Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 39

Thread: Can't download/install/run any anti virus...

  1. #11
    Junior Member
    Join Date
    Jan 2007
    Posts
    25

    Default

    McAfee's installed!!

    Quick question...I had my USB drives disconnected during the Kaspersky scan. Should I run the Kasp. scan again with them connected or will McAfee suffice?

  2. #12
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Ok good

    Any issues with the pc ?

    No need for rerun with Kaspersky but I recommend that you run a full scan with McAfee.
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  3. #13
    Junior Member
    Join Date
    Jan 2007
    Posts
    25

    Default

    Yeah one thing...

    the explorer/task bar does the "toggle" as mentioned earlier and then the pc freezes. I have no idea what causes this?!?!?

    FYI...I thought it may have had something to do with the new IE7, however, I just downloaded Firefox ver. 2.0 yesterday and the pc did it again today.

  4. #14
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Ok so still freezes...

    Let's do a little more research

    Make a new folder in the C:\drive called silentrunners
    Download 'silent runners" from here: (direct download)
    http://www.silentrunners.org/Silent%20Runners.vbs
    Save it to your silentrunners folder.

    Click start> run> type cmd and hit enter
    Type the following exactly and hit enter after each line.
    cd c:\silentrunners and hit enter
    "silent runners.vbs" -all and hit enter

    Wait until it pops up saying its completed, then post the resulting logfile here
    It will be very large. You may need several posts to include everything
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  5. #15
    Junior Member
    Join Date
    Jan 2007
    Posts
    25

    Default

    Post #1

    "Silent Runners.vbs", revision 49, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output of all locations checked and all values found.


