Hi there. I stumbled across your site while looking for a way to get rid of this (insert favourite expletive here) trojan. I saw a little ways down the forum that someone else had this same thing. Would that solution work for me as well? Or should I start from scratch? Any help would be much appreciated. The last thing I want to do is take this in to some tech support place where they're going to reformat. There are things on this computer that cannot be replaced. And as a complete and utter moron when it comes to these things, I put myself in your hands and beg assistance :)

First:
Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

HijackThis Download Site

Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial with screenshots on using HijackThis you can click on the link below:

How to use HijackThis to remove Browser Hijackers, Malware, & Spyware


Second:
Download 'Autoruns' from here:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in this thread.

Hi, thank you for the reply and help. Sorry I didn't get back last night. I had to disconnect the computer from the net cause it was rebooting. I'm still running slow so please bear with me :)

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 12:59:38 PM, on 09/04/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\QWxleGFuZHJhIEVtc2xleQAA\command.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\sflwid.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWxleGFuZHJhIEVtc2xleQAA\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


Autoruns log

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Windows Publisher c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Windows Publisher c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ DwlClient Support (Not verified) Dell c:\program files\common files\dell\eusw\support.exe

+ gcasServ Microsoft AntiSpyware Service Microsoft Corporation c:\program files\microsoft antispyware\gcasserv.exe

+ iTunesHelper iTunesHelper Module (Not verified) Apple Computer, Inc. c:\program files\itunes\ituneshelper.exe

+ MCAgentExe McAfee SecurityCenter Agent (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mcagent.exe

+ MCUpdateExe McAfee SecurityCenter Update Engine (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mcupdate.exe

+ NvCplDaemon NVIDIA Display Properties Extension Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\nvcpl.dll

+ OASClnt McAfee VirusScan OAS Client (Not verified) McAfee, Inc. c:\program files\mcafee.com\vso\oasclnt.exe

+ QOELOADER QOELoader Application (Not verified) Qurb, Inc. c:\program files\ca\etrust ez armor\etrust ez anti-spam\qsp-2.1.212.0\qoeloader.exe

+ QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe

+ VirusScan Online McAfee VirusScan ActiveShield Resource (Not verified) McAfee, Inc. c:\program files\mcafee.com\vso\mcvsshld.exe

+ VSOCheckTask McAfee VirusScan Command Handler (Not verified) McAfee, Inc. c:\program files\mcafee.com\vso\mcmnhdlr.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ MsnMsgr MSN Messenger (Not verified) Microsoft Corporation c:\program files\msn messenger\msnmsgr.exe

+ PopUpStopperFreeEdition Pop-Up Stopper Free Edition (Not verified) Panicware, Inc. c:\program files\panicware\pop-up stopper free edition\psfree.exe

HKLM\System\CurrentControlSet\Services

+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Avg7Alrt AVG Alert Manager (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgamsvr.exe

+ Avg7UpdSvc AVG Update Service (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgupsvc.exe

+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ CiSvc Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Microsoft Windows Publisher c:\windows\system32\cisvc.exe

+ cmdService c:\windows\qwxlegfuzhjhievtc2xleqaa\command.exe

+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Windows Publisher c:\windows\system32\services.exe

+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ McDetect.exe McAfee WSC Integration Service (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mcdetect.exe

+ McShield On-Access Scanner service (Not verified) McAfee Inc. c:\program files\mcafee.com\vso\mcshield.exe

+ McTskshd.exe McAfee Task Scheduler (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mctskshd.exe

+ NVSvc Provides system and desktop level support to the NVIDIA display driver Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\nvsvc32.exe

+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Windows Publisher c:\windows\system32\services.exe

+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SamSs Stores security information for local user accounts. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Spooler Loads files to memory for later printing. Microsoft Windows XP Publisher c:\windows\system32\spoolsv.exe

+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ stisvc Provides image acquisition services for scanners and cameras. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SvcProc File not found: C:\WINDOWS\svcproc.exe

+ Themes Provides user experience theme management. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ vsmon Monitors internet traffic and generates alerts for disallowed access. Check Point Software Technologies Inc. c:\windows\system32\zonelabs\vsmon.exe

+ w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ wscsvc Monitors system security settings and configurations. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ wuauserv Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Windows Publisher c:\windows\system32\svchost.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Windows Publisher c:\program files\outlook express\setup50.exe

+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Windows Publisher c:\windows\system32\iedkcs32.dll

+ Internet Explorer Windows NT User Data Migration Tool Microsoft Windows Publisher c:\windows\system32\shmgrate.exe

+ Internet Explorer Windows Setup API Microsoft Windows Publisher c:\windows\system32\setupapi.dll

+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Windows Publisher c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Windows Publisher c:\program files\outlook express\setup50.exe

+ Microsoft Web Publishing Wizard 1.52 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ Microsoft Windows Media Player ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Windows Publisher c:\windows\system32\shmgrate.exe

+ Themes Setup Microsoft© Register Server Microsoft Windows Publisher c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Windows Publisher c:\windows\system32\regsvr32.exe

+ Windows Media Player File not found: C:\WINDOWS\inf\unregmp2.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Windows Publisher c:\windows\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Microsoft AntiSpyware Service Hook Microsoft AntiSpyware Shell Extension Microsoft Corporation c:\program files\microsoft antispyware\shellextension.dll

+ shell32.dll Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Windows Publisher c:\windows\system32\photowiz.dll

+ &Address Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Windows Publisher c:\windows\system32\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Windows Publisher c:\windows\system32\occache.dll

+ Adaptec DirectCD Shell Extension DirectCD Shell Extention DLL (Not verified) Roxio c:\program files\roxio\easy cd creator 5\directcd\shellex.dll

+ Address Bar Parser Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Address EditBox Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Administrative Tools Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Windows XP Publisher c:\windows\system32\wuaucpl.cpl

+ AVG7 Find Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ AVG7 Shell Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ BandProxy Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Briefcase Windows Briefcase Microsoft Windows Publisher c:\windows\system32\syncui.dll

+ budispl.dll File not found: C:\WINDOWS\system32\budispl.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Channel File Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Handler Object Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Menu Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Properties Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Shortcut Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Code Download Agent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ ConnectionAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Windows Publisher c:\windows\system32\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Windows Publisher c:\windows\system32\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ cuusapi.dll File not found: C:\WINDOWS\system32\cuusapi.dll

+ Darwin App Publisher Shell Application Manager Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ dbmv2clt.dll File not found: C:\WINDOWS\system32\dbmv2clt.dll

+ Desktop Explorer NVIDIA Desktop Explorer, Version 67.42 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 67.42 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll

+ DfsShell Distributed File System shell extension Microsoft Windows Publisher c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Directory Service Common UI Microsoft Windows Publisher c:\windows\system32\dsuiext.dll

+ Directory Object Find Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Directory Property UI Directory Service Common UI Microsoft Windows Publisher c:\windows\system32\dsuiext.dll

+ Directory Query UI Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Disk Copy Extension Windows DiskCopy Microsoft Windows Publisher c:\windows\system32\diskcopy.dll

+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Windows Publisher c:\windows\system32\dskquoui.dll

+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Windows Publisher c:\windows\system32\deskadp.dll

+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Windows Publisher c:\windows\system32\deskmon.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Windows Publisher c:\windows\system32\deskperf.dll

+ dn16gt.dLL File not found: C:\WINDOWS\system32\dn16gt.dLL

+ Download Status Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ DS Security Page Directory Service Security UI Microsoft Windows Publisher c:\windows\system32\dssec.dll

+ E-mail Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ ew.dll File not found: C:\WINDOWS\system32\ew.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Extensions Manager Folder Extensions Manager Microsoft Windows Publisher c:\windows\system32\extmgr.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Fonts Windows Font Folder Microsoft Windows Publisher c:\windows\system32\fontext.dll

+ Fonts Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ For &People... Find People Microsoft Windows Publisher c:\program files\outlook express\wabfind.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Windows Publisher c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ ggmf32.dll File not found: C:\WINDOWS\system32\ggmf32.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ guard.tmp File not found: C:\WINDOWS\system32\guard.tmp

+ Help and Support Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ History Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ HRL.DLL File not found: C:\WINDOWS\system32\HRL.DLL

+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ hwtpapi.dll File not found: C:\WINDOWS\system32\hwtpapi.dll

+ HyperTerminal Icon Ext File not found: C:\WINDOWS\System32\hticons.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ inign32.dll File not found: C:\WINDOWS\system32\inign32.dll

+ Installed Apps Enumerator Shell Application Manager Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ Internet Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Internet Name Space Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ InternetShortcut Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ it32_32.dll File not found: C:\WINDOWS\system32\it32_32.dll

