\APC UPS Status.lnkCommon Startup location Common Startup command C:\PROGRA~1\APC\APCPOW~1\Display.exe item APC UPS Status path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk backup C:\WINDOWS\pss\APC UPS Status.lnkCommon Startup location Common Startup command C:\PROGRA~1\APC\APCPOW~1\Display.exe item APC UPS Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk backup C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup location Common Startup command C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV03.EXE item EPSON Status Monitor 3 Environment Check path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk backup C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup location Common Startup command C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV03.EXE item EPSON Status Monitor 3 Environment Check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup location Common Startup command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start item Logitech Desktop Messenger path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup location Common Startup command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start item Logitech Desktop Messenger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MI1933~1\Office10\OSA.EXE -b -l item Microsoft Office path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MI1933~1\Office10\OSA.EXE -b -l item Microsoft Office HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk backup C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup location Common Startup command C:\PROGRA~1\Microtek\SCANWI~1\SCANNE~1.EXE item Microtek Scanner Finder path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk backup C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup location Common Startup command C:\PROGRA~1\Microtek\SCANWI~1\SCANNE~1.EXE item Microtek Scanner Finder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup location Common Startup command C:\PROGRA~1\Quicken\bagent.exe item Quicken Scheduled Updates path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup location Common Startup command C:\PROGRA~1\Quicken\bagent.exe item Quicken Scheduled Updates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Baldev^Start Menu^Programs^Startup^MPXPTray.lnk path C:\Documents and Settings\Baldev\Start Menu\Programs\Startup\MPXPTray.lnk backup C:\WINDOWS\pss\MPXPTray.lnkStartup location Startup command C:\PROGRA~1\WINDOW~3\WINDOW~2\POWERT~1\mpxptray.exe /Startup item MPXPTray path C:\Documents and Settings\Baldev\Start Menu\Programs\Startup\MPXPTray.lnk backup C:\WINDOWS\pss\MPXPTray.lnkStartup location Startup command C:\PROGRA~1\WINDOW~3\WINDOW~2\POWERT~1\mpxptray.exe /Startup item MPXPTray HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Baldev^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk path C:\Documents and Settings\Baldev\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk backup C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup location Startup command C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE item OpenOffice.org 2.0 path C:\Documents and Settings\Baldev\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk backup C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup location Startup command C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE item OpenOffice.org 2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Baldev^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe path C:\Documents and Settings\Baldev\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe backup C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup location Startup command C:\Documents and Settings\Baldev\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe item PowerReg SchedulerV2 path C:\Documents and Settings\Baldev\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe backup C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup location Startup command C:\Documents and Settings\Baldev\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe item PowerReg SchedulerV2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item PATCH hkey HKLM command C:\WINDOWS\VOLUME\PATCH.EXE inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\00saskda key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item newadmin hkey HKLM command "C:\Program Files\Security Administrator\newadmin.exe" saskda inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item newadmin hkey HKLM command "C:\Program Files\Security Administrator\newadmin.exe" saskda inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\0p9xkCQmN key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item xehvhg hkey HKLM command C:\WINDOWS\xehvhg.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item xehvhg hkey HKLM command C:\WINDOWS\xehvhg.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\0d+],o8gAYC: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\0d+],o8gAYC:\Program Files HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2wSysTray key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item 2portalmon hkey HKLM command C:\Program Files\2Wire\Gateway\2portalmon.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item 2portalmon hkey HKLM command C:\Program Files\2Wire\Gateway\2portalmon.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\