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
    "Sunkist2k" = ""C:\Program Files\Multimedia Card Reader\shwicon2k.exe"" ["Alcor Micro, Corp."]
    "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
    "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
    "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Windows Media Player"
    \StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {089FD14D-132B-48FC-8861-0048AE113215}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\SiteAdvisor\4979\SiteAdv.dll" ["McAfee, Inc."]
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! IE Services Button"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"
    -> {HKLM...CLSID} = "scriptproxy"
    \InProcServer32\(Default) = "c:\program files\mcafee\virusscan\scriptcl.dll" ["McAfee, Inc."]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{00022613-0000-0000-C000-000000000046}" = "Multimedia File Property Sheet"
    -> {HKLM...CLSID} = "Multimedia File Property Sheet"
    \InProcServer32\(Default) = "mmsys.cpl" [MS]
    "{176d6597-26d3-11d1-b350-080036a75b03}" = "ICM Scanner Management"
    -> {HKLM...CLSID} = "ICM Scanner Management"
    \InProcServer32\(Default) = "icmui.dll" [MS]
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS Security Page"
    -> {HKLM...CLSID} = "Security Shell Extension"
    \InProcServer32\(Default) = "rshx32.dll" [MS]
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "OLE Docfile Property Page"
    -> {HKLM...CLSID} = "OLE Docfile Property Page"
    \InProcServer32\(Default) = "docprop.dll" [MS]
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Shell extensions for sharing"
    -> {HKLM...CLSID} = "Shell extensions for sharing"
    \InProcServer32\(Default) = "ntshrui.dll" [MS]
    "{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
    -> {HKLM...CLSID} = "PlusPack CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\themeui.dll" [MS]
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Display Adapter CPL Extension"
    -> {HKLM...CLSID} = "Display Adapter CPL Extension"
    \InProcServer32\(Default) = "deskadp.dll" [MS]
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Display Monitor CPL Extension"
    -> {HKLM...CLSID} = "Display Monitor CPL Extension"
    \InProcServer32\(Default) = "deskmon.dll" [MS]
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "DS Security Page"
    -> {HKLM...CLSID} = "Security Shell Extension"
    \InProcServer32\(Default) = "dssec.dll" [MS]
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Compatibility Page"
    -> {HKLM...CLSID} = "Compatibility Page"
    \InProcServer32\(Default) = "SlayerXP.dll" [MS]
    "{56117100-C0CD-101B-81E2-00AA004AE837}" = "Shell Scrap DataHandler"
    -> {HKLM...CLSID} = "Shell Scrap DataHandler"
    \InProcServer32\(Default) = "shscrap.dll" [MS]
    "{59099400-57FF-11CE-BD94-0020AF85B590}" = "Disk Copy Extension"
    -> {HKLM...CLSID} = "Disk Copy Extension"
    \InProcServer32\(Default) = "diskcopy.dll" [MS]
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Shell extensions for Microsoft Windows Network objects"
    -> {HKLM...CLSID} = "Shell extensions for Microsoft Windows Network objects"
    \InProcServer32\(Default) = "ntlanui2.dll" [MS]
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "ICM Monitor Management"
    -> {HKLM...CLSID} = "ICM Monitor Management"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS]
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "ICM Printer Management"
    -> {HKLM...CLSID} = "ICM Printer Management"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
    "{77597368-7b15-11d0-a0c2-080036af3f03}" = "Web Printer Shell Extension"
    -> {HKLM...CLSID} = "Web Printer Shell Extension"
    \InProcServer32\(Default) = "printui.dll" [MS]
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
    -> {HKLM...CLSID} = "Microsoft Disk Quota UI"
    \InProcServer32\(Default) = "dskquoui.dll" [MS]
    "{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Briefcase"
    -> {HKLM...CLSID} = "Briefcase"
    \InProcServer32\(Default) = "syncui.dll" [MS]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
    -> {HKLM...CLSID} = "Fonts"
    \InProcServer32\(Default) = "fontext.dll" [MS]
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "ICC Profile"
    -> {HKLM...CLSID} = "ICC Profile"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Printers Security Page"
    -> {HKLM...CLSID} = "Security Shell Extension"
    \InProcServer32\(Default) = "rshx32.dll" [MS]
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Shell extensions for sharing"
    -> {HKLM...CLSID} = "Shell extensions for sharing"
    \InProcServer32\(Default) = "ntshrui.dll" [MS]
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
    -> {HKLM...CLSID} = "Display TroubleShoot CPL Extension"
    \InProcServer32\(Default) = "deskperf.dll" [MS]
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto PKO Extension"