+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll

+ ivencode.dll File not found: C:\WINDOWS\system32\ivencode.dll

+ jCvaee.dll File not found: C:\WINDOWS\system32\jCvaee.dll

+ jjdw400.dll File not found: C:\WINDOWS\system32\jjdw400.dll

+ kldit142.dll File not found: C:\WINDOWS\system32\kldit142.dll

+ kpddv.dll File not found: C:\WINDOWS\system32\kpddv.dll

+ kpdinmal.dll File not found: C:\WINDOWS\system32\kpdinmal.dll

+ kqdsmsfi.dll File not found: C:\WINDOWS\system32\kqdsmsfi.dll

+ kqduzb.dll c:\windows\system32\kqduzb.dll

+ ksdbe.dll c:\windows\system32\ksdbe.dll

+ kwdmaori.dll File not found: C:\WINDOWS\system32\kwdmaori.dll

+ lbkrn11n.dll File not found: C:\WINDOWS\system32\lbkrn11n.dll

+ lhrhelp.dll File not found: C:\WINDOWS\system32\lhrhelp.dll

+ mccsubs.dll File not found: C:\WINDOWS\system32\mccsubs.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Windows Publisher c:\windows\msagent\agentpsh.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Windows Publisher c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Office HTML Icon Handler Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\msohev.dll

+ Microsoft Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office10\olkfstub.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Url History Service Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\mmcshext.dll

+ mprating.dll c:\windows\system32\mprating.dll

+ mqls31.dll c:\windows\system32\mqls31.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Windows Publisher c:\windows\system32\mmsys.cpl

+ My Digital Camera CAMVIEW DLL (Not verified) FotoNation Inc. c:\program files\photodeluxe be 1.1\fotonation explorer\camview.dll

+ MyDocs Copy Hook My Documents Folder UI Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ Network Connections Network Connections Shell Microsoft Windows Publisher c:\windows\system32\netshell.dll

+ Network Connections Network Connections Shell Microsoft Windows Publisher c:\windows\system32\netshell.dll

+ nptshell.dll File not found: C:\WINDOWS\system32\nptshell.dll

+ NTFS Security Page Security Shell Extension Microsoft Windows Publisher c:\windows\system32\rshx32.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 67.42 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll

+ odhlp30t.dll File not found: C:\WINDOWS\system32\odhlp30t.dll

+ Offline Files Folder Client Side Caching UI Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ Offline Files Folder Options Client Side Caching UI Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ Offline Files Menu Client Side Caching UI Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ olbc32gt.dll File not found: C:\WINDOWS\system32\olbc32gt.dll

+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Windows Publisher c:\windows\system32\docprop.dll

+ piintui.dll c:\windows\system32\piintui.dll

+ Play on my TV helper NVIDIA Display Properties Extension Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\nvcpl.dll

+ PlusPack CPL Extension Windows Theme API Microsoft Windows Publisher c:\windows\system32\themeui.dll

+ PostAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Previous Versions Previous Versions property page Microsoft Windows Publisher c:\windows\system32\twext.dll

+ Previous Versions Property Page Previous Versions property page Microsoft Windows Publisher c:\windows\system32\twext.dll

+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Printers Security Page Security Shell Extension Microsoft Windows Publisher c:\windows\system32\rshx32.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Windows Publisher c:\windows\system32\remotepg.dll

+ resauto.dll c:\windows\system32\resauto.dll

+ rMsapi32.dll File not found: C:\WINDOWS\system32\rMsapi32.dll

+ Run... Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scheduled Tasks Task Scheduler interface DLL Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Search Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Search Band Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Sendmail service Send Mail Microsoft Windows Publisher c:\windows\system32\sendmail.dll

+ Sendmail service Send Mail Microsoft Windows Publisher c:\windows\system32\sendmail.dll

+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ sgftpub.dll File not found: C:\WINDOWS\system32\sgftpub.dll

+ Shell Application Manager Shell Application Manager Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Windows Publisher c:\windows\system32\ntlanui2.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Windows Publisher c:\windows\system32\ntshrui.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Windows Publisher c:\windows\system32\ntshrui.dll

+ Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Windows Publisher c:\windows\system32\wshext.dll

+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell Scrap DataHandler Shell scrap object handler Microsoft Windows Publisher c:\windows\system32\shscrap.dll

+ sJfrslv.dll File not found: C:\WINDOWS\system32\sJfrslv.dll

+ Subscription Folder Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ supblb.dll File not found: C:\WINDOWS\system32\supblb.dll

+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ The Internet Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ TrayAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ ttappcmp.dll File not found: C:\WINDOWS\system32\ttappcmp.dll

+ ughisapi.dll File not found: C:\WINDOWS\system32\ughisapi.dll

+ User Accounts Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ User Assist Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ utrv80a.dll c:\windows\system32\utrv80a.dll

+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Web Folders Microsoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll

+ Web Printer Shell Extension Print UI DLL Microsoft Windows Publisher c:\windows\system32\printui.dll

+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Web Search Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ WebCheck Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Windows Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Windows Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Windows Publisher c:\windows\system32\wmpshell.dll

+ wrninet.dll File not found: C:\WINDOWS\system32\wrninet.dll

+ wsaspi32.dll c:\windows\system32\wsaspi32.dll

+ wwbclnt.dll File not found: C:\WINDOWS\system32\wwbclnt.dll

+ zwpfldr.dll File not found: C:\WINDOWS\system32\zwpfldr.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ McBrwHelper Class McAfee.com Privacy Service Browser Helper DLL c:\program files\mcafee.com\mps\mcbrhlpr.dll

+ {243B17DE-77C7-46BF-B94B-0B5F309A0E64} MoneySide Controls (Not verified) Microsoft Corporation c:\program files\microsoft money\system\mnyside.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ McAfee VirusScan McAfee VirusScan Shell Extension Module (Not verified) McAfee, Inc. c:\program files\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ AIM AOL Instant Messenger America Online, Inc. c:\program files\aim\aim.exe

+ MoneySide MoneySide Controls (Not verified) Microsoft Corporation c:\program files\microsoft money\system\mnyside.dll

+ Share in H&ello Hello addition to capture and send browser snapshots (Not verified) Picasa, Inc. c:\program files\hello\picasacapture.dll

+ Windows Messenger Windows Messenger Microsoft Windows XP Publisher c:\program files\messenger\msmsgs.exe

Task Scheduler

+ RUTASK.job File not found: C:\WINDOWS\ru.exe

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Auto Check Utility Microsoft Windows Publisher c:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Windows Publisher c:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 Advanced Windows 32 Base API Microsoft Windows Publisher c:\windows\system32\advapi32.dll

+ comdlg32 Common Dialogs DLL Microsoft Windows Publisher c:\windows\system32\comdlg32.dll

+ DllDirectory c:\windows\system32

+ gdi32 GDI Client DLL Microsoft Windows Publisher c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Windows Publisher c:\windows\system32\imagehlp.dll

+ kernel32 Windows NT BASE API Client DLL Microsoft Windows Publisher c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Windows Publisher c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\ole32.dll

+ oleaut32 Microsoft Windows Publisher c:\windows\system32\oleaut32.dll

+ olecli32 Object Linking and Embedding Client Library Microsoft Windows XP Publisher c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Windows Publisher c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Windows Publisher c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Windows Publisher c:\windows\system32\rpcrt4.dll

+ shell32 Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ url Internet Shortcut Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\url.dll

+ urlmon OLE32 Extensions for Win32 Microsoft Windows XP Publisher c:\windows\system32\urlmon.dll

+ user32 Windows XP USER API Client DLL Microsoft Windows XP Publisher c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Windows Publisher c:\windows\system32\version.dll

+ wininet Internet Extensions for Win32 Microsoft Windows XP Publisher c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Windows Publisher c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ cscdll Offline Network Agent Microsoft Windows Publisher c:\windows\system32\cscdll.dll

+ MediaContentIndex c:\windows\system32\sflwid.dll

+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ Schedule Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ SensLogn Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ termsrv Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ wlballoon Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\EASYPH~1.SCR EasyPhoto Screen Saver (Not verified) Storm Technology, Inc. c:\windows\easyphoto slide show.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ McAfee.com Layered Provider mclsp (Not verified) McAfee.COM c:\windows\system32\mclsp.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{567EE01F-F28C-4150-861B-D2A65A751574}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{567EE01F-F28C-4150-861B-D2A65A751574}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{64EA41B9-A1C0-43AD-86E4-915864B9F309}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{64EA41B9-A1C0-43AD-86E4-915864B9F309}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{D0AB957A-45A2-4459-8FCF-FB13796F016C}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{D0AB957A-45A2-4459-8FCF-FB13796F016C}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Windows Publisher c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Windows Publisher c:\windows\system32\rsvpsp.dll

First:
Be sure all windows are closed
From the Desktop...
Start -> Run -> services.msc (press 'Enter')
Scroll down the list of services in the right hand pane
Look for Command Service
Double click on it
In the new dialog box that opens:
Under Service Status, press the 'Stop' button if not greyed out
Under Service Type, use the pulldown menu and change the type to 'Disabled'
Press OK,

Repeat the above steps for System Startup Service
Exit to the Desktop

Reboot in Normal Mode.

