by theglobal » June 5th, 2005, 5:52 pm
Chris... here is info from regscan ---- each item is separated by dashes ------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"S3TRAY2"="S3tray2.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
"CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
"checktime"="c:\\program files\\HPSelect\\Frontend\\ct.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"sunasDTServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasDTServ.exe"
@=""
"sunasServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasServ.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"S3TRAY2"="S3tray2.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
"CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
"checktime"="c:\\program files\\HPSelect\\Frontend\\ct.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"sunasDTServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasDTServ.exe"
@=""
"sunasServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasServ.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
---------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"S3TRAY2"="S3tray2.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
"CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
"checktime"="c:\\program files\\HPSelect\\Frontend\\ct.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"sunasDTServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasDTServ.exe"
@=""
"sunasServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasServ.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
--------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"S3TRAY2"="S3tray2.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
"CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
"checktime"="c:\\program files\\HPSelect\\Frontend\\ct.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"sunasDTServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasDTServ.exe"
@=""
"sunasServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasServ.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"S3TRAY2"="S3tray2.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
"CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
"checktime"="c:\\program files\\HPSelect\\Frontend\\ct.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"sunasDTServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasDTServ.exe"
@=""
"sunasServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasServ.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
------------------------------
REGEDIT4
[HKEY_USERS\S-1-5-21-2974146706-4179051517-1175015063-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="gSafeOnload"
-----------------------------
REGEDIT4
[HKEY_USERS\S-1-5-21-2974146706-4179051517-1175015063-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\\PROGRA~1\\HPINST~1\\plugin\\bin\\PCHButton.exe"
"Extreme Messenger for AIM"="C:\\Program Files\\Extreme Messenger\\ExtremeMessenger.exe nosplash"
"NoAds"="\"C:\\Program Files\\NoAds\\NoAds.exe\""
"MoneyAgent"="\"c:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AOLCC"="\"C:\\Program Files\\AOL Computer Check-Up\\ACCAgnt.exe\" /startup"
"Adaware Bootup"="C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\Ad-aware.exe /Auto /Log \"C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\\""
---------------------------------------
REGEDIT4
[HKEY_USERS\S-1-5-21-2974146706-4179051517-1175015063-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\\PROGRA~1\\HPINST~1\\plugin\\bin\\PCHButton.exe"
"Extreme Messenger for AIM"="C:\\Program Files\\Extreme Messenger\\ExtremeMessenger.exe nosplash"
"NoAds"="\"C:\\Program Files\\NoAds\\NoAds.exe\""
"MoneyAgent"="\"c:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AOLCC"="\"C:\\Program Files\\AOL Computer Check-Up\\ACCAgnt.exe\" /startup"
"Adaware Bootup"="C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\Ad-aware.exe /Auto /Log \"C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\\""
------------------------------
REGEDIT4
[HKEY_USERS\S-1-5-21-2974146706-4179051517-1175015063-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\\PROGRA~1\\HPINST~1\\plugin\\bin\\PCHButton.exe"
"Extreme Messenger for AIM"="C:\\Program Files\\Extreme Messenger\\ExtremeMessenger.exe nosplash"
"NoAds"="\"C:\\Program Files\\NoAds\\NoAds.exe\""
"MoneyAgent"="\"c:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AOLCC"="\"C:\\Program Files\\AOL Computer Check-Up\\ACCAgnt.exe\" /startup"
"Adaware Bootup"="C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\Ad-aware.exe /Auto /Log \"C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\\""
----------------------------
REGEDIT4
[HKEY_USERS\S-1-5-21-2974146706-4179051517-1175015063-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\\PROGRA~1\\HPINST~1\\plugin\\bin\\PCHButton.exe"
"Extreme Messenger for AIM"="C:\\Program Files\\Extreme Messenger\\ExtremeMessenger.exe nosplash"
"NoAds"="\"C:\\Program Files\\NoAds\\NoAds.exe\""
"MoneyAgent"="\"c:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AOLCC"="\"C:\\Program Files\\AOL Computer Check-Up\\ACCAgnt.exe\" /startup"
"Adaware Bootup"="C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\Ad-aware.exe /Auto /Log \"C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\\""
------------------------
REGEDIT4
[HKEY_USERS\S-1-5-21-2974146706-4179051517-1175015063-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\\PROGRA~1\\HPINST~1\\plugin\\bin\\PCHButton.exe"
"Extreme Messenger for AIM"="C:\\Program Files\\Extreme Messenger\\ExtremeMessenger.exe nosplash"
"NoAds"="\"C:\\Program Files\\NoAds\\NoAds.exe\""
"MoneyAgent"="\"c:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
" gSafeOnload[gSafeOnload.length] "=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,79,73,74,65,6d,33,32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,67,53,\
61,66,65,4f,6e,6c,6f,61,64,2e,6c,65,6e,67,74,68,5d,20,3d,20,66,3b,00
" gSafeOnload[i"=hex(2):63,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,\
32,5c,09,09,67,53,61,66,65,4f,6e,6c,6f,61,64,5b,69,5d,28,29,3b,00
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AOLCC"="\"C:\\Program Files\\AOL Computer Check-Up\\ACCAgnt.exe\" /startup"
"Adaware Bootup"="C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\Ad-aware.exe /Auto /Log \"C:\\Documents and Settings\\Owner\\Desktop\\Patrick's Utilities\\Lavasoft Ad-Aware\\\""