Ok. I did so, and it took about an hour to run... Thanks Metallica....
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 4/14/2003 12:02:08 PM 55808 C:\WINDOWS\unSpySweeper.exe
PECompact2 9/21/2005 6:38:56 PM 15851025 C:\WINDOWS\VPTNFILE.849
qoologic 9/21/2005 6:38:56 PM 15851025 C:\WINDOWS\VPTNFILE.849
SAHAgent 9/21/2005 6:38:56 PM 15851025 C:\WINDOWS\VPTNFILE.849
PECompact2 9/21/2005 6:38:56 PM 15851025 C:\WINDOWS\LPT$VPN.849
qoologic 9/21/2005 6:38:56 PM 15851025 C:\WINDOWS\LPT$VPN.849
SAHAgent 9/21/2005 6:38:56 PM 15851025 C:\WINDOWS\LPT$VPN.849
aspack 8/4/2004 10:41:28 AM 545280 C:\WINDOWS\flashax.exe
UPX! 8/31/2005 2:06:08 AM 83968 C:\WINDOWS\io2uns.exe
UPX! 4/9/2005 3:11:30 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 9/21/2005 6:39:08 PM 170053 C:\WINDOWS\tsc.exe
UPX! 9/21/2005 6:39:02 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 9/21/2005 6:39:02 PM 1044560 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
aspack 3/19/2002 7:18:54 AM 120832 C:\WINDOWS\SYSTEM32\lame_enc.dll
PEC2 8/23/2001 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
SAHAgent 9/21/2005 4:37:32 PM 59 C:\WINDOWS\SYSTEM32\v7aus4mf.ini
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
winsync 8/23/2001 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PECompact2 9/8/2005 10:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 10:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 10/15/2003 12:43:08 PM 2855228 C:\WINDOWS\SYSTEM32\FinalFantasyXI.scr
aspack 12/3/2002 3:02:58 AM 491520 C:\WINDOWS\SYSTEM32\NCTAudioFile.dll
aspack 12/3/2002 3:11:10 AM 143872 C:\WINDOWS\SYSTEM32\NCTWMAFile.dll
PTech 8/29/2005 1:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/22/2005 9:04:22 PM S 2048 C:\WINDOWS\bootstat.dat
9/23/2005 11:07:20 AM H 54156 C:\WINDOWS\QTFont.qfn
9/22/2005 8:58:14 PM H 24 C:\WINDOWS\poa2M
9/20/2005 2:54:54 PM HS 10646 C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
9/22/2005 8:58:54 PM H 1024 C:\WINDOWS\SYSTEM32\config\system.LOG
9/22/2005 8:58:54 PM H 69632 C:\WINDOWS\SYSTEM32\config\software.LOG
9/22/2005 8:58:54 PM H 8192 C:\WINDOWS\SYSTEM32\config\default.LOG
9/22/2005 9:04:38 PM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
9/22/2005 9:04:26 PM H 16384 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
8/28/2005 9:38:30 PM H 0 C:\WINDOWS\SYSTEM32\config\SECURITY_TU_11728.LOG
8/28/2005 9:38:32 PM H 0 C:\WINDOWS\SYSTEM32\config\SOFTWARE_TU_98314.LOG
8/28/2005 9:38:32 PM H 0 C:\WINDOWS\SYSTEM32\config\SYSTEM_TU_49604.LOG
8/28/2005 9:38:32 PM H 0 C:\WINDOWS\SYSTEM32\config\DEFAULT_TU_59101.LOG
8/28/2005 9:38:32 PM H 0 C:\WINDOWS\SYSTEM32\config\SAM_TU_30618.LOG
9/14/2005 7:16:20 PM H 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat.LOG
7/31/2005 9:14:52 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
7/31/2005 9:14:52 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\ec15722d-06a1-41e2-b9fc-0e5020334e4c
9/22/2005 8:58:48 PM H 6 C:\WINDOWS\TASKS\SA.DAT
9/22/2005 9:00:02 AM H 398 C:\WINDOWS\TASKS\{EC5B1555-628A-4F4A-A459-4FACFD7A472D}_COMPUTER_Default.job
9/22/2005 4:00:02 PM H 398 C:\WINDOWS\TASKS\{5C103221-7A90-401E-99FE-E5C0B5B858B8}_COMPUTER_Default.job
9/9/2005 4:00:02 PM H 398 C:\WINDOWS\TASKS\{FA464308-147D-4A38-9F3F-1686256355F2}_COMPUTER_Default.job
9/5/2005 1:14:26 PM HS 135168 C:\WINDOWS\All Users\DRM\drmstore.hds
8/31/2005 9:16:08 PM H 0 C:\WINDOWS\inf\oem45.inf
Checking for CPL files...