Second:
Open a Command Prompt Window (Start -> Run -> cmd)
Enter the following commands: (then press 'Enter')
sc stop cmdService
sc delete cmd Service
sc stop SvcProc
sc delete SvcProc
exit


The Stop commands will most likely fail since you already stopped the services in the step above. It is being done here for safety.


Third:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


Last:
Please download ewido security suite it is a trial version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
  [
• If Ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop.

Now close ewido security suite.

Copy the contents on the Ewido log and post it in this thread.

Sorry, I know it's probably frustrating dealing with someone that knows as little as I do, but could you pretty please explain this part?

Third:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


It's impressive and kinda hot and all, but means about as much to me as football stats.

Looks like I goofed and forgot to post the instructions.

Here is the missing info:

Check the following items in HijackThis.
(note: If any R* items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Close all windows except HijackThis and click Fix checked.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.

So I want to do the first three steps in safe mode? Unless the stuff doesn't show up in Hijackthis while in safemode?

Follow the steps as written. None are done in Safe mode! A reboot, to normal mode, is need after Step 1.

second hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 5:59:44 PM, on 09/04/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Hijackthis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.cnn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\sflwid.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe




Ewido report


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:09:33 PM, 09/04/05
+ Report-Checksum: 71F190B0

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1CFB8B32-4053-4144-AF6F-1540EEC7F101} -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4A0F42B7-A61B-4131-BF41-BF05A2635BFD} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9DBDD71C-0A7F-48AC-9FFA-E102B3750B9D} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C2E56E18-2F04-4AB9-9333-B2DB3C350956} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F8C5EA77-7D72-405C-B90A-093655B0F544} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\FENX -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKU\S-1-5-21-1124251606-1385679030-2457923278-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1124251606-1385679030-2457923278-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75D2080B-4857-4B96-9B7D-732634FBD01F} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1124251606-1385679030-2457923278-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{832BEBED-C3DA-4534-A2C2-B2FFF220C820} -> Spyware.Hijacker.Generic : Cleaned with backup
HKU\S-1-5-21-1124251606-1385679030-2457923278-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1124251606-1385679030-2457923278-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C109664B-CEB1-420B-B353-D55A561536DD} -> Spyware.AdShooter : Cleaned with backup
HKU\S-1-5-21-1124251606-1385679030-2457923278-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1124251606-1385679030-2457923278-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1124251606-1385679030-2457923278-1007\Software\Mvu -> Spyware.Delfin : Cleaned with backup
[712] C:\WINDOWS\system32\sflwid.dll -> Spyware.Look2Me : Error during cleaning
[1500] C:\WINDOWS\system32\hnzlnt04.dll -> Spyware.Look2Me : Error during cleaning
:mozilla.7:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Alexandra Emsley\Application Data\Mozilla\Firefox\Profiles\aym8ximx.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@bookspan.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@e-2dj6wjkygidzggp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@e-2dj6wjliumazogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@e-2dj6wjmyslazkhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Cookies\alexandra emsley@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@ehg-apollogroup.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@ehg-bestbuy.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@sento.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temp\Cookies\alexandra emsley@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temporary Internet Files\Content.IE5\ODAJCL27\upd209[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Alexandra Emsley\Local Settings\Temporary Internet Files\Content.IE5\ODAJCL27\upd209[2].exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\SYSTEM32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@a.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@ehg-apollogroup.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@ehg-bestbuy.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\WINDOWS\Temp\Cookies\alexandra emsley@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINDOWS\Temp\upd209.exe -> Spyware.Look2Me : Cleaned with backup


::Report End

LoPhatPhuud isn't here at the moment. You have an L2M infection though which needs addressing. I'll get you started on it.


Download L2mfix from one of these links:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop. Double click l2mfix.exe. Click the Install button to extract the files and follow the prompts. Open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into your next reply here.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Thank you Mosaic :)


L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\sflwid.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AB360335-AD1E-32F0-F8A4-EBA85AEA7EB0}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{C56C4E21-706D-11d0-AFC5-444553540002}"="My Digital Camera"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{65DA50E7-1F63-481F-88F0-C3430D164147}"=""
"{A03E5A9C-5A3D-47F5-AA6B-4ECAFAEE7BD7}"=""
"{F6EFE6E8-63FC-4605-9236-7406503FAD76}"=""
"{B1266960-ADA1-4C4D-855C-911BF9004EE5}"=""
"{2DF60049-5E4B-4BA4-98AD-DED280D5BE18}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{7FD99644-2762-4E9C-BF63-CF126FA4B87C}"=""
"{43274D13-2781-4F2A-83B5-DD463F07EFE1}"=""
"{C31ADBD1-A81A-4159-AF99-900000DA04AE}"=""
"{E2A3A83D-250E-4B8D-8D61-91F3F2878BEE}"=""
"{BA5856FC-301B-4B7B-A6DC-89F3F269540F}"=""
"{E76AC4FA-977F-4CD7-AC7E-60896013C9E7}"=""
"{49E2AC19-9A0B-4463-B5F4-A4135E6ABC94}"=""
"{2DEE8576-E05F-4994-BE8D-A74C4BE89C3A}"=""
"{BA6A239A-3C9F-4A3D-9C2E-580B41B58A7B}"=""
"{29D7FB6B-4D57-46C2-AB5C-4D0B2D9BAD7C}"=""
"{FBD53DA3-EA8F-4F29-934E-823703F88E05}"=""
"{3A505464-BC1E-4645-AD79-82206B53B087}"=""
"{80206795-059C-4F91-9DBD-209DAB479C4F}"=""
"{A455F89F-096D-496E-9072-7881B6F52AC4}"=""
"{D657EF45-84D7-4DB7-A52F-4292C9F11757}"=""
"{4883711C-7D39-4637-82CC-14358F09F3D3}"=""
"{3538303F-0399-434A-9520-8E61BF4C4B70}"=""
"{06A1927C-9ABA-44B9-B1FE-41240F3DDCD1}"=""
"{16F921FA-893A-41E6-82EB-983413656208}"=""
"{07DF1C56-193F-4778-95A8-7D0589871248}"=""
"{D6727653-942C-44F8-A08E-7FA0E8153CFE}"=""
"{B071A2A0-F1F3-44F4-A304-52184EC54BDC}"=""
"{C12CAECC-1A86-428D-93FB-1E8577346EF2}"=""
"{FF9FBE9E-6782-4A5A-BA2C-EFACC83FE162}"=""
"{8913DF23-069B-4CC1-8EAE-FB21B8CF47B9}"=""
"{E9EB4CDC-9E79-4D69-B381-C7FF4B8A9994}"=""
"{ED02828A-2642-4195-9C73-B9E3F14F1E02}"=""
"{0A64AED3-9BB7-47BE-8966-09F29840D32B}"=""
"{E242E0DC-A42A-470B-8443-C4F798139903}"=""
"{71A56B63-01BE-4283-A133-2AD8B14F99B8}"=""
"{C2F70889-60EB-45A8-A289-23912ADD3274}"=""
"{35B4201B-3A04-4209-8AD3-9F5D33C276A5}"=""
"{764F02CF-CD88-4630-A910-BCB34B25036B}"=""
"{25630985-146B-471A-83BA-C525BA121C16}"=""
"{CB71E2AA-4093-46CE-B824-F4ED03B913E9}"=""
"{78929651-FD86-43E3-93E8-AEEFD0B925A7}"=""
"{7E4B7777-93CB-499E-A710-9156E47A7A67}"=""
"{D5642B1E-B4AE-456C-9823-81EBF0374095}"=""
"{0F863F35-AB97-45A3-84D5-0F4C370B2120}"=""
"{32893082-8D91-4565-9860-FC6961D7BD71}"=""
"{F1918BEB-EFA2-4916-A791-0D57C5B6CCFF}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{65DA50E7-1F63-481F-88F0-C3430D164147}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65DA50E7-1F63-481F-88F0-C3430D164147}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65DA50E7-1F63-481F-88F0-C3430D164147}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65DA50E7-1F63-481F-88F0-C3430D164147}\InprocServer32]
@="C:\\WINDOWS\\system32\\HRL.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A03E5A9C-5A3D-47F5-AA6B-4ECAFAEE7BD7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A03E5A9C-5A3D-47F5-AA6B-4ECAFAEE7BD7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A03E5A9C-5A3D-47F5-AA6B-4ECAFAEE7BD7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A03E5A9C-5A3D-47F5-AA6B-4ECAFAEE7BD7}\InprocServer32]
@="C:\\WINDOWS\\system32\\ggmf32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F6EFE6E8-63FC-4605-9236-7406503FAD76}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{F6EFE6E8-63FC-4605-9236-7406503FAD76}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6EFE6E8-63FC-4605-9236-7406503FAD76}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6EFE6E8-63FC-4605-9236-7406503FAD76}\InprocServer32]
@="C:\\WINDOWS\\system32\\it32_32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B1266960-ADA1-4C4D-855C-911BF9004EE5}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{B1266960-ADA1-4C4D-855C-911BF9004EE5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B1266960-ADA1-4C4D-855C-911BF9004EE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B1266960-ADA1-4C4D-855C-911BF9004EE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\kldit142.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2DF60049-5E4B-4BA4-98AD-DED280D5BE18}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{2DF60049-5E4B-4BA4-98AD-DED280D5BE18}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2DF60049-5E4B-4BA4-98AD-DED280D5BE18}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2DF60049-5E4B-4BA4-98AD-DED280D5BE18}\InprocServer32]
@="C:\\WINDOWS\\system32\\kwdmaori.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7FD99644-2762-4E9C-BF63-CF126FA4B87C}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{7FD99644-2762-4E9C-BF63-CF126FA4B87C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7FD99644-2762-4E9C-BF63-CF126FA4B87C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7FD99644-2762-4E9C-BF63-CF126FA4B87C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{43274D13-2781-4F2A-83B5-DD463F07EFE1}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{43274D13-2781-4F2A-83B5-DD463F07EFE1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{43274D13-2781-4F2A-83B5-DD463F07EFE1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{43274D13-2781-4F2A-83B5-DD463F07EFE1}\InprocServer32]
@="C:\\WINDOWS\\system32\\jjdw400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C31ADBD1-A81A-4159-AF99-900000DA04AE}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{C31ADBD1-A81A-4159-AF99-900000DA04AE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C31ADBD1-A81A-4159-AF99-900000DA04AE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C31ADBD1-A81A-4159-AF99-900000DA04AE}\InprocServer32]
@="C:\\WINDOWS\\system32\\jCvaee.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E2A3A83D-250E-4B8D-8D61-91F3F2878BEE}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{E2A3A83D-250E-4B8D-8D61-91F3F2878BEE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2A3A83D-250E-4B8D-8D61-91F3F2878BEE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2A3A83D-250E-4B8D-8D61-91F3F2878BEE}\InprocServer32]
@="C:\\WINDOWS\\system32\\kqdsmsfi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BA5856FC-301B-4B7B-A6DC-89F3F269540F}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{BA5856FC-301B-4B7B-A6DC-89F3F269540F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA5856FC-301B-4B7B-A6DC-89F3F269540F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA5856FC-301B-4B7B-A6DC-89F3F269540F}\InprocServer32]
@="C:\\WINDOWS\\system32\\lhrhelp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E76AC4FA-977F-4CD7-AC7E-60896013C9E7}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{E76AC4FA-977F-4CD7-AC7E-60896013C9E7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E76AC4FA-977F-4CD7-AC7E-60896013C9E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E76AC4FA-977F-4CD7-AC7E-60896013C9E7}\InprocServer32]
@="C:\\WINDOWS\\system32\\ughisapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{49E2AC19-9A0B-4463-B5F4-A4135E6ABC94}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{49E2AC19-9A0B-4463-B5F4-A4135E6ABC94}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49E2AC19-9A0B-4463-B5F4-A4135E6ABC94}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49E2AC19-9A0B-4463-B5F4-A4135E6ABC94}\InprocServer32]
@="C:\\WINDOWS\\system32\\wrninet.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2DEE8576-E05F-4994-BE8D-A74C4BE89C3A}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{2DEE8576-E05F-4994-BE8D-A74C4BE89C3A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2DEE8576-E05F-4994-BE8D-A74C4BE89C3A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2DEE8576-E05F-4994-BE8D-A74C4BE89C3A}\InprocServer32]
@="C:\\WINDOWS\\system32\\odhlp30t.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BA6A239A-3C9F-4A3D-9C2E-580B41B58A7B}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{BA6A239A-3C9F-4A3D-9C2E-580B41B58A7B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA6A239A-3C9F-4A3D-9C2E-580B41B58A7B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA6A239A-3C9F-4A3D-9C2E-580B41B58A7B}\InprocServer32]
@="C:\\WINDOWS\\system32\\rMsapi32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{29D7FB6B-4D57-46C2-AB5C-4D0B2D9BAD7C}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{29D7FB6B-4D57-46C2-AB5C-4D0B2D9BAD7C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29D7FB6B-4D57-46C2-AB5C-4D0B2D9BAD7C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29D7FB6B-4D57-46C2-AB5C-4D0B2D9BAD7C}\InprocServer32]
@="C:\\WINDOWS\\system32\\kpdinmal.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FBD53DA3-EA8F-4F29-934E-823703F88E05}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{FBD53DA3-EA8F-4F29-934E-823703F88E05}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FBD53DA3-EA8F-4F29-934E-823703F88E05}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FBD53DA3-EA8F-4F29-934E-823703F88E05}\InprocServer32]
@="C:\\WINDOWS\\system32\\lbkrn11n.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3A505464-BC1E-4645-AD79-82206B53B087}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A505464-BC1E-4645-AD79-82206B53B087}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A505464-BC1E-4645-AD79-82206B53B087}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A505464-BC1E-4645-AD79-82206B53B087}\InprocServer32]
@="C:\\WINDOWS\\system32\\mccsubs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{80206795-059C-4F91-9DBD-209DAB479C4F}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{80206795-059C-4F91-9DBD-209DAB479C4F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80206795-059C-4F91-9DBD-209DAB479C4F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80206795-059C-4F91-9DBD-209DAB479C4F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wwbclnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A455F89F-096D-496E-9072-7881B6F52AC4}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{A455F89F-096D-496E-9072-7881B6F52AC4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A455F89F-096D-496E-9072-7881B6F52AC4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A455F89F-096D-496E-9072-7881B6F52AC4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ew.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D657EF45-84D7-4DB7-A52F-4292C9F11757}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D657EF45-84D7-4DB7-A52F-4292C9F11757}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D657EF45-84D7-4DB7-A52F-4292C9F11757}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D657EF45-84D7-4DB7-A52F-4292C9F11757}\InprocServer32]
@="C:\\WINDOWS\\system32\\sJfrslv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4883711C-7D39-4637-82CC-14358F09F3D3}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{4883711C-7D39-4637-82CC-14358F09F3D3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4883711C-7D39-4637-82CC-14358F09F3D3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4883711C-7D39-4637-82CC-14358F09F3D3}\InprocServer32]
@="C:\\WINDOWS\\system32\\nptshell.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3538303F-0399-434A-9520-8E61BF4C4B70}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{3538303F-0399-434A-9520-8E61BF4C4B70}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3538303F-0399-434A-9520-8E61BF4C4B70}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3538303F-0399-434A-9520-8E61BF4C4B70}\InprocServer32]
@="C:\\WINDOWS\\system32\\olbc32gt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{06A1927C-9ABA-44B9-B1FE-41240F3DDCD1}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{06A1927C-9ABA-44B9-B1FE-41240F3DDCD1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06A1927C-9ABA-44B9-B1FE-41240F3DDCD1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06A1927C-9ABA-44B9-B1FE-41240F3DDCD1}\InprocServer32]
@="C:\\WINDOWS\\system32\\dbmv2clt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{16F921FA-893A-41E6-82EB-983413656208}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{16F921FA-893A-41E6-82EB-983413656208}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16F921FA-893A-41E6-82EB-983413656208}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16F921FA-893A-41E6-82EB-983413656208}\InprocServer32]
@="C:\\WINDOWS\\system32\\dn16gt.dLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{07DF1C56-193F-4778-95A8-7D0589871248}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07DF1C56-193F-4778-95A8-7D0589871248}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07DF1C56-193F-4778-95A8-7D0589871248}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07DF1C56-193F-4778-95A8-7D0589871248}\InprocServer32]
@="C:\\WINDOWS\\system32\\ivencode.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D6727653-942C-44F8-A08E-7FA0E8153CFE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D6727653-942C-44F8-A08E-7FA0E8153CFE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D6727653-942C-44F8-A08E-7FA0E8153CFE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D6727653-942C-44F8-A08E-7FA0E8153CFE}\InprocServer32]
@="C:\\WINDOWS\\system32\\inign32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B071A2A0-F1F3-44F4-A304-52184EC54BDC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B071A2A0-F1F3-44F4-A304-52184EC54BDC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B071A2A0-F1F3-44F4-A304-52184EC54BDC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B071A2A0-F1F3-44F4-A304-52184EC54BDC}\InprocServer32]
@="C:\\WINDOWS\\system32\\sgftpub.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C12CAECC-1A86-428D-93FB-1E8577346EF2}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{C12CAECC-1A86-428D-93FB-1E8577346EF2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C12CAECC-1A86-428D-93FB-1E8577346EF2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C12CAECC-1A86-428D-93FB-1E8577346EF2}\InprocServer32]
@="C:\\WINDOWS\\system32\\zwpfldr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FF9FBE9E-6782-4A5A-BA2C-EFACC83FE162}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{FF9FBE9E-6782-4A5A-BA2C-EFACC83FE162}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF9FBE9E-6782-4A5A-BA2C-EFACC83FE162}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF9FBE9E-6782-4A5A-BA2C-EFACC83FE162}\InprocServer32]
@="C:\\WINDOWS\\system32\\cuusapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8913DF23-069B-4CC1-8EAE-FB21B8CF47B9}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{8913DF23-069B-4CC1-8EAE-FB21B8CF47B9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8913DF23-069B-4CC1-8EAE-FB21B8CF47B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8913DF23-069B-4CC1-8EAE-FB21B8CF47B9}\InprocServer32]
@="C:\\WINDOWS\\system32\\hwtpapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E9EB4CDC-9E79-4D69-B381-C7FF4B8A9994}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{E9EB4CDC-9E79-4D69-B381-C7FF4B8A9994}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9EB4CDC-9E79-4D69-B381-C7FF4B8A9994}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9EB4CDC-9E79-4D69-B381-C7FF4B8A9994}\InprocServer32]
@="C:\\WINDOWS\\system32\\kpddv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ED02828A-2642-4195-9C73-B9E3F14F1E02}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{ED02828A-2642-4195-9C73-B9E3F14F1E02}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED02828A-2642-4195-9C73-B9E3F14F1E02}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED02828A-2642-4195-9C73-B9E3F14F1E02}\InprocServer32]
@="C:\\WINDOWS\\system32\\supblb.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0A64AED3-9BB7-47BE-8966-09F29840D32B}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{0A64AED3-9BB7-47BE-8966-09F29840D32B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0A64AED3-9BB7-47BE-8966-09F29840D32B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0A64AED3-9BB7-47BE-8966-09F29840D32B}\InprocServer32]
@="C:\\WINDOWS\\system32\\ttappcmp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E242E0DC-A42A-470B-8443-C4F798139903}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{E242E0DC-A42A-470B-8443-C4F798139903}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E242E0DC-A42A-470B-8443-C4F798139903}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E242E0DC-A42A-470B-8443-C4F798139903}\InprocServer32]
@="C:\\WINDOWS\\system32\\piintui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{71A56B63-01BE-4283-A133-2AD8B14F99B8}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{71A56B63-01BE-4283-A133-2AD8B14F99B8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71A56B63-01BE-4283-A133-2AD8B14F99B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71A56B63-01BE-4283-A133-2AD8B14F99B8}\InprocServer32]
@="C:\\WINDOWS\\system32\\budispl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C2F70889-60EB-45A8-A289-23912ADD3274}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{C2F70889-60EB-45A8-A289-23912ADD3274}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C2F70889-60EB-45A8-A289-23912ADD3274}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C2F70889-60EB-45A8-A289-23912ADD3274}\InprocServer32]
@="C:\\WINDOWS\\system32\\rEsauto.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{35B4201B-3A04-4209-8AD3-9F5D33C276A5}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{35B4201B-3A04-4209-8AD3-9F5D33C276A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35B4201B-3A04-4209-8AD3-9F5D33C276A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35B4201B-3A04-4209-8AD3-9F5D33C276A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\WSASPI32.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{764F02CF-CD88-4630-A910-BCB34B25036B}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{764F02CF-CD88-4630-A910-BCB34B25036B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{764F02CF-CD88-4630-A910-BCB34B25036B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{764F02CF-CD88-4630-A910-BCB34B25036B}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqls31.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{25630985-146B-471A-83BA-C525BA121C16}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{25630985-146B-471A-83BA-C525BA121C16}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{25630985-146B-471A-83BA-C525BA121C16}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{25630985-146B-471A-83BA-C525BA121C16}\InprocServer32]
@="C:\\WINDOWS\\system32\\mprating.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CB71E2AA-4093-46CE-B824-F4ED03B913E9}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{CB71E2AA-4093-46CE-B824-F4ED03B913E9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB71E2AA-4093-46CE-B824-F4ED03B913E9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB71E2AA-4093-46CE-B824-F4ED03B913E9}\InprocServer32]
@="C:\\WINDOWS\\system32\\kqduzb.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{78929651-FD86-43E3-93E8-AEEFD0B925A7}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{78929651-FD86-43E3-93E8-AEEFD0B925A7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{78929651-FD86-43E3-93E8-AEEFD0B925A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{78929651-FD86-43E3-93E8-AEEFD0B925A7}\InprocServer32]
@="C:\\WINDOWS\\system32\\ksdbe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7E4B7777-93CB-499E-A710-9156E47A7A67}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{7E4B7777-93CB-499E-A710-9156E47A7A67}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E4B7777-93CB-499E-A710-9156E47A7A67}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E4B7777-93CB-499E-A710-9156E47A7A67}\InprocServer32]
@="C:\\WINDOWS\\system32\\muident.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D5642B1E-B4AE-456C-9823-81EBF0374095}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{D5642B1E-B4AE-456C-9823-81EBF0374095}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D5642B1E-B4AE-456C-9823-81EBF0374095}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D5642B1E-B4AE-456C-9823-81EBF0374095}\InprocServer32]
@="C:\\WINDOWS\\system32\\ukrcoina.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0F863F35-AB97-45A3-84D5-0F4C370B2120}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{0F863F35-AB97-45A3-84D5-0F4C370B2120}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F863F35-AB97-45A3-84D5-0F4C370B2120}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F863F35-AB97-45A3-84D5-0F4C370B2120}\InprocServer32]
@="C:\\WINDOWS\\system32\\ubrv80a.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{32893082-8D91-4565-9860-FC6961D7BD71}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{32893082-8D91-4565-9860-FC6961D7BD71}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{32893082-8D91-4565-9860-FC6961D7BD71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{32893082-8D91-4565-9860-FC6961D7BD71}\InprocServer32]
@="C:\\WINDOWS\\system32\\kldca.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F1918BEB-EFA2-4916-A791-0D57C5B6CCFF}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{F1918BEB-EFA2-4916-A791-0D57C5B6CCFF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1918BEB-EFA2-4916-A791-0D57C5B6CCFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1918BEB-EFA2-4916-A791-0D57C5B6CCFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\pkintui.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 24A4-F0A1

