Logfile of HijackThis v1.99.1
Scan saved at 3:13:32 PM, on 12/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Network\network.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://webmail.uchicago.edu/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Network] C:\Program Files\Network\network.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Instant Messanger] aim.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -
http://echat.us.dell.com/Media/VisitorC ... EFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) -
http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) -
http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
win:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gngsmsnx
{551943cb-4c58-4e6d-880f-878698c53200} = C:\WINDOWS\System32\ckcso.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SnagItMainShellExt
{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SnagItMainShellExt
{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
IEWebCatcher Class = C:\Program Files\DNS\Catcher.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
MimBoot C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
Network C:\Program Files\Network\network.exe
BrowserUpdateSched C:\WINDOWS\system32\rwinomaw.exe FI003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
AOL Instant Messanger aim.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\6clro2if
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 6clro2if
hkey HKLM
command C:\WINDOWS\System32\6clro2if.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 6clro2if
hkey HKLM
command C:\WINDOWS\System32\6clro2if.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdaptecDirectCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Instant Messanger
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command aim.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command aim.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\App32dll
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnavc32
hkey HKLM
command C:\windows\system32\msnavc32.exe lee0105
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnavc32
hkey HKLM
command C:\windows\system32\msnavc32.exe lee0105
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG7_CC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgcc
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgcc
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG7_EMC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgemc
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgemc
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CasStub
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casstub
hkey HKCU
command C:\Program Files\CasStub\casstub.exe -run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casstub
hkey HKCU
command C:\Program Files\CasStub\casstub.exe -run
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cfgmgr52
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cfgmgr52
hkey HKLM
command RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cfgmgr52
hkey HKLM
command RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dinst
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dinst
hkey HKLM
command C:\WINDOWS\dinst.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dinst
hkey HKLM
command C:\WINDOWS\dinst.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eltupt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item eltupt
hkey HKLM
command C:\WINDOWS\eltupt.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item eltupt
hkey HKLM
command C:\WINDOWS\eltupt.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\System32\hkcmd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\System32\hkcmd.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd
hkey HKLM
command "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd
hkey HKLM
command "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb04
hkey HKLM
command C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb04
hkey HKLM
command C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\System32\igfxtray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\System32\igfxtray.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
command "C:\Program Files\Internet Optimizer\optimize.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
command "C:\Program Files\Internet Optimizer\optimize.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPInSightLAN 01
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPClient
hkey HKLM
command "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPClient
hkey HKLM
command "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPInSightMonitor 01
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPMon32
hkey HKLM
command "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPMon32
hkey HKLM
command "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KavSvc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kjklhl
hkey HKLM
command C:\WINDOWS\System32\kjklhl.exe reg_run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kjklhl
hkey HKLM
command C:\WINDOWS\System32\kjklhl.exe reg_run
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lanbrup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lanbrup
hkey HKLM
command C:\WINDOWS\System32\lanbrup.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lanbrup
hkey HKLM
command C:\WINDOWS\System32\lanbrup.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lchyjb
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ytgwiv
hkey HKLM
command c:\windows\system32\ytgwiv.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ytgwiv
hkey HKLM
command c:\windows\system32\ytgwiv.exe r
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcagent
hkey HKLM
command c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcagent
hkey HKLM
command c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item McUpdate
hkey HKLM
command c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item McUpdate
hkey HKLM
command c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Gateway
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaGateway
hkey HKLM
command C:\Program Files\Media Gateway\MediaGateway.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaGateway
hkey HKLM
command C:\Program Files\Media Gateway\MediaGateway.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mmtask
hkey HKLM
command "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mmtask
hkey HKLM
command "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mm_tray
hkey HKLM
command "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mm_tray
hkey HKLM
command "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Motive SmartBridge
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MotiveSB
hkey HKLM
command C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MotiveSB
hkey HKLM
command C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MPFExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MpfTray
hkey HKLM
command C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MpfTray
hkey HKLM
command C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MPSExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mscifapp
hkey HKLM
command C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mscifapp
hkey HKLM
command C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msxct
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msxct
hkey HKLM
command msxct.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msxct
hkey HKLM
command msxct.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nsv
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nsvsvc
hkey HKLM
command C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nsvsvc
hkey HKLM
command C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSof1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\System32\PSof1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\System32\PSof1.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\richup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item richup
hkey HKLM
command C:\WINDOWS\System32\richup.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item richup
hkey HKLM
command C:\WINDOWS\System32\richup.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\secure
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Xagphg
hkey HKLM
command C:\WINDOWS\System32\Xagphg.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Xagphg
hkey HKLM
command C:\WINDOWS\System32\Xagphg.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sysnet
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sysnet
hkey HKLM
command C:\DOCUME~1\Owner\LOCALS~1\Temp\sysnet.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sysnet
hkey HKLM
command C:\DOCUME~1\Owner\LOCALS~1\Temp\sysnet.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System service62
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka62
hkey HKLM
command C:\WINDOWS\etb\pokapoka62.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka62
hkey HKLM
command C:\WINDOWS\etb\pokapoka62.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SystemCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SysCheckBop32
hkey HKLM
command C:\WINDOWS\SysCheckBop32
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SysCheckBop32
hkey HKLM
command C:\WINDOWS\SysCheckBop32
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SystemClockManager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command C:\WINDOWS\\\\\\\\\\\\\\\\\\\
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command C:\WINDOWS\\\\\\\\\\\\\\\\\\\
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tsl2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tsl2
hkey HKLM
command C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tsl2
hkey HKLM
command C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vidctrl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vidctrl
hkey HKLM
command C:\WINDOWS\System32\vidctrl\vidctrl.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vidctrl
hkey HKLM
command C:\WINDOWS\System32\vidctrl\vidctrl.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ViewMgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ViewMgr
hkey HKLM
command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ViewMgr
hkey HKLM
command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusScan Online
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcvsshld
hkey HKLM
command "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcvsshld
hkey HKLM
command "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VSOCheckTask
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcmnhdlr
hkey HKLM
command "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mcmnhdlr
hkey HKLM
command "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/28/2005 11:34:50 AM
I cant find the Kasper log but i know i saved it.
and the file did delete but i still got a zeno popup