Compaq Computer Corporation 10/25/1999 7:27:44 PM 110592 C:\WINDOWS\SYSTEM32\UICONFIG.cpl
Compaq Computer Corporation 8/23/1999 9:45:08 AM R 159744 C:\WINDOWS\SYSTEM32\OSDCPL.cpl
10/14/1999 5:27:06 PM 110592 C:\WINDOWS\SYSTEM32\cch.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
8/2/2005 4:35:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
AvantGo, Inc. 1/30/2004 5:15:12 PM 69632 C:\WINDOWS\SYSTEM32\mbllnk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Creative Technology Ltd. 5/28/2001 1:47:00 PM 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
5/25/2004 11:06:58 AM 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Liquid Audio, Inc. 1/8/2003 11:48:16 AM 417792 C:\WINDOWS\SYSTEM32\LiquidControlPanel.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
2/6/2002 3:32:48 AM R 102400 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\nvtuicpl.cpl
2/6/2002 3:32:48 AM R 102400 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvtuicpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
3/5/2003 1:23:52 PM 673 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3Deep.lnk
12/31/2002 1:10:44 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
3/5/2003 1:24:04 PM 1654 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\E-Color Indicator.lnk
3/5/2003 1:23:52 PM 1595 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\E-Color.lnk
5/15/2005 3:02:10 PM 1712 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/31/2002 1:01:24 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
6/30/2005 10:07:08 PM 4357 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
9/17/2005 6:03:10 PM 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Checking files in %USERPROFILE%\Startup folder...
12/31/2002 1:10:44 PM HS 84 C:\Documents and Settings\Default\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
12/31/2002 1:01:24 PM HS 62 C:\Documents and Settings\Default\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
DigExt =
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ktggnffx
{1c3880f0-ea1f-4aa7-9508-a4d1118c0a25} = C:\WINDOWS\system32\krgge.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2004\sdshelex.dll"
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2004\sdshelex.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} = &ESPN : C:\Program Files\ESPN\Toolbar\DIGToolBar2.dll
= :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText = Create Mobile Favorite :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText = Create Mobile Favorite... : C:\Program Files\Microsoft ActiveSync\INetRepl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = @C:\Program Files\Messenger\Msgslang.dll,-61144 : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} = &ESPN : C:\Program Files\ESPN\Toolbar\DIGToolBar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
DVDTray "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
DVDBitSet "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
DIGStream C:\Program Files\DIGStream\digstream.exe
DIGServices C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
CPQEASYACC C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe
AudioHQU C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
2wSysTray C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
SystemTray SysTray.Exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
vptray C:\Program Files\NavNT\vptray.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
ykpatcgvl 2
Bonjour Service 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^cpdd.exe
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cpdd.exe
backup C:\WINDOWS\pss\cpdd.exeCommon Startup
location Common Startup
command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cpdd.exe
item cpdd
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cpdd.exe
backup C:\WINDOWS\pss\cpdd.exeCommon Startup
location Common Startup
command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cpdd.exe
item cpdd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
item InterVideo WinCinema Manager
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
item InterVideo WinCinema Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item Kodak EasyShare software
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h
item Kodak EasyShare software
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE
item KODAK Software Updater
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE
item KODAK Software Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location Common Startup
command C:\QUICKENW\QWDLLS.EXE
item Quicken Startup
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location Common Startup
command C:\QUICKENW\QWDLLS.EXE
item Quicken Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Default^Start Menu^Programs^Startup^AbsoluteShield Internet Eraser.lnk
path C:\Documents and Settings\Default\Start Menu\Programs\Startup\AbsoluteShield Internet Eraser.lnk
backup C:\WINDOWS\pss\AbsoluteShield Internet Eraser.lnkStartup
location Startup
command C:\PROGRA~1\SYSSHI~1\INTERN~1\cseraser.exe /autorun
item AbsoluteShield Internet Eraser
path C:\Documents and Settings\Default\Start Menu\Programs\Startup\AbsoluteShield Internet Eraser.lnk
backup C:\WINDOWS\pss\AbsoluteShield Internet Eraser.lnkStartup
location Startup
command C:\PROGRA~1\SYSSHI~1\INTERN~1\cseraser.exe /autorun
item AbsoluteShield Internet Eraser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Default^Start Menu^Programs^Startup^Connection Manager.lnk
path C:\Documents and Settings\Default\Start Menu\Programs\Startup\Connection Manager.lnk
backup C:\WINDOWS\pss\Connection Manager.lnkStartup
location Startup
command C:\PROGRA~1\BELLSO~1\CONNEC~1\CManager.exe
item Connection Manager
path C:\Documents and Settings\Default\Start Menu\Programs\Startup\Connection Manager.lnk
backup C:\WINDOWS\pss\Connection Manager.lnkStartup
location Startup
command C:\PROGRA~1\BELLSO~1\CONNEC~1\CManager.exe
item Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Default^Start Menu^Programs^Startup^PowerReg Scheduler.exe
path C:\Documents and Settings\Default\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
location Startup
command C:\Documents and Settings\Default\Start Menu\Programs\Startup\PowerReg Scheduler.exe
item PowerReg Scheduler
path C:\Documents and Settings\Default\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
location Startup
command C:\Documents and Settings\Default\Start Menu\Programs\Startup\PowerReg Scheduler.exe
item PowerReg Scheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\180sa
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 180sa
hkey HKLM
command c:\program files\180search assistant\180sa.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 180sa
hkey HKLM
command c:\program files\180search assistant\180sa.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAS Client
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casclient
hkey HKCU
command "C:\Program Files\Cas\Client\casclient.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casclient
hkey HKCU
command "C:\Program Files\Cas\Client\casclient.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cashplusmedia.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cashplusmedia
hkey HKLM
command C:\WINDOWS\system32\cashplusmedia.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cashplusmedia
hkey HKLM
command C:\WINDOWS\system32\cashplusmedia.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cpzmksq
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xwmpgnv
hkey HKLM
command C:\WINDOWS\system32\xwmpgnv.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xwmpgnv
hkey HKLM
command C:\WINDOWS\system32\xwmpgnv.exe r
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dla
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tfswctrl
hkey HKLM
command C:\WINDOWS\system32\dla\tfswctrl.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tfswctrl
hkey HKLM
command C:\WINDOWS\system32\dla\tfswctrl.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Evidence Eliminator
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ee
hkey HKCU
command C:\Program Files\Evidence Eliminator\ee.exe /m
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ee
hkey HKCU
command C:\Program Files\Evidence Eliminator\ee.exe /m
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\exp.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\system32\exp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\system32\exp.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FCEngine
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FCEngine
hkey HKCU
command "C:\Program Files\FCEngine\FCEngine.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FCEngine
hkey HKCU
command "C:\Program Files\FCEngine\FCEngine.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GsAds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gms2
hkey HKLM
command C:\WINDOWS\system32\gms2.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gms2
hkey HKLM
command C:\WINDOWS\system32\gms2.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\H/PC Connection Agent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WCESCOMM
hkey HKCU
command "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WCESCOMM
hkey HKCU
command "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ichckupd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ichckupd
hkey HKCU
command C:\WINDOWS\system32\ichckupd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ichckupd
hkey HKCU
command C:\WINDOWS\system32\ichckupd.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iexplore.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iexplore
hkey HKLM
command C:\Program Files\Internet Explorer\iexplore.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iexplore
hkey HKLM
command C:\Program Files\Internet Explorer\iexplore.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ieza.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ieza
hkey HKLM
command C:\WINDOWS\ieza.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ieza
hkey HKLM
command C:\WINDOWS\ieza.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Intel system tool
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hookdump
hkey HKCU
command C:\WINDOWS\system32\hookdump.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hookdump
hkey HKCU
command C:\WINDOWS\system32\hookdump.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iobs
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iobs
hkey HKLM
command C:\WINDOWS\system32\tlkvld\iobs.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iobs
hkey HKLM
command C:\WINDOWS\system32\tlkvld\iobs.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Jet Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADGJDet
hkey HKLM
command "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADGJDet
hkey HKLM
command "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\jqjhqq
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jqjhqq
hkey HKLM
command C:\WINDOWS\system32\nwpc\jqjhqq.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jqjhqq
hkey HKLM
command C:\WINDOWS\system32\nwpc\jqjhqq.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KidzMouse
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item KidzSetup
hkey HKLM
command C:\PROGRA~1\KIDZMO~1\KidzSetup.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item KidzSetup
hkey HKLM
command C:\PROGRA~1\KIDZMO~1\KidzSetup.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lozmvkv
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lozmvkv
hkey HKLM
command C:\WINDOWS\lozmvkv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lozmvkv
hkey HKLM
command C:\WINDOWS\lozmvkv.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MedGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item medgs1
hkey HKLM
command C:\WINDOWS\system32\medgs1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item medgs1
hkey HKLM
command C:\WINDOWS\system32\medgs1.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Gateway
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaGateway
hkey HKLM
command C:\Program Files\Media Gateway\MediaGateway.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaGateway
hkey HKLM
command C:\Program Files\Media Gateway\MediaGateway.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nokia Connection Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NclConf
hkey HKLM
command "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NclConf
hkey HKLM
command "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\opr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item opr
hkey HKLM
command C:\WINDOWS\system32\opr.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item opr
hkey HKLM
command C:\WINDOWS\system32\opr.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\paqb
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paqb
hkey HKLM
command C:\WINDOWS\system32\nhhpg\paqb.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paqb
hkey HKLM
command C:\WINDOWS\system32\nhhpg\paqb.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PhotoShow Deluxe Media Manager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mssysmgr
hkey HKCU
command C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mssysmgr
hkey HKCU
command C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ProSiteFinder
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ProSiteFinder
hkey HKLM
command "C:\Program Files\ProSiteFinder\ProSiteFinder.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ProSiteFinder
hkey HKLM
command "C:\Program Files\ProSiteFinder\ProSiteFinder.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSof1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\system32\PSof1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\system32\PSof1.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpySweeper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpySweeper
hkey HKCU
command C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpySweeper
hkey HKCU
command C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfSideKick 3
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ssk
hkey HKLM
command C:\Program Files\SurfSideKick 3\Ssk.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ssk
hkey HKLM
command C:\Program Files\SurfSideKick 3\Ssk.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\testit.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item testit
hkey HKLM
command C:\WINDOWS\system32\testit.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item testit
hkey HKLM
command C:\WINDOWS\system32\testit.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tgcmd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tgcmd
hkey HKLM
command "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tgcmd
hkey HKLM
command "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TransTask
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item transtask
hkey HKCU
command "C:\Program Files\Tweak-XP Pro 3\transtask.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item transtask
hkey HKCU
command "C:\Program Files\Tweak-XP Pro 3\transtask.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ViewMgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ViewMgr
hkey HKLM
command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ViewMgr
hkey HKLM
command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vitcjfo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item txylcxp
hkey HKLM
command C:\WINDOWS\system32\txylcxp.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item txylcxp
hkey HKLM
command C:\WINDOWS\system32\txylcxp.exe r
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vjqldgko
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vjqldgko
hkey HKLM
command C:\WINDOWS\system32\oqxnxwxr\vjqldgko.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vjqldgko
hkey HKLM
command C:\WINDOWS\system32\oqxnxwxr\vjqldgko.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vptray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vptray
hkey HKLM
command C:\Program Files\NavNT\vptray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vptray
hkey HKLM
command C:\Program Files\NavNT\vptray.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vtjtshy
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item njfosx
hkey HKLM
command C:\WINDOWS\system32\njfosx.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item njfosx
hkey HKLM
command C:\WINDOWS\system32\njfosx.exe r
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WINDVDPatch
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zrnnpa
hkey HKLM
command C:\WINDOWS\system32\zrnnpa.exe reg_run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zrnnpa
hkey HKLM
command C:\WINDOWS\system32\zrnnpa.exe reg_run
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinTask driver
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wintask
hkey HKLM
command C:\WINDOWS\system32\wintask.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wintask
hkey HKLM
command C:\WINDOWS\system32\wintask.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\xv_crtl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item v_ctrl
hkey HKLM
command C:\Program Files\3dhq Tools\v_ctrl.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item v_ctrl
hkey HKLM
command C:\Program Files\3dhq Tools\v_ctrl.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ykpa
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ykpa
hkey HKLM
command C:\WINDOWS\system32\tcgvl\ykpa.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ykpa
hkey HKLM
command C:\WINDOWS\system32\tcgvl\ykpa.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 2
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoCDBurning 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key 9h[nâ€1v’¤0Jq?
Hint Mom knows it...
FileName0 C:\WINDOWS\System32\RSACi.rat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\
http://www.rsac.org/ratingsv01.html
l 2
n 2
s 2
v 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoStartBanner
NoLowDiskSpaceChecks 1
NoDrives
NoViewOnDrive 0
NoSharedDocuments
NoLogoff 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Windows Update
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %S