Here is the WinPFind text: (are cryptnet.dll, and crypt32.dll supposed to be there? They sound scary...)
and don't beat yourself up. The WinPFind log only has like 800 lines of text, or something
Carrie
Thanks!
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
aspack 3/8/2004 6:25:28 PM 180736 C:\WINDOWS\01April04.scr
aspack 3/1/2005 1:40:38 PM 180736 C:\WINDOWS\01April05.scr
aspack 6/22/2004 3:12:32 PM 180736 C:\WINDOWS\01August04.scr
aspack 6/22/2005 2:12:52 PM 180736 C:\WINDOWS\01August05.scr
aspack 11/2/2003 2:55:06 PM 180736 C:\WINDOWS\01December03.scr
aspack 10/12/2004 4:17:20 AM 180736 C:\WINDOWS\01December04.scr
aspack 10/7/2005 1:13:10 PM 187392 C:\WINDOWS\01December05.scr
aspack 6/26/2002 9:44:14 AM 180736 C:\WINDOWS\01February04.scr
aspack 1/6/2005 2:07:54 PM 180736 C:\WINDOWS\01February05.scr
aspack 12/2/2003 2:46:06 PM 180736 C:\WINDOWS\01January04.scr
aspack 11/19/2004 11:27:10 AM 180736 C:\WINDOWS\01January05.scr
aspack 6/10/2005 8:56:58 PM 180736 C:\WINDOWS\01July05.scr
aspack 4/29/2004 1:10:02 PM 180736 C:\WINDOWS\01June04.scr
aspack 4/27/2005 3:28:08 PM 180736 C:\WINDOWS\01June05.scr
aspack 1/29/2004 3:28:32 PM 180736 C:\WINDOWS\01March04.scr
aspack 1/21/2005 1:27:08 PM 180736 C:\WINDOWS\01March05.scr
aspack 4/13/2004 4:13:54 PM 180736 C:\WINDOWS\01May04.scr
aspack 3/21/2005 1:55:48 PM 180736 C:\WINDOWS\01May05.scr
aspack 10/1/2003 2:19:22 PM 180736 C:\WINDOWS\01November03.scr
aspack 11/21/2005 12:18:38 AM 180736 C:\WINDOWS\01November04.scr
aspack 9/10/2003 6:36:46 PM 180736 C:\WINDOWS\01October03.exe.scr
aspack 9/15/2004 11:35:26 AM 180736 C:\WINDOWS\01October04.scr
aspack 7/26/2004 11:37:50 AM 180736 C:\WINDOWS\01September04.scr
aspack 3/8/2004 6:25:58 PM 180736 C:\WINDOWS\02April04.scr
aspack 3/1/2005 1:41:16 PM 180736 C:\WINDOWS\02April05.scr
aspack 7/20/2004 1:24:48 AM 180736 C:\WINDOWS\02August04.scr
aspack 6/22/2005 2:15:00 PM 180736 C:\WINDOWS\02August05.scr
aspack 11/2/2003 2:56:22 PM 180736 C:\WINDOWS\02December03.scr
aspack 10/12/2004 4:17:50 AM 180736 C:\WINDOWS\02December04.scr
aspack 10/7/2005 12:46:28 PM 187392 C:\WINDOWS\02December05.scr
aspack 1/4/2004 8:46:14 PM 180736 C:\WINDOWS\02February04.scr
aspack 1/6/2005 2:08:44 PM 180736 C:\WINDOWS\02February05.scr
aspack 12/2/2003 2:37:58 PM 180736 C:\WINDOWS\02January04.scr
aspack 11/22/2004 2:42:06 PM 180736 C:\WINDOWS\02January05.scr
aspack 6/10/2005 8:56:22 PM 180736 C:\WINDOWS\02July05.scr
aspack 4/29/2004 1:13:08 PM 180736 C:\WINDOWS\02June04.scr
aspack 4/27/2005 3:28:46 PM 180736 C:\WINDOWS\02June05.scr
aspack 1/29/2004 3:28:58 PM 180736 C:\WINDOWS\02March04.scr
aspack 1/21/2005 1:27:42 PM 180736 C:\WINDOWS\02March05.scr
aspack 4/2/2004 11:13:20 AM 180736 C:\WINDOWS\02May04.scr
aspack 3/21/2005 1:56:26 PM 180736 C:\WINDOWS\02May05.scr
aspack 10/1/2003 2:20:06 PM 180736 C:\WINDOWS\02November03.scr
aspack 9/29/2004 12:16:34 PM 180736 C:\WINDOWS\02November04.scr
aspack 9/10/2003 6:37:10 PM 180736 C:\WINDOWS\02October03.exe.scr
aspack 8/10/2004 2:13:42 PM 180736 C:\WINDOWS\02October04.scr
aspack 7/26/2004 11:40:22 AM 180736 C:\WINDOWS\02September04.scr
aspack 3/8/2004 6:26:28 PM 180736 C:\WINDOWS\03April04.scr
aspack 3/1/2005 1:41:40 PM 180736 C:\WINDOWS\03April05.scr
aspack 6/22/2004 3:14:16 PM 180736 C:\WINDOWS\03August04.scr
aspack 6/22/2005 2:14:20 PM 180736 C:\WINDOWS\03August05.scr
aspack 11/2/2003 2:57:00 PM 180736 C:\WINDOWS\03December03.scr
aspack 10/12/2004 4:18:28 AM 180736 C:\WINDOWS\03December04.scr
aspack 10/7/2005 1:06:32 PM 187392 C:\WINDOWS\03December05.scr
aspack 6/26/2002 9:44:14 AM 180736 C:\WINDOWS\03February04.scr
aspack 1/6/2005 2:09:24 PM 180736 C:\WINDOWS\03February05.scr
aspack 12/2/2003 2:38:50 PM 180736 C:\WINDOWS\03January04.scr
aspack 11/19/2004 11:28:10 AM 180736 C:\WINDOWS\03January05.scr
aspack 6/10/2005 8:55:36 PM 180736 C:\WINDOWS\03July05.scr
aspack 4/29/2004 1:13:32 PM 180736 C:\WINDOWS\03June04.scr
aspack 5/2/2005 11:39:24 AM 180736 C:\WINDOWS\03June05.scr
aspack 1/29/2004 3:33:26 PM 180736 C:\WINDOWS\03March04.scr
aspack 1/21/2005 1:28:12 PM 180736 C:\WINDOWS\03March05.scr
aspack 4/2/2004 11:13:44 AM 180736 C:\WINDOWS\03May04.scr
aspack 3/21/2005 2:06:04 PM 180736 C:\WINDOWS\03May05.scr
aspack 10/1/2003 2:20:32 PM 180736 C:\WINDOWS\03November03.scr
aspack 9/29/2004 12:17:14 PM 180736 C:\WINDOWS\03November04.scr
aspack 9/10/2003 6:37:46 PM 180736 C:\WINDOWS\03October03.exe.scr
aspack 8/10/2004 2:14:14 PM 180736 C:\WINDOWS\03October04.scr
aspack 7/26/2004 11:40:54 AM 180736 C:\WINDOWS\03September04.scr
aspack 11/19/2005 10:32:04 AM 311824 C:\WINDOWS\eFaxView.exe
Checking %System% folder...
UPX! 12/20/2005 4:21:38 AM 481280 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 8/29/2002 2:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 12/8/2005 4:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 12/8/2005 4:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/3/2004 11:56:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/3/2004 11:56:44 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 2:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 9:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/3/2006 11:22:32 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
11/30/2005 8:17:10 PM S 21633 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 4:12:48 PM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/3/2006 11:22:24 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
1/3/2006 11:22:58 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
1/3/2006 11:22:34 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
1/3/2006 11:23:04 AM H 86016 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
1/3/2006 11:22:42 AM H 1224704 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
1/2/2006 6:30:10 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
12/15/2005 10:49:58 PM S 1047 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC
12/15/2005 10:49:58 PM S 1370 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB
12/15/2005 10:49:58 PM S 126 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC
12/15/2005 10:49:58 PM S 194 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB
1/3/2006 11:19:50 AM H 6 C:\WINDOWS\Tasks\SA.DAT
12/27/2005 3:39:52 PM HS 37594 C:\WINDOWS\Temp\$_2341233.TMP
Checking for CPL files...
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 11/19/2003 2:48:12 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 2:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 2:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel® Corporation 3/11/2003 1:15:56 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Apple Computer, Inc. 8/26/1996 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
Apple Computer, Inc. 7/27/2003 7:05:54 AM 295936 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 2:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Creative Technology Ltd. 2/18/2004 6:52:50 AM 176128 C:\WINDOWS\SYSTEM32\USBAudio.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 6:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 5:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
9/22/2004 3:44:42 PM 188 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
9/3/2002 6:00:00 AM HS 84 C:\Documents and Settings\Carrie Hafer\Start Menu\Programs\Startup\DESKTOP.INI
Checking files in %USERPROFILE%\Application Data folder...
