I "spoke" too soon.
Here's the MS scan results:
Spyware Scan Details
Start Date: 2/25/2006 11:32:50 AM
End Date: 2/25/2006 11:41:02 AM
Total Time: 8 mins 12 secs
Detected Threats
TV Media Display Adware more information...
Details: TV Media Display is secretly installed on your computer to display advertising, usually pop-ups.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected files detected
c:\documents and settings\taylor newcomb\application data\tvmcwrd.dll
c:\documents and settings\taylor newcomb\application data\tvmknwrd.dll
CoolWebSearch.StartPage Browser Modifier more information...
Details: CoolWebSearch StartPage changes Internet Explorers start page, however, it does not allow you to change the URL.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak
AproposMedia Browser Modifier more information...
Details: AproposMedia is a browser modifier that installs with PeopleOnPage (POP). AproposMedia displays pop-up advertisements and changes browser settings.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\LocalServer32 C:\Program Files\CxtPls\CxtPls.exe
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\ProgID
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\VersionIndependentProgID
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}
ShopAtHome Spyware more information...
Details: ShopAtHome is a browser redirector that monitors your browsing behavior and online purchases.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\WINDOWS\Downloaded Program Files\GRInstall6.dll
webHancer Spyware more information...
Details: WebHancer is a spyware program that launches at Windows startup, monitors the Web sites you view, and sends their performance data back to webHancers servers.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
c:\windows\winskw\jau5055.dat
c:\windows\winskw\jsy5055.dat
c:\windows\winskw\rge5055.dat
c:\windows\winskw\sty5055.dat
c:\windows\winskw\ydn5055.dat
Infected folders detected
c:\windows\winskw
Comet Systems Adware more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
c:\windows\downloaded program files\dm.inf
c:\windows\inf\dm.inf
c:\windows\inf\dm.pnf
Internet Enhancement Pak Adware more information...
Details: Internet Enhancement Pak is adware that is bundled in free software products.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\WINDOWS\Downloaded Program Files\actsetup.inf
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\VersionIndependentProgID actsetup.ActSetupObj
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287} CActSetupObj Object
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287} AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\actsetup.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\InprocServer32 ThreadingModel apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\MiscStatus\1 131473
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\ProgID actsetup.ActSetupObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\actsetup.dll, 1
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\actsetup.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\TypeLib {3CA12D40-90E0-4E18-A5EA-9C27B38A9228}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\VersionIndependentProgID actsetup.ActSetupObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287} CActSetupObj Object
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAB3E70B-A847-4A88-ACFC-778FCCC00287} AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\Contains\Files C:\WINDOWS\system32\mfc42.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\Contains\Files C:\WINDOWS\system32\msvcrt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\Contains\Files C:\WINDOWS\system32\olepro32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\Contains\Files C:\WINDOWS\Downloaded Program Files\actsetup.dll
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\InprocServer32 ThreadingModel apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\DownloadInformation CODEBASE http://www.odysseusmarketing.com/actsetup.cab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\actsetup.inf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\InstalledVersion 1,0,0,1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\InstalledVersion LastModified Thu, 27 Jan 2005 22:39:14 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BAB3E70B-A847-4A88-ACFC-778FCCC00287} Installer MSICD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/actsetup.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/actsetup.dll .Owner {BAB3E70B-A847-4A88-ACFC-778FCCC00287}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/actsetup.dll {BAB3E70B-A847-4A88-ACFC-778FCCC00287}
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\ProgID actsetup.ActSetupObj.1
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\actsetup.dll, 1
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\TypeLib {3CA12D40-90E0-4E18-A5EA-9C27B38A9228}
HKEY_CLASSES_ROOT\clsid\{BAB3E70B-A847-4A88-ACFC-778FCCC00287}\Version 1.0
WinSoftware.Winfixer Potentially Unwanted Software more information...
Details: Winfixer is known to be installed through inappropriate bundling and without users consent. It is a software that scans the users system for damaged files and attempts to fix it if the user pays a fee.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\WINDOWS\system32\drivers\d_kmd.sys
EliteMedia Adware more information...
Details: Opens attributed popup advertisements. Adds their website to the Trusted Zones list.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\WINDOWS\eliteunstall.exe
Bitlocker Browser Modifier more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
c:\windows\system32\nsb3af.dll
c:\windows\system32\nsc441.dll
c:\windows\system32\nsl3c.dll
c:\windows\system32\nsm9c.dll
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10049D2A-2965-4e4f-8C7E-CB33AD95FEB7}
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{10049D2A-2965-4e4f-8C7E-CB33AD95FEB7} The Gimp
HKEY_LOCAL_MACHINE\Software\Classes\Le.Toy24.1
HKEY_LOCAL_MACHINE\Software\Classes\Le.Toy24.1\CLSID {01EB5130-FC0C-4d75-B9CE-4801B1B854F5}
HKEY_LOCAL_MACHINE\Software\Classes\Le.Toy24.1 bitlocker
HKEY_LOCAL_MACHINE\Software\Classes\Le.Toy24
HKEY_LOCAL_MACHINE\Software\Classes\Le.Toy24\CLSID {01EB5130-FC0C-4d75-B9CE-4801B1B854F5}
HKEY_LOCAL_MACHINE\Software\Classes\Le.Toy24\CurVer Le.Toy24.1
HKEY_LOCAL_MACHINE\Software\Classes\Le.Toy24 bitlocker
HKEY_LOCAL_MACHINE\Software\Classes\ONONE.Thegimp.1
HKEY_LOCAL_MACHINE\Software\Classes\ONONE.Thegimp.1\CLSID {10049D2A-2965-4e4f-8C7E-CB33AD95FEB7}
HKEY_CLASSES_ROOT\ONONE.Thegimp.1
HKEY_LOCAL_MACHINE\Software\Classes\ONONE.Thegimp.1 The Gimp
HKEY_LOCAL_MACHINE\Software\Classes\ONONE.Thegimp
HKEY_LOCAL_MACHINE\Software\Classes\ONONE.Thegimp\CLSID {10049D2A-2965-4e4f-8C7E-CB33AD95FEB7}
HKEY_LOCAL_MACHINE\Software\Classes\ONONE.Thegimp\CurVer ONONE.Thegimp.1
HKEY_LOCAL_MACHINE\Software\Classes\ONONE.Thegimp The Gimp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker affilate_id Justin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker request_queue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker version 1.32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker db_number 2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ONONE.Thegimp.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker popup_delay 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker refresh_time 60
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker related_pop_type popunder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker ezula_maxdup 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker rand_context_distortion 5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker navigation_error http://69.42.87.219/e.html
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{10049D2A-2965-4e4f-8C7E-CB33AD95FEB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker popup_time_distortion 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker ezula_maxhilight 7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker rand_contextual_pop_type popunder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker popup_ctx_delay 25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker ezula_enabled true
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker random_contextual_enabled true
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker program_push_enabled true
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker icon_drop_enabled true
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker related_popups_enabled true
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker internal_affiliate_id 766
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{10049D2A-2965-4e4f-8C7E-CB33AD95FEB7}\InprocServer32 C:\WINDOWS\system32\nsm9C.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker country_id 225
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker install_timestamp 1138590229
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker last_refresh_time 1139681991
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker last_ezulasync 1138232405
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker push_list
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker last_push_time 1138590152
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker pushed_already
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker date 20060211182546
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{10049D2A-2965-4e4f-8C7E-CB33AD95FEB7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker update_url http://new.trafficsector.com/smb/adm...ilent.1.32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker ctx_popup_shown
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker next_ctx_popup_time 1139682984
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker last_ezula_update_ID 566
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker next_related_time 1139682731
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker installation_id fb577dc9-3b2a-4211-9718-91a507ec4bcf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Bit1ocker user_id 97901
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{10049D2A-2965-4e4f-8C7E-CB33AD95FEB7}\ProgID ONONE.Thegimp.1
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{10049D2A-2965-4e4f-8C7E-CB33AD95FEB7}\TypeLib {82910CE3-D86A-435a-A519-6A8C369855D3}
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{10049D2A-2965-4e4f-8C7E-CB33AD95FEB7}\VersionIndependentProgID ONONE.Thegimp
IBIS Toolbar Adware more information...
Details: IBIS Toolbar is an Internet Explorer search redirector.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected registry keys/values detected
HKEY_CLASSES_ROOT\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}\1.0 Toolbar Library
HKEY_CLASSES_ROOT\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}\1.0\0\win32 C:\PROGRA~1\Toolbar\toolbar.dll
HKEY_CLASSES_ROOT\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}\1.0\FLAGS 4
HKEY_CLASSES_ROOT\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}\1.0\HELPDIR C:\PROGRA~1\Toolbar\
HKEY_CLASSES_ROOT\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}\1.0 Toolbar Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}\1.0\0\win32 C:\PROGRA~1\Toolbar\toolbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}\1.0\FLAGS 4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06}\1.0\HELPDIR C:\PROGRA~1\Toolbar\
Virtual Bouncer Adware more information...
Status: Removed
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.
Infected files detected
c:\windows\system32\innervbinstall.log
TopRebates.WebRebates Adware more information...
Details: TopRebates is a browser toolbar that can display pop-up advertisements and monitor your Web browsing activities.
Status: Removed
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.
Infected files detected
c:\windows\artmmp.ini
DelFin.Media Viewer Adware more information...
Details: DelFin Media Viewer, also called PromulGate, is an adware-based media player.
Status: Quarantined
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.
Infected files detected
c:\documents and settings\all users\application data\pcsvc\adverts\dmv_pop_dp-us-t.dfn
c:\documents and settings\all users\application data\pcsvc\adverts\ink_inkline002-t.dfn
c:\documents and settings\all users\application data\pcsvc\adverts\ink_inkline006-t.dfn
c:\documents and settings\all users\application data\pcsvc\adverts\ink_inkline023-t.dfn
c:\documents and settings\all users\application data\pcsvc\adverts\qf_040226-a203.dfn
Infected folders detected
c:\documents and settings\all users\application data\pcsvc
c:\documents and settings\all users\application data\pcsvc\adverts
Claria.GAIN Adware more information...
Details: Claria.GAIN displays pop-up advertisements based on collected information about you and your Web browsing activities. Claria.GAIN is bundled with advertisement-supported programs from Claria and other companies.
Status: Removed
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.
Infected files detected
c:\windows\gatorpatch.log
PowerReg Scheduler Potentially Unwanted Software more information...
Details: PowerReg Scheduler is a registration system used by some legitimate software programs.
Status: Quarantined
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.
Infected files detected
C:\Documents and Settings\Taylor Newcomb\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Detected Spyware Cookies
No spyware cookies were found during this scan.