Thanks Cheeseball. Here's the scan in 2 parts:
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 07/01/2007 3:57:30 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
UPX! 07/01/2007 3:57:38 PM 276500 C:\WINDOWS\SYSTEM32\bnaoesbk.dll ()
aspack 22/07/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
PEC2 09/08/2004 10:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
FSG! 11/11/2003 4:00:22 PM 236544 C:\WINDOWS\SYSTEM32\DivXdec.ax (DivXNetworks, Inc.)
UPX! 24/10/2006 5:50:46 AM 67604 C:\WINDOWS\SYSTEM32\fhuotsib.exe ()
UPX! 07/01/2007 11:36:42 AM 88340 C:\WINDOWS\SYSTEM32\fisjjioe.exe ()
UPX! 02/11/2006 5:45:14 AM 110612 C:\WINDOWS\SYSTEM32\fsqpwbdr.exe ()
UPX! 04/01/2007 2:42:50 PM 118804 C:\WINDOWS\SYSTEM32\hnhrigxm.dll ()
UPX! 07/01/2007 3:57:44 PM 81684 C:\WINDOWS\SYSTEM32\hwvquois.dll ()
UPX! 04/01/2007 3:39:12 PM 88340 C:\WINDOWS\SYSTEM32\kcjbiiud.exe ()
UPX! 07/01/2007 2:21:46 PM 81684 C:\WINDOWS\SYSTEM32\ksqvfiun.dll ()
PECompact2 08/06/2006 5:19:52 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 08/06/2006 5:19:52 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 09/08/2004 10:00:00 PM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 10/08/2004 12:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
UPX! 04/01/2007 2:42:02 PM 44060 C:\WINDOWS\SYSTEM32\ntocspcy.dll ()
WSUD 09/08/2004 10:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
UPX! 04/01/2007 2:42:26 PM 88340 C:\WINDOWS\SYSTEM32\oouqsxwb.exe ()
UPX! 04/01/2007 3:52:52 PM 88340 C:\WINDOWS\SYSTEM32\pmnfsxfo.exe ()
UPX! 07/01/2007 2:21:54 PM 88340 C:\WINDOWS\SYSTEM32\pukhrndj.exe ()
UPX! 07/01/2007 2:21:42 PM 276500 C:\WINDOWS\SYSTEM32\qxrbnnne.dll ()
Umonitor 09/08/2004 10:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 05/01/2007 7:48:32 PM 88340 C:\WINDOWS\SYSTEM32\rivmsbkx.exe ()
UPX! 20/10/2006 6:10:24 PM 67604 C:\WINDOWS\SYSTEM32\syjlpjir.exe ()
UPX! 05/01/2007 12:26:34 PM 88340 C:\WINDOWS\SYSTEM32\ufayshnp.exe ()
UPX! 07/01/2007 3:57:40 PM 88340 C:\WINDOWS\SYSTEM32\vvbuokfr.exe ()
winsync 09/08/2004 10:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
UPX! 06/01/2007 2:00:04 PM 88340 C:\WINDOWS\SYSTEM32\wnblpren.exe ()
UPX! 07/01/2007 3:03:26 PM 88340 C:\WINDOWS\SYSTEM32\yenpdwev.exe ()
Checking %System%\Drivers folder and sub-folders...
UPX! 30/09/2006 6:13:00 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 30/09/2006 6:13:00 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 30/09/2006 6:13:00 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 30/09/2006 6:13:00 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
07/01/2007 3:56:48 PM S 2048 C:\WINDOWS\bootstat.dat ()
07/01/2007 3:56:54 PM S 64 C:\WINDOWS\CSC\00000001 ()
07/01/2007 2:20:48 PM S 64 C:\WINDOWS\CSC\00000002 ()
04/01/2007 3:52:26 PM HS 37675 C:\WINDOWS\system32\mxgirhnh.ini ()
07/01/2007 3:57:36 PM HS 772057 C:\WINDOWS\system32\qtvwa.bak2 ()
07/01/2007 4:01:40 PM HS 771472 C:\WINDOWS\system32\qtvwa.ini2 ()
07/01/2007 3:56:52 PM H 20480 C:\WINDOWS\system32\config\default.LOG ()
07/01/2007 3:57:02 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
07/01/2007 3:56:50 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
07/01/2007 3:57:30 PM H 1024 C:\WINDOWS\system32\config\software.LOG ()
07/01/2007 3:57:16 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
03/01/2007 6:31:30 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1f58440a-080c-4e86-8663-157c81c76b3c ()
03/01/2007 6:31:30 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
07/01/2007 3:53:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
Checking for CPL files...
09/08/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
03/05/2005 11:44:12 AM 294912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
09/08/2004 10:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
27/07/2004 4:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
09/08/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
10/11/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
09/08/2004 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
23/09/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
26/05/2005 7:14:48 AM 262144 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL (Realtek Semiconductor Corp.)
09/08/2004 10:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{2917297F-F02B-4B9D-81DF-494B6333150B} - Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - Java Plug-in 1.5.0 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
14/09/2005 1:12:26 PM 1862 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk ()
28/01/2005 3:41:38 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
14/09/2005 1:21:40 PM 1819 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
27/01/2005 7:30:22 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
14/09/2005 1:27:08 PM 972 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
Checking files in %USERPROFILE%\Startup folder...
28/01/2005 3:41:38 AM HS 84 C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
27/01/2005 7:30:22 PM HS 62 C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\windows\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.ca/
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\windows\system32\blank.htm
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{7DA39570-5FD2-4f18-94B4-20730CB3F727} - = C:\WINDOWS\system32\ntocspcy.dll ()
\{BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\{E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - DPCUpdater Object = C:\WINDOWS\system32\awvtq.dll ()
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8196
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - 8194 = Connection Help
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = Windows Messenger
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - ButtonText: Connection Help = C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{DBFB267C-334F-4F19-A304-63B7130C20C7} - MediaCenter Property Page = arpower.dll (Microsoft)
\\{5E2121EE-0300-11D4-8D3B-444553540000} - Catalyst Context Menu extension = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - SampleView = C:\WINDOWS\system32\ShellvRTF.dll (XSS)
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{0873D142-79EF-49fa-81B5-211AAC0B0A7F} - Target Finder Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll ()
\\{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll (Sonic Solutions)
\\{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} - RXDCExtShlExt extension = C:\Program Files\Roxio\Easy Media Creator 7\Disc Image Loader\DC_ShellExt.dll (Sonic Solutions)
\\{E61F73F9-96A4-461C-87C6-D84C7CC63A60} - = C:\WINDOWS\system32\wwbclnt.dll ()
\\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
URLLSTCK.exe - c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe (Symantec Corporation)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
SM1BG - C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
RTHDCPL - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
RoxioDragToDisc - C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
PCDrProfiler - Reg Data missing or invalid ()
NeroCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
LSBWatcher - c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
IS CfgWiz - c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
HPHUPD08 - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
HPBootOp - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
HP Software Update - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
ehTray - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)
ATICCC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
AlwaysReady Power Message APP - C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BearShare
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BearShare
hkey HKLM
command "C:\Program Files\BearShare\BearShare.exe" /pause
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DllRunning
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hnhrigxm
hkey HKLM
command rundll32.exe "C:\WINDOWS\system32\hnhrigxm.dll",setvm
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\keyboard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item keyboard4
hkey HKLM
command C:\windows\keyboard4.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mousepad
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mousepad4
hkey HKLM
command C:\windows\mousepad4.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\newname
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item newname4
hkey HKLM
command C:\windows\newname4.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpySweeper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpySweeper
hkey HKLM
command "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WildTangent CDA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cdaEngine0500
hkey HKLM
command "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 07/01/2007 3:57:30 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
UPX! 07/01/2007 3:57:38 PM 276500 C:\WINDOWS\SYSTEM32\bnaoesbk.dll ()
aspack 22/07/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
PEC2 09/08/2004 10:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
FSG! 11/11/2003 4:00:22 PM 236544 C:\WINDOWS\SYSTEM32\DivXdec.ax (DivXNetworks, Inc.)