    -> {HKLM...CLSID} = "CryptPKO Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto Sign Extension"
    -> {HKLM...CLSID} = "CryptSig Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Network Connections"
    -> {HKLM...CLSID} = "Network Connections"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Network Connections"
    -> {HKLM...CLSID} = "Network Connections"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "Scanners & Cameras"
    -> {HKLM...CLSID} = "Scanners & Cameras"
    \InProcServer32\(Default) = "wiashext.dll" [MS]
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "Scanners & Cameras"
    -> {HKLM...CLSID} = "Scanners & Cameras"
    \InProcServer32\(Default) = "wiashext.dll" [MS]
    "{905667aa-acd6-11d2-8080-00805f6596d2}" = "Scanners & Cameras"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "wiashext.dll" [MS]
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "Scanners & Cameras"
    -> {HKLM...CLSID} = "Scanners & Cameras"
    \InProcServer32\(Default) = "wiashext.dll" [MS]
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "Scanners & Cameras"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "wiashext.dll" [MS]
    "{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
    -> {HKLM...CLSID} = "Remote Sessions CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\remotepg.dll" [MS]
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
    -> {HKLM...CLSID} = "Auto Update Property Sheet Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\wuaucpl.cpl" [MS]
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Shell extensions for Windows Script Host"
    -> {HKLM...CLSID} = "Shell Extension For Windows Script Host"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\wshext.dll" [MS]
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft Data Link"
    -> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\System\Ole DB\oledb32.dll" [MS]
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
    -> {HKLM...CLSID} = "Scheduling UI icon handler"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
    -> {HKLM...CLSID} = "Scheduling UI property sheet handler"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Scheduled Tasks"
    -> {HKLM...CLSID} = "Scheduled Tasks"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS]
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Search"
    -> {HKLM...CLSID} = "Search"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Help and Support"
    -> {HKLM...CLSID} = "Help and Support"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Help and Support"
    -> {HKLM...CLSID} = "Windows Security"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Run..."
    -> {HKLM...CLSID} = "Run..."
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet"
    -> {HKLM...CLSID} = "Internet"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "E-mail"
    -> {HKLM...CLSID} = "E-mail"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Fonts"
    -> {HKLM...CLSID} = "Fonts"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Administrative Tools"
    -> {HKLM...CLSID} = "Administrative Tools"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
    -> {HKLM...CLSID} = "Audio Media Properties Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
    -> {HKLM...CLSID} = "Video Media Properties Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
    -> {HKLM...CLSID} = "Wav Properties Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
    -> {HKLM...CLSID} = "Avi Properties Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
    -> {HKLM...CLSID} = "Midi Properties Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
    -> {HKLM...CLSID} = "Video Thumbnail Extractor"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS]
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Microsoft Internet Toolbar"
    -> {HKLM...CLSID} = "Microsoft Internet Toolbar"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Download Status"
    -> {HKLM...CLSID} = "Download Status"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Augmented Shell Folder"
    -> {HKLM...CLSID} = "Augmented Shell Folder"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
    -> {HKLM...CLSID} = "Augmented Shell Folder 2"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
    -> {HKLM...CLSID} = "BandProxy"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
    -> {HKLM...CLSID} = "Microsoft BrowserBand"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "IE Search Band"
    -> {HKLM...CLSID} = "IE Search Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "In-pane search"
    -> {HKLM...CLSID} = "In-pane search"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Web Search"
    -> {HKLM...CLSID} = "Web Search"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Registry Tree Options Utility"
    -> {HKLM...CLSID} = "Registry Tree Options Utility"

  6. #16
    Junior Member
    Join Date
    Jan 2007
    Posts
    25

    Default

    Post #2

    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Address"
    -> {HKLM...CLSID} = "&Address"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Address EditBox"
    -> {HKLM...CLSID} = "Address EditBox"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Microsoft AutoComplete"
    -> {HKLM...CLSID} = "Microsoft AutoComplete"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
    -> {HKLM...CLSID} = "TridentImageExtractor"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{6756A641-DE71-11d0-831B-00AA005B4383}" = "MRU AutoComplete List"
    -> {HKLM...CLSID} = "MRU AutoComplete List"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
    -> {HKLM...CLSID} = "Custom MRU AutoCompleted List"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"
    -> {HKLM...CLSID} = "Accessible"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
    -> {HKLM...CLSID} = "Track Popup Bar"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" = "Address Bar Parser"
    -> {HKLM...CLSID} = "Address Bar Parser"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Microsoft History AutoComplete List"
    -> {HKLM...CLSID} = "Microsoft History AutoComplete List"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{03C036F1-A186-11D0-824A-00AA005B4383}" = "Microsoft Shell Folder AutoComplete List"
    -> {HKLM...CLSID} = "Microsoft Shell Folder AutoComplete List"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Microsoft Multiple AutoComplete List Container"
    -> {HKLM...CLSID} = "Microsoft Multiple AutoComplete List Container"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Shell Band Site Menu"
    -> {HKLM...CLSID} = "Shell Band Site Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp"
    -> {HKLM...CLSID} = "Shell DeskBarApp"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Shell DeskBar"
    -> {HKLM...CLSID} = "Shell DeskBar"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
    -> {HKLM...CLSID} = "Shell Rebar BandSite"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "User Assist"
    -> {HKLM...CLSID} = "User Assist"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Global Folder Settings"
    -> {HKLM...CLSID} = "Global Folder Settings"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"
    -> {HKLM...CLSID} = "Favorites Band"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"
    -> {HKLM...CLSID} = "Shell Automation Inproc Service"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer"
    -> {HKLM...CLSID} = "Shell DocObject Viewer"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"
    -> {HKLM...CLSID} = "Microsoft Browser Architecture"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"
    -> {HKLM...CLSID} = "Internet Shortcut"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service"
    -> {HKLM...CLSID} = "Microsoft Url History Service"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{FF393560-C2A7-11CF-BFF4-444553540000}" = "History"
    -> {HKLM...CLSID} = "History"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
    -> {HKLM...CLSID} = "Temporary Internet Files"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
    -> {HKLM...CLSID} = "Temporary Internet Files"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook"
    -> {HKLM...CLSID} = "Microsoft Url Search Hook"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "IE4 Suite Splash Screen"
    -> {HKLM...CLSID} = "IE4 Suite Splash Screen"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook"
    -> {HKLM...CLSID} = "CDF Extension Copy Hook"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"
    -> {HKLM...CLSID} = "ISFBand OC"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"
    -> {HKLM...CLSID} = "Search Assistant OC"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "The Internet"
    -> {HKLM...CLSID} = "The Internet"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band"
    -> {HKLM...CLSID} = "Explorer Band"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" [MS]
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" [MS]
    "{88C6C381-2E85-11D0-94DE-444553540000}" = "ActiveX Cache Folder"
    -> {HKLM...CLSID} = "ActiveX Cache Folder"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\occache.dll" [MS]
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"
    -> {HKLM...CLSID} = "WebCheck"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr"
    -> {HKLM...CLSID} = "Subscription Mgr"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
    "{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Subscription Folder"
    -> {HKLM...CLSID} = "Subscription Folder"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
    "{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"
    -> {HKLM...CLSID} = "WebCheckWebCrawler"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent"
    -> {HKLM...CLSID} = "WebCheckChannelAgent"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent"
    -> {HKLM...CLSID} = "TrayAgent"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent"
    -> {HKLM...CLSID} = "Code Download Agent"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent"
    -> {HKLM...CLSID} = "ConnectionAgent"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent"
    -> {HKLM...CLSID} = "PostAgent"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS]
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler"
    -> {HKLM...CLSID} = "WebCheck SyncMgr Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Shell Application Manager"
    -> {HKLM...CLSID} = "Shell Application Manager"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
    "{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Installed Apps Enumerator"
    -> {HKLM...CLSID} = "Installed Apps Enumerator"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
    "{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher"
    -> {HKLM...CLSID} = "Darwin App Publisher"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS]
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs"
    -> {HKLM...CLSID} = "Shell Image Verbs"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory"
    -> {HKLM...CLSID} = "Shell Image Data Factory"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "GDI+ file thumbnail extractor"
    -> {HKLM...CLSID} = "GDI+ file thumbnail extractor"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Summary Info Thumbnail handler (DOCFILES)"
    -> {HKLM...CLSID} = "Summary Info Thumbnail handler (DOCFILES)"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "HTML Thumbnail Extractor"
    -> {HKLM...CLSID} = "HTML Thumbnail Extractor"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler"
    -> {HKLM...CLSID} = "Shell Image Property Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS]
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Web Publishing Wizard"
    -> {HKLM...CLSID} = "Web Publishing Wizard"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Print Ordering via the Web"
    -> {HKLM...CLSID} = "Print Ordering via the Web"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Shell Publishing Wizard Object"
    -> {HKLM...CLSID} = "Shell Publishing Wizard Object"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Get a Passport Wizard"
    -> {HKLM...CLSID} = "Get a Passport Wizard"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS]
    "{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Compressed (zipped) Folder"
    -> {HKLM...CLSID} = "CompressedFolder"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
    "{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler"
    -> {HKLM...CLSID} = "Compressed (zipped) Folder Right Drag Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target"
    -> {HKLM...CLSID} = "Compressed (zipped) Folder SendTo Target"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS]
    "{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview"
    -> {HKLM...CLSID} = "Microsoft FTP Folder"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\msieftp.dll" [MS]
    "{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"
    -> {HKLM...CLSID} = "Microsoft DocProp Shell Ext"

  7. #17
    Junior Member
    Join Date
    Jan 2007
    Posts
    25

    Default

    Post #3

    \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control"
    -> {HKLM...CLSID} = "Microsoft DocProp Inplace Edit Box Control"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control"
    -> {HKLM...CLSID} = "Microsoft DocProp Inplace ML Edit Box Control"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control"
    -> {HKLM...CLSID} = "Microsoft DocProp Inplace Droplist Combo Control"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"
    -> {HKLM...CLSID} = "Microsoft DocProp Inplace Calendar Control"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control"
    -> {HKLM...CLSID} = "Microsoft DocProp Inplace Time Control"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS]
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS]
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS]
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS]
    "{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
    "{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"
    -> {HKLM...CLSID} = "MyDocs Drop Target"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"
    -> {HKLM...CLSID} = "MyDocs menu and properties"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS]
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu"
    -> {HKLM...CLSID} = "Offline Files Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options"
    -> {HKLM...CLSID} = "Offline Files Folder Options"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Offline Files Folder"
    -> {HKLM...CLSID} = "Offline Files Folder"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler"
    -> {HKLM...CLSID} = "Microsoft Agent Character Property Sheet Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [MS]
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"
    -> {HKLM...CLSID} = "DfsShell Class"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\dfsshlex.dll" [MS]
    "{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"
    -> {HKLM...CLSID} = "DropTarget Object for Photo Printing Wizard"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\photowiz.dll" [MS]
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"
    -> {HKLM...CLSID} = "ExtractIcon Class"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [MS]
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"
    -> {HKLM...CLSID} = "Cabinet File"
    \InProcServer32\(Default) = "cabview.dll" [MS]
    "{32714800-2E5F-11d0-8B85-00AA0044F941}" = "For &People..."
    -> {HKLM...CLSID} = "For &People..."
    \InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [MS]
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Burn Audio CD Context Menu Handler"
    -> {HKLM...CLSID} = "WMP Burn Audio CD Launcher"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Play as Playlist Context Menu Handler"
    -> {HKLM...CLSID} = "WMP Play As Playlist Launcher"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler"
    -> {HKLM...CLSID} = "WMP Add To Playlist Launcher"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}" = "Fusion Cache"
    -> {HKLM...CLSID} = "Fusion Cache"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
    "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
    -> {HKLM...CLSID} = "RecordNow! SendToExt"
    \InProcServer32\(Default) = "c:\Program Files\RecordNow!\shlext.dll" ["Sonic Solutions"]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = "Web Folders"
    -> {HKLM...CLSID} = "Web Folders"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL" [MS]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
    -> {HKLM...CLSID} = "SampleView"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" = "Set Program Access and Defaults"
    -> {HKLM...CLSID} = "Set Program Access and Defaults"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
    -> {HKLM...CLSID} = "Previous Versions Property Page"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [MS]
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
    -> {HKLM...CLSID} = "Previous Versions"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [MS]
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" = "Extensions Manager Folder"
    -> {HKLM...CLSID} = "Extensions Manager Folder"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\extmgr.dll" [MS]
    "{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"
    -> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll" ["Roxio"]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
    -> {HKLM...CLSID} = "Shell Extension for CDRW"
    \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
    "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
    -> {HKLM...CLSID} = "YMailShellExt Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
    -> {HKLM...CLSID} = "ShellLink for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}" = "iolo Context Defrag"
    -> {HKLM...CLSID} = "iolo Context Defrag"
    \InProcServer32\(Default) = "C:\PROGRA~1\iolo\SYSTEM~1\CONTEX~1.DLL" ["iolo technologies, LLC"]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "My Sharing Folders"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
    "{07C45BB1-4A8C-4642-A1F5-237E7215FF66}" = "IE Microsoft BrowserBand"
    -> {HKLM...CLSID} = "IE Microsoft BrowserBand"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{1C1EDB47-CE22-4bbb-B608-77B48F83C823}" = "IE Fade Task"
    -> {HKLM...CLSID} = "IE Fade Task"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{205D7A97-F16D-4691-86EF-F3075DCCA57D}" = "IE Menu Desk Bar"
    -> {HKLM...CLSID} = "IE Menu Desk Bar"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE AutoComplete"
    -> {HKLM...CLSID} = "IE AutoComplete"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{43886CD5-6529-41c4-A707-7B3C92C05E68}" = "IE Navigation Bar"
    -> {HKLM...CLSID} = "IE Navigation Bar"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{44C76ECD-F7FA-411c-9929-1B77BA77F524}" = "IE Menu Site"
    -> {HKLM...CLSID} = "IE Menu Site"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{4B78D326-D922-44f9-AF2A-07805C2A3560}" = "IE Menu Band"
    -> {HKLM...CLSID} = "IE Menu Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{6038EF75-ABFC-4e59-AB6F-12D397F6568D}" = "IE Microsoft History AutoComplete List"
    -> {HKLM...CLSID} = "IE Microsoft History AutoComplete List"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}" = "IE Tracking Shell Menu"
    -> {HKLM...CLSID} = "IE Tracking Shell Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{6CF48EF8-44CD-45d2-8832-A16EA016311B}" = "IE IShellFolderBand"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{73CFD649-CD48-4fd8-A272-2070EA56526B}" = "IE BandProxy"
    -> {HKLM...CLSID} = "IE BandProxy"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}" = "IE MRU AutoComplete List"
    -> {HKLM...CLSID} = "IE MRU AutoComplete List"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}" = "IE RSS Feeder Folder"
    -> {HKLM...CLSID} = "IE RSS Feeds Folder"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}" = "IE Microsoft Shell Folder AutoComplete List"
    -> {HKLM...CLSID} = "IE Microsoft Shell Folder AutoComplete List"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{B31C5FAE-961F-415b-BAF0-E697A5178B94}" = "IE Microsoft Multiple AutoComplete List Container"
    -> {HKLM...CLSID} = "IE Microsoft Multiple AutoComplete List Container"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}" = "Microsoft Browser Architecture"
    -> {HKLM...CLSID} = "Microsoft Browser Architecture"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}" = "IE Shell Rebar BandSite"
    -> {HKLM...CLSID} = "IE Shell Rebar BandSite"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{E6EE9AAC-F76B-4947-8260-A9F136138E11}" = "IE Shell Band Site Menu"
    -> {HKLM...CLSID} = "IE Shell Band Site Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{F2CF5485-4E02-4f68-819C-B92DE9277049}" = "&Links"
    -> {HKLM...CLSID} = "&Links"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}" = "IE Registry Tree Options Utility"
    -> {HKLM...CLSID} = "IE Registry Tree Options Utility"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" = "IE User Assist"
    -> {HKLM...CLSID} = "IE User Assist"

  8. #18
    Junior Member
    Join Date
    Jan 2007
    Posts
    25

    Default

    Post #4 (FINAL LOG)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}" = "IE Custom MRU AutoCompleted List"
    -> {HKLM...CLSID} = "IE Custom MRU AutoCompleted List"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices"
    -> {HKLM...CLSID} = "Portable Devices"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]
    "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu"
    -> {HKLM...CLSID} = "Portable Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
    -> {HKLM...CLSID} = "Browseui preloader"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Component Categories cache daemon"
    -> {HKLM...CLSID} = "Component Categories cache daemon"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = (no title provided)
    -> {HKLM...CLSID} = "URL Exec Hook"
    \InProcServer32\(Default) = "shell32.dll" [MS]

    HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
    -> {HKLM...CLSID} = "PostBootReminder object"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    -> {HKLM...CLSID} = "ShellFolder for CD Burning"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    -> {HKLM...CLSID} = "WebCheck"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
    "SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    -> {HKLM...CLSID} = "SysTray"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\stobject.dll" [MS]
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKCU\Software\Microsoft\Command Processor\
    "AutoRun" = (value not found)

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
    "Shell" = (value not found)

    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\
    "load" = (value not found)
    "run" = (value not found)

    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
    "Shell" = (value not found)

    HKLM\Software\Microsoft\Command Processor\
    "AutoRun" = (empty string)

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
    "AppInit_DLLs" = (empty string)

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
    "GinaDLL" = (value not found)
    "Shell" = "Explorer.exe" [MS]
    "Taskman" = (value not found)
    "Userinit" = "C:\WINDOWS\system32\userinit.exe," [MS]
    "System" = (empty string)

    HKLM\System\CurrentControlSet\Control\SafeBoot\Option\
    "UseAlternateShell" = (value not found)

    HKLM\System\CurrentControlSet\Control\SecurityProviders\
    "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKLM\System\CurrentControlSet\Control\Session Manager\
    <<!>> "BootExecute" = "autocheck autochk *"|"smrgdf C:\Program Files\iolo\System Mechanic 5\" [file not found]|"SsiEfr.e" [file not found]

    HKLM\System\CurrentControlSet\Control\WOW\
    "cmdline" = "C:\WINDOWS\system32\ntvdm.exe" [MS]
    "wowcmdline" = "C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    crypt32chain\DLLName = "crypt32.dll" [MS]
    cryptnet\DLLName = "cryptnet.dll" [MS]
    cscdll\DLLName = "cscdll.dll" [MS]
    <<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
    ScCertProp\DLLName = "wlnotify.dll" [MS]
    Schedule\DLLName = "wlnotify.dll" [MS]
    sclgntfy\DLLName = "sclgntfy.dll" [MS]
    SensLogn\DLLName = "WlNotify.dll" [MS]
    termsrv\DLLName = "wlnotify.dll" [MS]
    WgaLogon\DLLName = "WgaLogon.dll" [MS]
    wlballoon\DLLName = "wlnotify.dll" [MS]
    <<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
    Your Image File Name Here without a path\Debugger = "ntsd -d" [MS]

    HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\

    HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\

    HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\

    HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\

    HKLM\Software\Classes\PROTOCOLS\Filter\
    application/octet-stream\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
    -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
    \InProcServer32\(Default) = "mscoree.dll" [MS]
    application/x-complus\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
    -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
    \InProcServer32\(Default) = "mscoree.dll" [MS]
    application/x-msdownload\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
    -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
    \InProcServer32\(Default) = "mscoree.dll" [MS]
    Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
    -> {HKLM...CLSID} = "AP Class Install Handler filter"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
    -> {HKLM...CLSID} = "AP encoding/decoding Filters"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
    -> {HKLM...CLSID} = "AP encoding/decoding Filters"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
    -> {HKLM...CLSID} = "AP encoding/decoding Filters"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
    text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
    -> {HKLM...CLSID} = "WebView MIME Filter"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    {24F14F01-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    {24F14F02-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    {66742402-F9B9-11D1-A202-0000F81FEDEE}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"
    -> {HKLM...CLSID} = "McVSRightclickScanner Class"
    \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."]
    Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
    -> {HKLM...CLSID} = "Offline Files Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
    -> {HKLM...CLSID} = "Open With Context Menu Handler"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
    -> {HKLM...CLSID} = "Encryption Context Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    SM_ContextDefrag\(Default) = "{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}"
    -> {HKLM...CLSID} = "iolo Context Defrag"
    \InProcServer32\(Default) = "C:\PROGRA~1\iolo\SYSTEM~1\CONTEX~1.DLL" ["iolo technologies, LLC"]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
    -> {HKLM...CLSID} = "YMailShellExt Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
    -> {HKLM...CLSID} = "Encryption Context Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
    Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
    -> {HKLM...CLSID} = "Offline Files Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
    Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
    -> {HKLM...CLSID} = "Shell extensions for sharing"
    \InProcServer32\(Default) = "ntshrui.dll" [MS]
    SM_ContextDefrag\(Default) = "{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}"
    -> {HKLM...CLSID} = "iolo Context Defrag"
    \InProcServer32\(Default) = "C:\PROGRA~1\iolo\SYSTEM~1\CONTEX~1.DLL" ["iolo technologies, LLC"]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"
    -> {HKLM...CLSID} = "McVSRightclickScanner Class"
    \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
    Send To\(Default) = "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"
    -> {HKLM...CLSID} = "Microsoft SendTo Service"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]


    Default executables:
    --------------------

    HKLM\Software\Classes\.bat\(Default) = "batfile"
    HKLM\Software\Classes\batfile\shell\open\command\(Default) = ""%1" %*"

    HKLM\Software\Classes\.cmd\(Default) = "cmdfile"
    HKLM\Software\Classes\cmdfile\shell\open\command\(Default) = ""%1" %*"

    HKLM\Software\Classes\.com\(Default) = "comfile"
    HKLM\Software\Classes\comfile\shell\open\command\(Default) = ""%1" %*"

    HKLM\Software\Classes\.exe\(Default) = "exefile"
    HKLM\Software\Classes\exefile\shell\open\command\(Default) = ""%1" %*"

    HKLM\Software\Classes\.hta\(Default) = "htafile"
    HKLM\Software\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshta.exe "%1" %*"

    HKLM\Software\Classes\.pif\(Default) = "piffile"
    HKLM\Software\Classes\piffile\shell\open\command\(Default) = ""%1" %*"

    HKLM\Software\Classes\.scr\(Default) = "scrfile"
    HKLM\Software\Classes\scrfile\shell\open\command\(Default) = ""%1" /S"


    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    "NoDriveTypeAutoRun" = (REG_DWORD) hex:0x00000091
    {Turn off Autoplay}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

    HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Download\

    HKLM\Software\Policies\Microsoft\Internet Explorer\Download\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

    HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Main\

    HKLM\Software\Policies\Microsoft\Internet Explorer\Main\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\

    HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\

    HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\

    HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

    HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions\

    HKCU\Software\Policies\Microsoft\Internet Explorer\Security\

    HKLM\Software\Policies\Microsoft\Internet Explorer\Security\

    HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}\

    HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\

    HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\

    HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\

    HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\

    HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\

    HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\

    HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\

    HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\

    HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\

    HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\

    HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\

    HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\

    HKCU\Software\Policies\Microsoft\Windows\Network Connections\

    HKCU\Software\Policies\Microsoft\Windows\System\

    HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\

    HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0\

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "dontdisplaylastusername" = (REG_DWORD) hex:0x00000000
    {Interactive logon: Do not display last user name}

    "legalnoticetext" = (REG_SZ) (empty string)
    {Interactive logon: Message text for users attempting to log on}

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Devices: Allow undock without having to log on}

    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

  9. #19
    Junior Member
    Join Date
    Jan 2007
    Posts
    25

    Default

    NOTE:

    The "silentrunners" link you provided didn't execute as per your instructions. So I went to their website downloaded a .zip file, extracted the file into the "silentrunners" folder and ran it that way. Not sure if this would affect the results or not?!?!

  10. #20
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi

    A little more research...

    Please run a GMER Rootkit scan:

    Download GMER's application from here:
    http://www.majorgeeks.com/GMER_d5198.html

    Unzip it and start the GMER.exe
    Click the Rootkit tab and click the Scan button.

    Once done, click the Copy button.
    This will copy the results to your clipboard.
    Paste the results in your next reply.

    Warning ! Please, do not select the "Show all" checkbox during the scan.
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •