2006-08-12 08:46 48,190 C:\RDFX4.exe
2006-08-12 08:46 232,749 C:\WINDOWS\pf78.exe
2006-08-11 23:47 75,776 C:\uoytnq.exe
2006-08-11 23:46 160,800 C:\WINDOWS\system32Fastmp3_Setup1.exe
2006-08-11 23:46 16,384 C:\WINDOWS\system32\loadadv559.exe
2006-08-11 23:46 138,808 C:\WINDOWS\system32\clbcatq.exe
2006-08-11 11:58 49,250 C:\WINDOWS\system32\javaw.exe
2006-08-11 11:58 49,248 C:\WINDOWS\system32\java.exe
2006-08-11 11:58 127,078 C:\WINDOWS\system32\javaws.exe
2006-08-09 09:30 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-08-04 19:55 266,360 C:\WINDOWS\system32\TweakUI.exe
2006-08-04 13:06 402,653,184 C:\pagefile.sys
2006-07-29 19:00 0 C:\loaded.exe
2006-07-29 15:37 70,656 C:\WINDOWS\system32\btpanuib.dll
2006-07-29 15:37 69,632 C:\WINDOWS\system32\compstuid.dll
2006-07-29 10:01 0 C:\WINDOWS\system32cymmh.exe
2006-07-29 10:00 433 C:\WINDOWS\yupvr.dll
2006-07-29 08:52 176,128 C:\WINDOWS\system32\pgqbwa.dll
2006-07-24 11:50 178 C:\WINDOWS\system32\del32.bat
2006-07-07 15:55 195,584 C:\WINDOWS\system32\XVoice.dll
2006-07-07 15:55 190,464 C:\WINDOWS\system32\landplot.dll
2006-07-07 15:55 173,056 C:\WINDOWS\system32\Vtext.dll
2006-07-05 13:52 25 C:\WINDOWS\SW_Win2000X48.DLL
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Optimum Online"="C:\\Program Files\\Optimum Online\\Netsurf.exe -tray"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1124339193\\ee\\AOLSoftware.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32
\\NvCpl.dll,NvStartup"
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"isvea6c6"="RUNDLL32.EXE w005b7de.dll,n 002ea6c400000003005b7de"
"73305db.exe"="C:\\WINDOWS\\system32\\73305db.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"73305db.exe"="C:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\73305db.exe"
"Windows installer"="C:\\winstall.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.punkvoter.com/images/ftr/punkvoterbnr.gif"
"SubscribedURL"="http://www.punkvoter.com/images/ftr/punkvoterbnr.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,e0,01,00,00,3c,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,e0,01,00,00,3c,00,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://newyork.mets.mlb.com/images/players/action/ph_120536.jpg"
"SubscribedURL"="http://newyork.mets.mlb.com/images/players/action/ph_120536.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,61,02,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ee,02,00,00,3d,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,38,8c,c0,06
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\10]
"Source"="http://atlanta.braves.mlb.com/images/players/action/ph_116662.jpg"
"SubscribedURL"="http://atlanta.braves.mlb.com/images/players/action/ph_116662.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cf,01,00,00,d3,01,00,00,bf,00,00,00,87,00,00,00,fc,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,01,00,00,19,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,a0,81,e1,04
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\11]
"Source"="http://sanfrancisco.giants.mlb.com/images/players/action/ph_111188.jpg"
"SubscribedURL"="http://sanfrancisco.giants.mlb.com/images/players/action/ph_111188.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,16,01,00,00,d6,01,00,00,bf,00,00,00,87,00,00,00,fe,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,2b,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,b2,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,90,12,a6,05
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\12]
"Source"="http://www.newyorkjets.com/roster/view_bio_photo.php?id=65"
"SubscribedURL"="http://www.newyorkjets.com/roster/view_bio_photo.php?id=65"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dc,02,00,00,4f,01,00,00,6e,00,00,00,7b,00,00,00,00,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,02,00,00,4f,01,00,00,6e,00,00,00,7b,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9d,02,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,c0,39,bc,05
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\13]
"Source"="http://assets.sportvision.com/falcons/assets/images/1952.jpg"
"SubscribedURL"="http://assets.sportvision.com/falcons/assets/images/1952.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dc,01,00,00,59,00,00,00,8c,00,00,00,9a,00,00,00,02,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,01,00,00,59,00,00,00,8c,00,00,00,9a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,08,e0,c1,05
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\14]
"Source"="http://www.kcchiefs.com/images/HOLMESpriest2002.jpg"
"SubscribedURL"="http://www.kcchiefs.com/images/HOLMESpriest2002.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dc,00,00,00,59,00,00,00,73,00,00,00,ac,00,00,00,04,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,00,00,00,59,00,00,00,73,00,00,00,ac,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,38,50,20,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\15]
"Source"="http://www.nba.com/media/act_jermaine_oneal.jpg"
"SubscribedURL"="http://www.nba.com/media/act_jermaine_oneal.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,ca,01,00,00,6b,00,00,00,8c,00,00,00,dc,00,00,00,06,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,01,00,00,6b,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,e0,4a,3f,06