UPX! 24/10/2006 5:50:46 AM 67604 C:\WINDOWS\SYSTEM32\fhuotsib.exe ()
UPX! 07/01/2007 11:36:42 AM 88340 C:\WINDOWS\SYSTEM32\fisjjioe.exe ()
UPX! 02/11/2006 5:45:14 AM 110612 C:\WINDOWS\SYSTEM32\fsqpwbdr.exe ()
UPX! 04/01/2007 2:42:50 PM 118804 C:\WINDOWS\SYSTEM32\hnhrigxm.dll ()
UPX! 07/01/2007 3:57:44 PM 81684 C:\WINDOWS\SYSTEM32\hwvquois.dll ()
UPX! 04/01/2007 3:39:12 PM 88340 C:\WINDOWS\SYSTEM32\kcjbiiud.exe ()
UPX! 07/01/2007 2:21:46 PM 81684 C:\WINDOWS\SYSTEM32\ksqvfiun.dll ()
PECompact2 08/06/2006 5:19:52 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 08/06/2006 5:19:52 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 09/08/2004 10:00:00 PM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 10/08/2004 12:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
UPX! 04/01/2007 2:42:02 PM 44060 C:\WINDOWS\SYSTEM32\ntocspcy.dll ()
WSUD 09/08/2004 10:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
UPX! 04/01/2007 2:42:26 PM 88340 C:\WINDOWS\SYSTEM32\oouqsxwb.exe ()
UPX! 04/01/2007 3:52:52 PM 88340 C:\WINDOWS\SYSTEM32\pmnfsxfo.exe ()
UPX! 07/01/2007 2:21:54 PM 88340 C:\WINDOWS\SYSTEM32\pukhrndj.exe ()
UPX! 07/01/2007 2:21:42 PM 276500 C:\WINDOWS\SYSTEM32\qxrbnnne.dll ()
Umonitor 09/08/2004 10:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 05/01/2007 7:48:32 PM 88340 C:\WINDOWS\SYSTEM32\rivmsbkx.exe ()
UPX! 20/10/2006 6:10:24 PM 67604 C:\WINDOWS\SYSTEM32\syjlpjir.exe ()
UPX! 05/01/2007 12:26:34 PM 88340 C:\WINDOWS\SYSTEM32\ufayshnp.exe ()
UPX! 07/01/2007 3:57:40 PM 88340 C:\WINDOWS\SYSTEM32\vvbuokfr.exe ()
winsync 09/08/2004 10:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
UPX! 06/01/2007 2:00:04 PM 88340 C:\WINDOWS\SYSTEM32\wnblpren.exe ()
UPX! 07/01/2007 3:03:26 PM 88340 C:\WINDOWS\SYSTEM32\yenpdwev.exe ()
Checking %System%\Drivers folder and sub-folders...
UPX! 30/09/2006 6:13:00 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 30/09/2006 6:13:00 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 30/09/2006 6:13:00 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 30/09/2006 6:13:00 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
07/01/2007 3:56:48 PM S 2048 C:\WINDOWS\bootstat.dat ()
07/01/2007 3:56:54 PM S 64 C:\WINDOWS\CSC\00000001 ()
07/01/2007 2:20:48 PM S 64 C:\WINDOWS\CSC\00000002 ()
04/01/2007 3:52:26 PM HS 37675 C:\WINDOWS\system32\mxgirhnh.ini ()
07/01/2007 3:57:36 PM HS 772057 C:\WINDOWS\system32\qtvwa.bak2 ()
07/01/2007 4:01:40 PM HS 771472 C:\WINDOWS\system32\qtvwa.ini2 ()
07/01/2007 3:56:52 PM H 20480 C:\WINDOWS\system32\config\default.LOG ()
07/01/2007 3:57:02 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
07/01/2007 3:56:50 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
07/01/2007 3:57:30 PM H 1024 C:\WINDOWS\system32\config\software.LOG ()
07/01/2007 3:57:16 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
03/01/2007 6:31:30 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1f58440a-080c-4e86-8663-157c81c76b3c ()
03/01/2007 6:31:30 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
07/01/2007 3:53:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
Checking for CPL files...
09/08/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
03/05/2005 11:44:12 AM 294912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
09/08/2004 10:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
27/07/2004 4:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
09/08/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
10/11/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
09/08/2004 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
23/09/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
26/05/2005 7:14:48 AM 262144 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL (Realtek Semiconductor Corp.)
09/08/2004 10:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
09/08/2004 10:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{2917297F-F02B-4B9D-81DF-494B6333150B} - Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - Java Plug-in 1.5.0 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
14/09/2005 1:12:26 PM 1862 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk ()
28/01/2005 3:41:38 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
14/09/2005 1:21:40 PM 1819 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
27/01/2005 7:30:22 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
14/09/2005 1:27:08 PM 972 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
Checking files in %USERPROFILE%\Startup folder...
28/01/2005 3:41:38 AM HS 84 C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
27/01/2005 7:30:22 PM HS 62 C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\windows\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.ca/
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\windows\system32\blank.htm
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{7DA39570-5FD2-4f18-94B4-20730CB3F727} - = C:\WINDOWS\system32\ntocspcy.dll ()
\{BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\{E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - DPCUpdater Object = C:\WINDOWS\system32\awvtq.dll ()
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8196
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - 8194 = Connection Help
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = Windows Messenger
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - ButtonText: Connection Help = C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{DBFB267C-334F-4F19-A304-63B7130C20C7} - MediaCenter Property Page = arpower.dll (Microsoft)
\\{5E2121EE-0300-11D4-8D3B-444553540000} - Catalyst Context Menu extension = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - SampleView = C:\WINDOWS\system32\ShellvRTF.dll (XSS)
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{0873D142-79EF-49fa-81B5-211AAC0B0A7F} - Target Finder Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll ()
\\{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll (Sonic Solutions)
\\{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} - RXDCExtShlExt extension = C:\Program Files\Roxio\Easy Media Creator 7\Disc Image Loader\DC_ShellExt.dll (Sonic Solutions)
\\{E61F73F9-96A4-461C-87C6-D84C7CC63A60} - = C:\WINDOWS\system32\wwbclnt.dll ()
\\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
URLLSTCK.exe - c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe (Symantec Corporation)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
SM1BG - C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
RTHDCPL - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
RoxioDragToDisc - C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
PCDrProfiler - Reg Data missing or invalid ()
NeroCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
LSBWatcher - c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
IS CfgWiz - c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
HPHUPD08 - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
HPBootOp - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
HP Software Update - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
ehTray - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)
ATICCC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
AlwaysReady Power Message APP - C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BearShare
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BearShare
hkey HKLM
command "C:\Program Files\BearShare\BearShare.exe" /pause
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DllRunning
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hnhrigxm
hkey HKLM
command rundll32.exe "C:\WINDOWS\system32\hnhrigxm.dll",setvm
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\keyboard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item keyboard4
hkey HKLM
command C:\windows\keyboard4.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mousepad
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mousepad4
hkey HKLM
command C:\windows\mousepad4.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\newname
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item newname4
hkey HKLM
command C:\windows\newname4.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpySweeper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpySweeper
hkey HKLM
command "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WildTangent CDA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cdaEngine0500
hkey HKLM
command "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
