WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/15/2007 1:48:33 AM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Michelle\Desktop\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
WSUD 7/24/2001 6:11:52 PM 5503880 C:\WINDOWS\msjavx86.exe (Microsoft Corporation)
UPX! 11/9/2005 8:04:40 PM 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
aspack 11/9/2005 8:04:40 PM 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
UPX! 10/18/2005 11:25:20 AM 176709 C:\WINDOWS\tsc.exe (Trend Micro Inc.)
PECompact2 1/3/2006 12:52:50 PM 17160623 C:\WINDOWS\lpt$vpn.143 ()
qoologic 1/3/2006 12:52:50 PM 17160623 C:\WINDOWS\lpt$vpn.143 ()
SAHAgent 1/3/2006 12:52:50 PM 17160623 C:\WINDOWS\lpt$vpn.143 ()
PECompact2 1/3/2006 12:52:50 PM 17160623 C:\WINDOWS\VPTNFILE.143 ()
qoologic 1/3/2006 12:52:50 PM 17160623 C:\WINDOWS\VPTNFILE.143 ()
SAHAgent 1/3/2006 12:52:50 PM 17160623 C:\WINDOWS\VPTNFILE.143 ()
Checking %System% folder...
PECompact2 12/7/2006 6:13:44 PM 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 12/7/2006 6:13:44 PM 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
PEC2 8/18/2001 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/18/2001 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
PEC2 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
WSUD 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
aspack 2/3/2003 2:09:00 AM 881152 C:\WINDOWS\SYSTEM32\jsdvwsdk.dll (eFax.com)
UPX! 9/7/2001 11:06:18 AM 54784 C:\WINDOWS\SYSTEM32\XpBlock.dll (Easy Systems Japan Ltd.)
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/9/2007 10:50:28 AM S 2048 C:\WINDOWS\bootstat.dat ()
1/9/2007 11:07:02 AM H 54156 C:\WINDOWS\QTFont.qfn ()
1/9/2007 10:53:40 AM H 48882 C:\WINDOWS\system32\vsconfig.xml ()
1/6/2007 3:25:32 AM H 4212 C:\WINDOWS\system32\zllictbl.dat ()
1/15/2007 1:47:00 AM H 1024 C:\WINDOWS\system32\config\system.LOG ()
1/15/2007 1:47:58 AM H 1024 C:\WINDOWS\system32\config\software.LOG ()
1/15/2007 1:32:00 AM H 1024 C:\WINDOWS\system32\config\default.LOG ()
1/15/2007 1:41:26 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
1/15/2007 1:51:38 AM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
12/21/2006 7:11:14 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
1/6/2007 3:49:36 AM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
1/6/2007 3:49:38 AM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 ()
1/6/2007 3:49:36 AM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
1/6/2007 3:49:38 AM S 44608 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 ()
12/31/2006 4:26:34 PM H 0 C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ()
12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
11/21/2006 5:34:58 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB926247.cat ()
11/18/2006 12:53:42 PM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB928388.cat ()
11/24/2006 11:18:10 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
11/24/2006 11:18:10 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\4262828c-bfdd-4c45-a821-74a7a053ee29 ()
11/23/2006 8:47:24 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
11/23/2006 8:47:24 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\52ef7c6f-285e-4856-a465-ce1fc51f756f ()
1/9/2007 10:51:32 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()
11/22/2006 4:20:22 AM RH 0 C:\WINDOWS\assembly\pubpol1.dat ()
11/22/2006 4:20:22 AM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme ()
11/22/2006 5:43:00 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()
11/22/2006 5:43:44 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat ()
1/10/2007 7:12:04 AM H 0 C:\WINDOWS\LastGood\INF\oem66.inf ()
1/10/2007 7:12:04 AM H 0 C:\WINDOWS\LastGood\INF\oem66.PNF ()
Checking for CPL files...
8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
12/4/1999 4:11:30 AM 151552 C:\WINDOWS\SYSTEM32\UILib.cpl (Sony Corporation)
1/6/2004 4:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{02BCC737-B171-4746-94C9-0D8A0B2C0089} - Microsoft Office Template and Media Control - CodeBase =
http://office.microsoft.com/templates/ieawsdc.cab
{02CF1781-EA91-4FA5-A200-646E8241987C} - VaioInfo.CMClass - CodeBase =
http://esupport.sony.com/VaioInfo.CAB
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase =
http://go.microsoft.com/fwlink/?linkid=39204
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - LSSupCtl Class - CodeBase =
https://www-secure.symantec.com/techsup ... SupCtl.cab
{215B8138-A3CF-44C5-803F-8226143CFC0A} - Trend Micro ActiveX Scan Agent 6.5 - CodeBase =
http://housecall65.trendmicro.com/house ... hcImpl.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - Symantec AntiVirus scanner - CodeBase =
http://security.symantec.com/sscv6/Shar ... vSniff.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = D:\Program Files\Common\yinsthelper.dll
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase =
http://office.microsoft.com/officeupdat ... /opuc2.cab
{5ED80217-570B-4DA9-BF44-BE107C0EC166} - Windows Live Safety Center Base Module - CodeBase =
http://cdn.scan.safety.live.com/resourc ... se8460.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase =
http://update.microsoft.com/windowsupda ... 2505331809
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase =
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase =
http://update.microsoft.com/microsoftup ... 6567884996
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} - WScanCtl Class - CodeBase =
http://www3.ca.com/securityadvisor/viru ... ebscan.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - Update Class - CodeBase =
http://v4.windowsupdate.microsoft.com/C ... 2281018519
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - Get_ActiveX Control - CodeBase =
https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - - CodeBase =
http://www.trendmicro.com/spyware-scan/as4web.cab
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase =
http://messenger.msn.com/download/MsnMe ... loader.cab
{B49C4597-8721-4789-9250-315DFBD9F525} - IWinAmpActiveX Class - CodeBase =
http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
{BCBC9371-595D-11D4-A96D-00105A1CEF6C} - View22RTE Class - CodeBase =
http://66.242.36.116/view22/View22RTE.cab
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - Office Update Installation Engine - CodeBase =
http://office.microsoft.com/officeupdat ... /opuc4.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://fpdownload.macromedia.com/get/fl ... wflash.cab
Microsoft XML Parser for Java - - CodeBase =
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
9/8/2001 10:15:20 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/8/2001 10:04:04 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
6/23/2006 2:39:50 PM 9726 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
Checking files in %USERPROFILE%\Startup folder...
9/8/2001 10:15:20 AM HS 84 C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
9/8/2001 10:04:02 AM HS 62 C:\Documents and Settings\Michelle\Application Data\desktop.ini ()
8/17/2006 5:26:06 AM 131496 C:\Documents and Settings\Michelle\Application Data\GDIPFONTCACHEV1.DAT ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://go.microsoft.com/fwlink/?LinkId=69157
\\Search Bar -
http://us.rd.yahoo.com/customize/ie/def ... earch.html
\\Search Page -
http://go.microsoft.com/fwlink/?LinkId=54896
\\Default_Page_URL -
http://go.microsoft.com/fwlink/?LinkId=69157
\\Default_Search_URL -
http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.myspace.com/
\\Search Bar -
http://www.google.com/ie
\\Search Page -
http://www.google.com
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch -
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant -
http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = D:\Program Files\Adobe\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class = D:\Program Files\Norton System Works\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = D:\Program Files\Norton System Works\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = D:\Program Files\Norton System Works\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - = ()
\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - = ()
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{09195BA5-24FC-49A1-B35D-49880A26D611} - 8192 =
\\NEXTID - 8201
\\{4CFA9AE1-43D4-4685-B898-E88CAFA2CF11} - 8193 =
\\{C6914DAC-5F7C-4D7A-A211-C00FA0878D1D} - 8194 =
\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8195 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8196 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8197 = Windows Messenger
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8198 = Sun Java Console
\\{A75C6120-9B36-11d4-A3F0-009027427750} - 8199 =
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8200 = Yahoo! Messenger
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - MenuText: = ()
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - ButtonText: Yahoo! Messenger = D:\Program Files\Messenger\YahooMessenger.exe (Yahoo! Inc.)
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} - MediaFace extension = C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll (Fellowes, Inc.)
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = D:\PROGRA~1\Common\ymmapi.dll (Yahoo! Inc.)
\\ - = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\MediaFaceExtension - {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} = C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll (Fellowes, Inc.)
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = D:\Program Files\Norton System Works\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = D:\PROGRA~1\Common\ymmapi.dll (Yahoo! Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\MediaFaceExtension - {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} = C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll (Fellowes, Inc.)
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = D:\Program Files\Norton System Works\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = D:\Program Files\Adobe\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Zone Labs Client - D:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
LWBMOUSE - C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE ()
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
ATIPTA - C:\WINDOWS\SYSTEM32\atiptaxx.exe (ATI Technologies, Inc.)
Apoint - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MSConfig - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
updateMgr - D:\Program Files\Adobe\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
GBPoll 2
AOL TopSpeedMonitor 3
AOL ACS 3
WMPNetworkSvc 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
location Common Startup
item Adobe Reader Speed Launch
command D:\PROGRA~1\Adobe\Reader\READER~1.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
location Common Startup
command D:\PROGRA~1\MICROS~1\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk
location Common Startup
item Norton GoBack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^Norton Disk Doctor.lnk
location Startup
command D:\PROGRA~1\NORTON~1\NORTON~1\NDD32.EXE /q
item Norton Disk Doctor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Fast Start
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOL
hkey HKCU
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLDial
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MediaFace Integration
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SetHook
hkey HKLM
command C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton SystemWorks
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cfgwiz
hkey HKCU
command "D:\Program Files\Norton System Works\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pure Networks Port Magic
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PortAOL
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WMPNSCFG
hkey HKCU
command C:\Program Files\Windows Media Player\WMPNSCFG.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\Q312461 -
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{15A5ED0F-2CCE-45CF-B022-E94CFCF5C9C6} - (Linksys Wireless-B USB Network Adapter v2.
{9A4CE0E4-670F-4084-AC5C-ED82BCDA6202} - (1394 Net Adapter)
{BB7E4653-388D-4A04-9DAF-50BE8353B565} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{D90EFF13-F4A0-4264-8099-1D8C097BE02B} - ()
{E9D8B442-E0DE-408C-BE0E-B161B601E1EE} - (Linksys Wireless-B USB Network Adapter v2.
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»