Directory of C:\WINDOWS\System32

09/04/05 05:51 PM 417,792 hnzlnt04.dll
08/23/05 10:43 PM <DIR> DLLCACHE
08/23/05 01:47 PM 417,792 sflwid.dll
08/25/03 09:43 AM <DIR> Microsoft
2 File(s) 835,584 bytes
2 Dir(s) 40,230,297,600 bytes free

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.


IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

Thank you again for all your help.

l2mfix log

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peaco*k@beyondlogic.org
Killing PID 1588 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peaco*k@beyondlogic.org
Killing PID 1600 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (188 bytes security) (deflated 72%)
adding: SystemInfo.ini (188 bytes security) (deflated 3%)
adding: DVDPATH.TXT (188 bytes security) (deflated 9%)
adding: ezsetuplog.txt (188 bytes security) (stored 0%)
adding: lo2.txt (188 bytes security) (deflated 54%)
adding: nvlog.txt (128 bytes security) (stored 0%)
adding: test.txt (188 bytes security) (stored 0%)
adding: test2.txt (188 bytes security) (deflated 50%)
adding: test3.txt (188 bytes security) (deflated 50%)
adding: test5.txt (188 bytes security) (deflated 50%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{65DA50E7-1F63-481F-88F0-C3430D164147}"=-
"{A03E5A9C-5A3D-47F5-AA6B-4ECAFAEE7BD7}"=-
"{F6EFE6E8-63FC-4605-9236-7406503FAD76}"=-
"{B1266960-ADA1-4C4D-855C-911BF9004EE5}"=-
"{2DF60049-5E4B-4BA4-98AD-DED280D5BE18}"=-
"{7FD99644-2762-4E9C-BF63-CF126FA4B87C}"=-
"{43274D13-2781-4F2A-83B5-DD463F07EFE1}"=-
"{C31ADBD1-A81A-4159-AF99-900000DA04AE}"=-
"{E2A3A83D-250E-4B8D-8D61-91F3F2878BEE}"=-
"{BA5856FC-301B-4B7B-A6DC-89F3F269540F}"=-
"{E76AC4FA-977F-4CD7-AC7E-60896013C9E7}"=-
"{49E2AC19-9A0B-4463-B5F4-A4135E6ABC94}"=-
"{2DEE8576-E05F-4994-BE8D-A74C4BE89C3A}"=-
"{BA6A239A-3C9F-4A3D-9C2E-580B41B58A7B}"=-
"{29D7FB6B-4D57-46C2-AB5C-4D0B2D9BAD7C}"=-
"{FBD53DA3-EA8F-4F29-934E-823703F88E05}"=-
"{3A505464-BC1E-4645-AD79-82206B53B087}"=-
"{80206795-059C-4F91-9DBD-209DAB479C4F}"=-
"{A455F89F-096D-496E-9072-7881B6F52AC4}"=-
"{D657EF45-84D7-4DB7-A52F-4292C9F11757}"=-
"{4883711C-7D39-4637-82CC-14358F09F3D3}"=-
"{3538303F-0399-434A-9520-8E61BF4C4B70}"=-
"{06A1927C-9ABA-44B9-B1FE-41240F3DDCD1}"=-
"{16F921FA-893A-41E6-82EB-983413656208}"=-
"{07DF1C56-193F-4778-95A8-7D0589871248}"=-
"{D6727653-942C-44F8-A08E-7FA0E8153CFE}"=-
"{B071A2A0-F1F3-44F4-A304-52184EC54BDC}"=-
"{C12CAECC-1A86-428D-93FB-1E8577346EF2}"=-
"{FF9FBE9E-6782-4A5A-BA2C-EFACC83FE162}"=-
"{8913DF23-069B-4CC1-8EAE-FB21B8CF47B9}"=-
"{E9EB4CDC-9E79-4D69-B381-C7FF4B8A9994}"=-
"{ED02828A-2642-4195-9C73-B9E3F14F1E02}"=-
"{0A64AED3-9BB7-47BE-8966-09F29840D32B}"=-
"{E242E0DC-A42A-470B-8443-C4F798139903}"=-
"{71A56B63-01BE-4283-A133-2AD8B14F99B8}"=-
"{C2F70889-60EB-45A8-A289-23912ADD3274}"=-
"{35B4201B-3A04-4209-8AD3-9F5D33C276A5}"=-
"{764F02CF-CD88-4630-A910-BCB34B25036B}"=-
"{25630985-146B-471A-83BA-C525BA121C16}"=-
"{CB71E2AA-4093-46CE-B824-F4ED03B913E9}"=-
"{78929651-FD86-43E3-93E8-AEEFD0B925A7}"=-
"{7E4B7777-93CB-499E-A710-9156E47A7A67}"=-
"{D5642B1E-B4AE-456C-9823-81EBF0374095}"=-
"{0F863F35-AB97-45A3-84D5-0F4C370B2120}"=-
"{32893082-8D91-4565-9860-FC6961D7BD71}"=-
"{F1918BEB-EFA2-4916-A791-0D57C5B6CCFF}"=-
"{4E19FD38-BF58-4B3F-BE22-1C492706279D}"=-
[-HKEY_CLASSES_ROOT\CLSID\{65DA50E7-1F63-481F-88F0-C3430D164147}]
[-HKEY_CLASSES_ROOT\CLSID\{A03E5A9C-5A3D-47F5-AA6B-4ECAFAEE7BD7}]
[-HKEY_CLASSES_ROOT\CLSID\{F6EFE6E8-63FC-4605-9236-7406503FAD76}]
[-HKEY_CLASSES_ROOT\CLSID\{B1266960-ADA1-4C4D-855C-911BF9004EE5}]
[-HKEY_CLASSES_ROOT\CLSID\{2DF60049-5E4B-4BA4-98AD-DED280D5BE18}]
[-HKEY_CLASSES_ROOT\CLSID\{7FD99644-2762-4E9C-BF63-CF126FA4B87C}]
[-HKEY_CLASSES_ROOT\CLSID\{43274D13-2781-4F2A-83B5-DD463F07EFE1}]
[-HKEY_CLASSES_ROOT\CLSID\{C31ADBD1-A81A-4159-AF99-900000DA04AE}]
[-HKEY_CLASSES_ROOT\CLSID\{E2A3A83D-250E-4B8D-8D61-91F3F2878BEE}]
[-HKEY_CLASSES_ROOT\CLSID\{BA5856FC-301B-4B7B-A6DC-89F3F269540F}]
[-HKEY_CLASSES_ROOT\CLSID\{E76AC4FA-977F-4CD7-AC7E-60896013C9E7}]
[-HKEY_CLASSES_ROOT\CLSID\{49E2AC19-9A0B-4463-B5F4-A4135E6ABC94}]
[-HKEY_CLASSES_ROOT\CLSID\{2DEE8576-E05F-4994-BE8D-A74C4BE89C3A}]
[-HKEY_CLASSES_ROOT\CLSID\{BA6A239A-3C9F-4A3D-9C2E-580B41B58A7B}]
[-HKEY_CLASSES_ROOT\CLSID\{29D7FB6B-4D57-46C2-AB5C-4D0B2D9BAD7C}]
[-HKEY_CLASSES_ROOT\CLSID\{FBD53DA3-EA8F-4F29-934E-823703F88E05}]
[-HKEY_CLASSES_ROOT\CLSID\{3A505464-BC1E-4645-AD79-82206B53B087}]
[-HKEY_CLASSES_ROOT\CLSID\{80206795-059C-4F91-9DBD-209DAB479C4F}]
[-HKEY_CLASSES_ROOT\CLSID\{A455F89F-096D-496E-9072-7881B6F52AC4}]
[-HKEY_CLASSES_ROOT\CLSID\{D657EF45-84D7-4DB7-A52F-4292C9F11757}]
[-HKEY_CLASSES_ROOT\CLSID\{4883711C-7D39-4637-82CC-14358F09F3D3}]
[-HKEY_CLASSES_ROOT\CLSID\{3538303F-0399-434A-9520-8E61BF4C4B70}]
[-HKEY_CLASSES_ROOT\CLSID\{06A1927C-9ABA-44B9-B1FE-41240F3DDCD1}]
[-HKEY_CLASSES_ROOT\CLSID\{16F921FA-893A-41E6-82EB-983413656208}]
[-HKEY_CLASSES_ROOT\CLSID\{07DF1C56-193F-4778-95A8-7D0589871248}]
[-HKEY_CLASSES_ROOT\CLSID\{D6727653-942C-44F8-A08E-7FA0E8153CFE}]
[-HKEY_CLASSES_ROOT\CLSID\{B071A2A0-F1F3-44F4-A304-52184EC54BDC}]
[-HKEY_CLASSES_ROOT\CLSID\{C12CAECC-1A86-428D-93FB-1E8577346EF2}]
[-HKEY_CLASSES_ROOT\CLSID\{FF9FBE9E-6782-4A5A-BA2C-EFACC83FE162}]
[-HKEY_CLASSES_ROOT\CLSID\{8913DF23-069B-4CC1-8EAE-FB21B8CF47B9}]
[-HKEY_CLASSES_ROOT\CLSID\{E9EB4CDC-9E79-4D69-B381-C7FF4B8A9994}]
[-HKEY_CLASSES_ROOT\CLSID\{ED02828A-2642-4195-9C73-B9E3F14F1E02}]
[-HKEY_CLASSES_ROOT\CLSID\{0A64AED3-9BB7-47BE-8966-09F29840D32B}]
[-HKEY_CLASSES_ROOT\CLSID\{E242E0DC-A42A-470B-8443-C4F798139903}]
[-HKEY_CLASSES_ROOT\CLSID\{71A56B63-01BE-4283-A133-2AD8B14F99B8}]
[-HKEY_CLASSES_ROOT\CLSID\{C2F70889-60EB-45A8-A289-23912ADD3274}]
[-HKEY_CLASSES_ROOT\CLSID\{35B4201B-3A04-4209-8AD3-9F5D33C276A5}]
[-HKEY_CLASSES_ROOT\CLSID\{764F02CF-CD88-4630-A910-BCB34B25036B}]
[-HKEY_CLASSES_ROOT\CLSID\{25630985-146B-471A-83BA-C525BA121C16}]
[-HKEY_CLASSES_ROOT\CLSID\{CB71E2AA-4093-46CE-B824-F4ED03B913E9}]
[-HKEY_CLASSES_ROOT\CLSID\{78929651-FD86-43E3-93E8-AEEFD0B925A7}]
[-HKEY_CLASSES_ROOT\CLSID\{7E4B7777-93CB-499E-A710-9156E47A7A67}]
[-HKEY_CLASSES_ROOT\CLSID\{D5642B1E-B4AE-456C-9823-81EBF0374095}]
[-HKEY_CLASSES_ROOT\CLSID\{0F863F35-AB97-45A3-84D5-0F4C370B2120}]
[-HKEY_CLASSES_ROOT\CLSID\{32893082-8D91-4565-9860-FC6961D7BD71}]
[-HKEY_CLASSES_ROOT\CLSID\{F1918BEB-EFA2-4916-A791-0D57C5B6CCFF}]
[-HKEY_CLASSES_ROOT\CLSID\{4E19FD38-BF58-4B3F-BE22-1C492706279D}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 10:06:42 AM, on 09/05/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.cnn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

That looks much better. Now for another deep check...

Download 'Autoruns' from here:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in this thread.

Well you guys have done SOMETHING wonderful. I haven't had pop ups all day nor has the computer mock rebooted :) Here's the Autoruns log.


HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Windows Publisher c:\windows\system32\userinit.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Windows Publisher c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ DwlClient Support (Not verified) Dell c:\program files\common files\dell\eusw\support.exe

+ gcasServ Microsoft AntiSpyware Service Microsoft Corporation c:\program files\microsoft antispyware\gcasserv.exe

+ iTunesHelper iTunesHelper Module (Not verified) Apple Computer, Inc. c:\program files\itunes\ituneshelper.exe

+ MCAgentExe McAfee SecurityCenter Agent (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mcagent.exe

+ MCUpdateExe McAfee SecurityCenter Update Engine (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mcupdate.exe

+ NvCplDaemon NVIDIA Display Properties Extension Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\nvcpl.dll

+ OASClnt McAfee VirusScan OAS Client (Not verified) McAfee, Inc. c:\program files\mcafee.com\vso\oasclnt.exe

+ QOELOADER QOELoader Application (Not verified) Qurb, Inc. c:\program files\ca\etrust ez armor\etrust ez anti-spam\qsp-2.1.212.0\qoeloader.exe

+ QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe

+ VirusScan Online McAfee VirusScan ActiveShield Resource (Not verified) McAfee, Inc. c:\program files\mcafee.com\vso\mcvsshld.exe

+ VSOCheckTask McAfee VirusScan Command Handler (Not verified) McAfee, Inc. c:\program files\mcafee.com\vso\mcmnhdlr.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

C:\Documents and Settings\Alexandra Emsley\Start Menu\Programs\Startup

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ MsnMsgr MSN Messenger (Not verified) Microsoft Corporation c:\program files\msn messenger\msnmsgr.exe

+ PopUpStopperFreeEdition Pop-Up Stopper Free Edition (Not verified) Panicware, Inc. c:\program files\panicware\pop-up stopper free edition\psfree.exe

+ Yahoo! Pager c:\documents and settings\christie\messenger\ypager.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\System\CurrentControlSet\Services

+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Avg7Alrt AVG Alert Manager (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgamsvr.exe

+ Avg7UpdSvc AVG Update Service (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgupsvc.exe

+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ CiSvc Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Microsoft Windows Publisher c:\windows\system32\cisvc.exe

+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Windows Publisher c:\windows\system32\services.exe

+ ewido security suite control ewido control (Not verified) ewido networks c:\ewido\security suite\ewidoctrl.exe

+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ McDetect.exe McAfee WSC Integration Service (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mcdetect.exe

+ McShield On-Access Scanner service (Not verified) McAfee Inc. c:\program files\mcafee.com\vso\mcshield.exe

+ McTskshd.exe McAfee Task Scheduler (Not verified) McAfee, Inc c:\program files\mcafee.com\agent\mctskshd.exe

+ NVSvc Provides system and desktop level support to the NVIDIA display driver Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\nvsvc32.exe

+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Windows Publisher c:\windows\system32\services.exe

+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SamSs Stores security information for local user accounts. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Spooler Loads files to memory for later printing. Microsoft Windows XP Publisher c:\windows\system32\spoolsv.exe

+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ stisvc Provides image acquisition services for scanners and cameras. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Themes Provides user experience theme management. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ vsmon Monitors internet traffic and generates alerts for disallowed access. Check Point Software Technologies Inc. c:\windows\system32\zonelabs\vsmon.exe

+ w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ wscsvc Monitors system security settings and configurations. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ wuauserv Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Windows Publisher c:\windows\system32\svchost.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Windows Publisher c:\program files\outlook express\setup50.exe

+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Windows Publisher c:\windows\system32\iedkcs32.dll

+ Internet Explorer Windows NT User Data Migration Tool Microsoft Windows Publisher c:\windows\system32\shmgrate.exe

+ Internet Explorer Windows Setup API Microsoft Windows Publisher c:\windows\system32\setupapi.dll

+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Windows Publisher c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Windows Publisher c:\program files\outlook express\setup50.exe

+ Microsoft Web Publishing Wizard 1.52 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ Microsoft Windows Media Player ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Windows Publisher c:\windows\system32\shmgrate.exe

+ Themes Setup Microsoft© Register Server Microsoft Windows Publisher c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Windows Publisher c:\windows\system32\regsvr32.exe

+ Windows Media Player File not found: C:\WINDOWS\inf\unregmp2.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Windows Publisher c:\windows\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ ewido shell guard c:\ewido\security suite\shellhook.dll

+ Microsoft AntiSpyware Service Hook Microsoft AntiSpyware Shell Extension Microsoft Corporation c:\program files\microsoft antispyware\shellextension.dll

+ shell32.dll Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Windows Publisher c:\windows\system32\photowiz.dll

+ &Address Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Windows Publisher c:\windows\system32\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Windows Publisher c:\windows\system32\occache.dll

+ Adaptec DirectCD Shell Extension DirectCD Shell Extention DLL (Not verified) Roxio c:\program files\roxio\easy cd creator 5\directcd\shellex.dll

+ Address Bar Parser Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Address EditBox Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Administrative Tools Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Windows XP Publisher c:\windows\system32\wuaucpl.cpl

+ AVG7 Find Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ AVG7 Shell Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ BandProxy Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Briefcase Windows Briefcase Microsoft Windows Publisher c:\windows\system32\syncui.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Channel File Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Handler Object Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Menu Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Properties Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Shortcut Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Code Download Agent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ ConnectionAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Windows Publisher c:\windows\system32\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Windows Publisher c:\windows\system32\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Darwin App Publisher Shell Application Manager Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ Desktop Explorer NVIDIA Desktop Explorer, Version 67.42 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 67.42 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll

+ DfsShell Distributed File System shell extension Microsoft Windows Publisher c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Directory Service Common UI Microsoft Windows Publisher c:\windows\system32\dsuiext.dll

+ Directory Object Find Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Directory Property UI Directory Service Common UI Microsoft Windows Publisher c:\windows\system32\dsuiext.dll

+ Directory Query UI Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Disk Copy Extension Windows DiskCopy Microsoft Windows Publisher c:\windows\system32\diskcopy.dll

+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Windows Publisher c:\windows\system32\dskquoui.dll

+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Windows Publisher c:\windows\system32\deskadp.dll

+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Windows Publisher c:\windows\system32\deskmon.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Windows Publisher c:\windows\system32\deskperf.dll

+ Download Status Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ DS Security Page Directory Service Security UI Microsoft Windows Publisher c:\windows\system32\dssec.dll

+ E-mail Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Extensions Manager Folder Extensions Manager Microsoft Windows Publisher c:\windows\system32\extmgr.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Fonts Windows Font Folder Microsoft Windows Publisher c:\windows\system32\fontext.dll

+ Fonts Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ For &People... Find People Microsoft Windows Publisher c:\program files\outlook express\wabfind.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Windows Publisher c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ History Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ HyperTerminal Icon Ext File not found: C:\WINDOWS\System32\hticons.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Installed Apps Enumerator Shell Application Manager Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ Internet Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Internet Name Space Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ InternetShortcut Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Windows Publisher c:\windows\msagent\agentpsh.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Windows Publisher c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Office HTML Icon Handler Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\msohev.dll

+ Microsoft Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office10\olkfstub.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Url History Service Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\mmcshext.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Windows Publisher c:\windows\system32\mmsys.cpl

+ My Digital Camera CAMVIEW DLL (Not verified) FotoNation Inc. c:\program files\photodeluxe be 1.1\fotonation explorer\camview.dll

+ MyDocs Copy Hook My Documents Folder UI Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ Network Connections Network Connections Shell Microsoft Windows Publisher c:\windows\system32\netshell.dll

+ Network Connections Network Connections Shell Microsoft Windows Publisher c:\windows\system32\netshell.dll

+ NTFS Security Page Security Shell Extension Microsoft Windows Publisher c:\windows\system32\rshx32.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 67.42 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Offline Files Folder Client Side Caching UI Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ Offline Files Folder Options Client Side Caching UI Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ Offline Files Menu Client Side Caching UI Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Windows Publisher c:\windows\system32\docprop.dll

+ Play on my TV helper NVIDIA Display Properties Extension Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\nvcpl.dll

+ PlusPack CPL Extension Windows Theme API Microsoft Windows Publisher c:\windows\system32\themeui.dll

+ PostAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Previous Versions Previous Versions property page Microsoft Windows Publisher c:\windows\system32\twext.dll

+ Previous Versions Property Page Previous Versions property page Microsoft Windows Publisher c:\windows\system32\twext.dll

+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Printers Security Page Security Shell Extension Microsoft Windows Publisher c:\windows\system32\rshx32.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Windows Publisher c:\windows\system32\remotepg.dll

+ Run... Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scheduled Tasks Task Scheduler interface DLL Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Search Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Search Band Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Sendmail service Send Mail Microsoft Windows Publisher c:\windows\system32\sendmail.dll

+ Sendmail service Send Mail Microsoft Windows Publisher c:\windows\system32\sendmail.dll

+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell Application Manager Shell Application Manager Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Windows Publisher c:\windows\system32\ntlanui2.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Windows Publisher c:\windows\system32\ntshrui.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Windows Publisher c:\windows\system32\ntshrui.dll

+ Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Windows Publisher c:\windows\system32\wshext.dll

+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell Scrap DataHandler Shell scrap object handler Microsoft Windows Publisher c:\windows\system32\shscrap.dll

+ Subscription Folder Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ The Internet Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ TrayAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ User Accounts Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ User Assist Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Web Folders Microsoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll

+ Web Printer Shell Extension Print UI DLL Microsoft Windows Publisher c:\windows\system32\printui.dll

+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Web Search Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ WebCheck Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Windows Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Windows Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Windows Publisher c:\windows\system32\wmpshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ McBrwHelper Class McAfee.com Privacy Service Browser Helper DLL c:\program files\mcafee.com\mps\mcbrhlpr.dll

+ {243B17DE-77C7-46BF-B94B-0B5F309A0E64} MoneySide Controls (Not verified) Microsoft Corporation c:\program files\microsoft money\system\mnyside.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ McAfee VirusScan McAfee VirusScan Shell Extension Module (Not verified) McAfee, Inc. c:\program files\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ AIM AOL Instant Messenger America Online, Inc. c:\program files\aim\aim.exe

+ MoneySide MoneySide Controls (Not verified) Microsoft Corporation c:\program files\microsoft money\system\mnyside.dll

+ Share in H&ello Hello addition to capture and send browser snapshots (Not verified) Picasa, Inc. c:\program files\hello\picasacapture.dll

+ Windows Messenger Windows Messenger Microsoft Windows XP Publisher c:\program files\messenger\msmsgs.exe

+ Yahoo! Messenger c:\documents and settings\christie\messenger\ypager.exe

Task Scheduler

+ RUTASK.job File not found: C:\WINDOWS\ru.exe

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Auto Check Utility Microsoft Windows Publisher c:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Windows Publisher c:\windows\system32\ntsd.exe

HKLM\SOFTWARE\Microsoft\Command Processor\Autorun

HKCU\SOFTWARE\Microsoft\Command Processor\Autorun

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 Advanced Windows 32 Base API Microsoft Windows Publisher c:\windows\system32\advapi32.dll

+ comdlg32 Common Dialogs DLL Microsoft Windows Publisher c:\windows\system32\comdlg32.dll

+ DllDirectory c:\windows\system32

+ gdi32 GDI Client DLL Microsoft Windows Publisher c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Windows Publisher c:\windows\system32\imagehlp.dll

+ kernel32 Windows NT BASE API Client DLL Microsoft Windows Publisher c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Windows Publisher c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\ole32.dll

+ oleaut32 Microsoft Windows Publisher c:\windows\system32\oleaut32.dll

+ olecli32 Object Linking and Embedding Client Library Microsoft Windows XP Publisher c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Windows Publisher c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Windows Publisher c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Windows Publisher c:\windows\system32\rpcrt4.dll

+ shell32 Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ url Internet Shortcut Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\url.dll

+ urlmon OLE32 Extensions for Win32 Microsoft Windows XP Publisher c:\windows\system32\urlmon.dll

+ user32 Windows XP USER API Client DLL Microsoft Windows XP Publisher c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Windows Publisher c:\windows\system32\version.dll

+ wininet Internet Extensions for Win32 Microsoft Windows XP Publisher c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Windows Publisher c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ cscdll Offline Network Agent Microsoft Windows Publisher c:\windows\system32\cscdll.dll

+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ Schedule Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ SensLogn Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ termsrv Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ wlballoon Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ wzcnotif Wireless Zero Configuration Service UI Microsoft Windows Publisher c:\windows\system32\wzcdlg.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\EASYPH~1.SCR EasyPhoto Screen Saver (Not verified) Storm Technology, Inc. c:\windows\easyphoto slide show.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ McAfee.com Layered Provider mclsp (Not verified) McAfee.COM c:\windows\system32\mclsp.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{567EE01F-F28C-4150-861B-D2A65A751574}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{567EE01F-F28C-4150-861B-D2A65A751574}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{64EA41B9-A1C0-43AD-86E4-915864B9F309}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{64EA41B9-A1C0-43AD-86E4-915864B9F309}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{D0AB957A-45A2-4459-8FCF-FB13796F016C}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{D0AB957A-45A2-4459-8FCF-FB13796F016C}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Windows Publisher c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Windows Publisher c:\windows\system32\rsvpsp.dll

Looks good. All nice and clean...


At last, your system is clean and free of spyware! Want to keep it that way?

Here are some simple steps you can take to reduce the chance of infection in the future.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and Internet Explorer. This includes SP1 and SP2 if you use Windows XP. The first defense against infection is a properly patched Operating System.
a. Windows Update: http://windowsupdate.microsoft.com/

If you have Word, Excel, Outlook or other Office programs installed. Consider using Microsoft Update instead of Windows Update. See the FAQ page here for more information: http://update.microsoft.com/microsoftupdat...t.aspx?ln=en-us

Also, download and install Microsoft Baseline Analyzer.(Note that MBSA is only for Win 2000 SP3 or later and Office XP or later) When run, it will check system for security exposures, including missing updates. I suggest running it weekly. You can obtain more information here: http://www.microsoft.com/technet/security/...s/mbsahome.mspx


2. Adjust your security settings for ActiveX:
Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options)
Press 'default level', then OK
Now press "Custom Level."

In the ActiveX controls and plug-ins section set these options:
'Download signed ActiveX controls' - Prompt
'Download unsigned ActiveX controls' - Disable
'Initialize and script ActiveX controls not maked as safe'- Disable
All other options accept the default

For Windows XP2 SP2 users, check this link for additional steps you can take to secure Internet Explorer: http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
Also,for Sp2 SP2 and IE users, in IE, Tools -> Manage Add-ons will give you a list of all BHO's, Extensions, and ActiveX modules installed on your computer. You can update, enable or disable them.
3. Download and install the following free programs
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm
c. BHODemon: http://www.definitivesolutions.com/bhodemon.htm

4. Install Spyware Detection and Removal Programs:
You may also want to consider installing one (or more) of the following:
a. Microsoft AntiSpyware: http://www.microsoft.com/athome/security/s...re/default.mspx
NOTE: MS AntiSpyware only runs on Windows 2000, XP, and 2003.
b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download
c. AdAware Personal: http://www.lavasoft.de/
d. CounterSpy: http://www.sunbelt-software.com/ (not free but well worth the $19.95)

Use these programs to regularly scan your system for and remove many forms of spyware/malware. I recommend a combination of Microsoft Spyware and TeaTimer from Spybot S&D.

If you use, or plan on using, additional spyware/malware detection and/or removal programs, please check Items 8 and 9.

5. Install 'Spoofstick"
Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites. This extension is free and installs in Internet Explorer and Mozilla Firefox.
a. http://www.corestreet.com/spoofstick

6. Reset System Restore
If you are using Windows ME or Windows XP, please reset your System Restore. See Windows help for information.

7. Clean Temporary Files and Folders
Download and install the disk cleanup utility called Cleanup! from here:
http://cleanup.stevengould.org/
http://www.hijackthislogs.com/dl/CleanUp312.exe

Cleanup! will get rid of any malware which may be hiding in your temp folders (a common hiding place). You may also regain a massive amount of disk space.
Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/forums/tutorial93.html

Run the disk cleanup utility called Cleanup! that you have already downloaded and installed
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Then reboot into normal mode to let it clean out the remaining files.

8. Rogue/Suspect Anti-Spyware
Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

9. Anti-Spyware Programs Compared
Want to know just how effective your anti-spyware program is? Wonder how well any of the "rogue" programs listed above work? Check this link for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

10. Alternate Browser
Consider using an alternate browser as your default. I recommend and use Firefox as my primary browser. It is still necessary to keep Internet Explorer current and protected in order to use Windows Update.


For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

"It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned."

Good luck, and thanks for coming to our forums for help with your security and malware issues.