11/20/2005 12:58:30 PM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\carabradshaw004.bmp
12/26/2005 8:29:54 AM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\caroleejones008.bmp
11/17/2005 10:21:30 PM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\caroleejones018.bmp
12/13/2005 1:11:18 PM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\carolhalm002.bmp
9/3/2002 5:50:46 AM HS 62 C:\Documents and Settings\Carrie Hafer\Application Data\DESKTOP.INI
11/26/2005 3:23:20 PM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\kaelynnwinn007.bmp
11/21/2005 11:23:40 AM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\lauriefurnell010.bmp
12/3/2005 10:19:18 AM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\lauriefurnell012.bmp
11/16/2005 11:41:26 PM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\lauriefurnell022.bmp
11/16/2005 11:34:38 PM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\lorielakey002.bmp
11/21/2005 10:49:56 AM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\lorigardner003.bmp
12/22/2005 1:10:44 AM 2359350 C:\Documents and Settings\Carrie Hafer\Application Data\teresakogut001.bmp
12/28/2005 2:44:56 PM HS 54272 C:\Documents and Settings\Carrie Hafer\Application Data\Thumbs.db
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\deskMenu2
{D8A8853A-DB04-45D4-8732-A5CC49CE6107} = C:\WINDOWS\system32\deskMenu2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQMenu
{f802f260-519b-11d1-bb5d-0060974c6013} = C:\Program Files\ICQ\ICQShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StuffIt Compress Menu
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Compress Menu
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQMenu
{f802f260-519b-11d1-bb5d-0060974c6013} = C:\Program Files\ICQ\ICQShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
Comcast Toolbar = C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\Program Files\ICQToolbar\toolbaru.dll
{DE9C389F-3316-41A7-809B-AA305ED9D922} = AOL Toolbar : C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6224f700-cba3-4071-b251-47cb894244cd}
ButtonText = ICQ Pro : C:\PROGRA~1\ICQ\ICQ.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}
ButtonText = ComcastHSI :
http://www.comcast.net/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A}
ButtonText = Support :
http://www.comcastsupport.com/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4}
ButtonText = Help :
http://online.comcast.net/help/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}
ButtonText = MUSICMATCH MX Web Player :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = :
{855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\Program Files\ICQToolbar\toolbaru.dll
{DE9C389F-3316-41A7-809B-AA305ED9D922} = AOL Toolbar : C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\AcroTray.exe
item Acrobat Assistant
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\AcroTray.exe
item Acrobat Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\DIGITA~1\DLG.exe
item Digital Line Detect
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\DIGITA~1\DLG.exe
item Digital Line Detect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
item hp psc 1000 series
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
item hp psc 1000 series
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
item hpoddt01.exe
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
item hpoddt01.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item apdproxy
hkey HKLM
command "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item apdproxy
hkey HKLM
command "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast!
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ashDisp
hkey HKLM
command C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ashDisp
hkey HKLM
command C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDElbyCDFL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ElbyCheck
hkey HKLM
command "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ElbyCheck
hkey HKLM
command "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTSysVol
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTSysVol
hkey HKLM
command C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTSysVol
hkey HKLM
command C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dla
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tfswctrl
hkey HKLM
command C:\WINDOWS\system32\dla\tfswctrl.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tfswctrl
hkey HKLM
command C:\WINDOWS\system32\dla\tfswctrl.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DVDLauncher
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DVDLauncher
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DVDLauncher
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P17Helper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Rundll32 P17
hkey HKLM
command Rundll32 P17.dll,P17Helper
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Rundll32 P17
hkey HKLM
command Rundll32 P17.dll,P17Helper
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCMService
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PCMService
hkey HKLM
command "C:\Program Files\Dell\Media Experience\PCMService.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PCMService
hkey HKLM
command "C:\Program Files\Dell\Media Experience\PCMService.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ReminderApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ReminderApp
hkey HKLM
command C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ReminderApp
hkey HKLM
command C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\THGuard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item THGuard
hkey HKLM
command "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item THGuard
hkey HKLM
command "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateManager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sgtray
hkey HKLM
command "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sgtray
hkey HKLM
command "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\URLLSTCK.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UrlLstCk
hkey HKLM
command C:\Program Files\Norton Internet Security\UrlLstCk.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UrlLstCk
hkey HKLM
command C:\Program Files\Norton Internet Security\UrlLstCk.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gnotify
hkey HKLM
command C:\Program Files\Google\Gmail Notifier\gnotify.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gnotify
hkey HKLM
command C:\Program Files\Google\Gmail Notifier\gnotify.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/3/2006 11:39:24 AM