Please help get rid of smitfraud remnants

Hi ok...

And to what have you tried to change your wallpaper ? Try some of the default ones.

Please download WinPFind2.
  • Extract the files to a folder(eg: C:\WinPFind2).
  • Double click WinPFind2.exe to start the program.
  • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
  • Click the Run all Scans button.
  • When its finished scanning you will see Scans Complete! at the bottom left of the program.
  • Click the Export to Text button.
  • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
  • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.
 
Last edited:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 22/12/2006 9:27:02 μμ
WinPFind v1.5.0 Folder = C:\DOCUME~1\adminX2\LOCALS~1\Temp\Rar$EX17.281\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 18/12/2006 8:30:16 πμ 731028 C:\SmitfraudFix.exe ()

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 22/9/2005 6:30:48 μμ 18776064 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)
aspack 18/3/2005 5:19:58 μμ 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 26/5/2005 3:34:52 μμ 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 22/7/2005 7:59:04 μμ 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 5/12/2005 6:09:18 μμ 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 3/2/2006 8:43:16 πμ 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 31/3/2006 12:40:58 μμ 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
aspack 28/9/2006 4:05:20 μμ 2414360 C:\WINDOWS\SYSTEM32\d3dx9_31.dll (Microsoft Corporation)
PEC2 17/4/2003 2:00:00 μμ 41164 C:\WINDOWS\SYSTEM32\dfrg.msc ()
aspack 3/5/2006 3:30:06 μμ 1212928 C:\WINDOWS\SYSTEM32\Incinerator.dll ()
PEC2 26/4/2006 5:58:48 μμ 60156 C:\WINDOWS\SYSTEM32\jspWinNm.DLL ()
PEC2 26/4/2006 5:58:48 μμ 35992 C:\WINDOWS\SYSTEM32\jspWinRnia.DLL ()
PTech 17/5/2006 10:23:38 πμ 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
PECompact2 7/12/2006 3:13:46 μμ 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 7/12/2006 3:13:46 μμ 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 4/9/2004 5:45:24 πμ 1250816 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 4/9/2004 5:44:54 πμ 744448 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 4/9/2004 5:45:26 πμ 263168 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
UPX! 30/4/2004 7:46:24 μμ 28672 C:\WINDOWS\SYSTEM32\qtalt.ax (Cyberlink)
Umonitor 4/9/2004 5:45:12 πμ 687104 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 26/3/2004 2:32:36 μμ 116224 C:\WINDOWS\SYSTEM32\rmalt.ax (Gabest)
winsync 17/4/2003 2:00:00 μμ 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PEC2 18/10/2006 9:47:20 μμ 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
WSUD 18/10/2006 9:47:20 μμ 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 3/8/2004 9:41:38 μμ 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
22/12/2006 7:48:08 μμ S 2048 C:\WINDOWS\bootstat.dat ()
23/11/2006 1:55:18 μμ H 54156 C:\WINDOWS\QTFont.qfn ()
21/12/2006 2:38:04 μμ HS 5120 C:\WINDOWS\$NtServicePackUninstall$\Thumbs.db ()
25/10/2006 1:32:46 μμ RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme ()
25/10/2006 1:32:46 μμ RH 0 C:\WINDOWS\assembly\pubpol1.dat ()
25/10/2006 9:56:14 μμ RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()
25/10/2006 9:56:18 μμ RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat ()
22/12/2006 7:48:12 μμ S 64 C:\WINDOWS\CSC\00000001 ()
21/12/2006 12:31:52 μμ S 64 C:\WINDOWS\CSC\00000002 ()
13/12/2006 10:48:32 πμ S 64 C:\WINDOWS\CSC\csc1.tmp ()
13/12/2006 6:51:36 μμ H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ef348e0b99ce18685938c0f5f94eccd6\BIT7.tmp ()
22/12/2006 7:50:56 μμ H 51730 C:\WINDOWS\system32\vsconfig.xml ()
8/11/2006 7:23:54 πμ S 11671 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat ()
28/11/2006 8:45:34 μμ S 7868 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem32.CAT ()
28/11/2006 8:46:04 μμ S 17082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem33.CAT ()
28/11/2006 8:46:04 μμ S 22966 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem34.CAT ()
28/11/2006 8:46:04 μμ S 22966 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem35.CAT ()
28/11/2006 8:46:04 μμ S 22966 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem36.CAT ()
2/11/2006 11:54:58 πμ S 34696 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFDist11.cat ()
2/11/2006 12:13:58 μμ S 27554 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmp11.cat ()
22/12/2006 9:30:38 μμ H 1024 C:\WINDOWS\system32\config\default.LOG ()
22/12/2006 7:48:26 μμ H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
22/12/2006 7:50:48 μμ H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
22/12/2006 9:30:48 μμ H 1024 C:\WINDOWS\system32\config\software.LOG ()
22/12/2006 9:23:34 μμ H 1024 C:\WINDOWS\system32\config\system.LOG ()
18/12/2006 5:57:20 μμ H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
19/11/2006 10:14:20 μμ S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
21/12/2006 1:25:40 μμ S 44083 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 ()
21/12/2006 2:29:48 μμ S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 ()
19/11/2006 10:14:20 μμ S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
21/12/2006 1:25:40 μμ S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 ()
21/12/2006 2:29:48 μμ S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 ()
13/12/2006 9:25:54 μμ H 0 C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ()
13/12/2006 9:25:02 μμ HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\233da1f6-dde6-413e-8c97-e0b9def364eb ()
13/12/2006 9:25:02 μμ HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
3/12/2006 9:37:48 μμ HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ebab982d-cb20-4bab-b766-60d39acb8a75 ()
3/12/2006 9:37:48 μμ HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
22/12/2006 7:48:14 μμ H 6 C:\WINDOWS\Tasks\SA.DAT ()
22/12/2006 1:45:16 μμ H 396 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EB7B6756-B3E1-45F1-9B8C-BB1B7BED1CB0}.job ()

Checking for CPL files...
4/9/2004 5:45:26 πμ 71168 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
22/9/2005 6:30:48 μμ 18776064 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)
4/9/2004 5:45:26 πμ 556544 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
28/10/2004 5:37:16 μμ 266299 C:\WINDOWS\SYSTEM32\btcpl.cpl (Broadcom Corporation)
4/9/2004 5:45:26 πμ 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 138752 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 157696 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
17/10/2006 12:05:48 μμ 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 134144 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 380928 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
20/12/2006 12:40:26 μμ 69632 C:\WINDOWS\SYSTEM32\javacpl.cpl (Sun Microsystems, Inc.)
4/9/2004 5:45:26 πμ 70144 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
17/4/2003 2:00:00 μμ 189440 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 628224 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
17/4/2003 2:00:00 μμ 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 263168 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/8/2006 2:54:00 μμ 69632 C:\WINDOWS\SYSTEM32\nvcpl.cpl (NVIDIA Corporation)
8/8/2006 2:54:00 μμ 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl ()
17/4/2003 2:00:00 μμ 38912 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 119296 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 304640 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
17/4/2003 2:00:00 μμ 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
4/9/2004 5:45:26 πμ 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26/5/2005 3:16:22 πμ 175384 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
17/10/2006 12:05:48 μμ 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
17/4/2003 2:00:00 μμ 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
17/4/2003 2:00:00 μμ 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
17/4/2003 2:00:00 μμ 38912 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
17/4/2003 2:00:00 μμ 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
26/5/2005 3:16:22 πμ 175384 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
1/12/2004 3:53:44 μμ 16166912 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\ALSNDMGR.CPL (Realtek Semiconductor Corp.)

Checking for Downloaded Program Files...
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/downl...-4f03-b06f-d3cbe8f8d9f4/LegitCheckControl.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
28/8/2006 6:13:38 μμ 681 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\BTTray.lnk ()
27/3/2005 3:54:58 μμ HS 84 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\desktop.ini ()
28/8/2006 6:14:32 μμ 1687 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Logitech SetPoint.lnk ()
6/9/2006 6:43:34 μμ 1759 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\NETGEAR WG311v2 Smart Configuration.lnk ()
14/11/2006 4:19:56 μμ 678 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Privoxy.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
27/3/2005 4:44:30 μμ HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
27/3/2005 3:54:58 μμ HS 84 C:\Documents and Settings\adminX2\Start Menu\Προγράμματα\Εκκίνηση\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
27/3/2005 4:44:30 μμ HS 62 C:\Documents and Settings\adminX2\Application Data\desktop.ini ()
12/4/2006 11:25:00 πμ 1403 C:\Documents and Settings\adminX2\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\windows\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Search Bar - http://search.msn.com/spbasic.htm
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\windows\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{0CF0B8EE-6596-11D5-A98E-0003470BB48E} - CCHelper Class = C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll ()
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
\{AE7CD045-E861-484f-8273-0445EE161910} - Adobe PDF Conversion Toolbar Helper = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Ζώνη του Explorer = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - Pop-Up Stopper &Companion = C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll ()
\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - Διεύ&θυνση = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
\ShellBrowser\\{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - = ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - Διεύ&θυνση = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Συνδέσεις = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - = ()
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
\WebBrowser\\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF} - = ()
\WebBrowser\\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8203
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = Windows Messenger
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 = Sun Java Console
\\{CCA281CA-C863-46ef-9331-5C8D4460577F} - 8201 = @btrez.dll,-4017
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8202 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{CCA281CA-C863-46ef-9331-5C8D4460577F} - ButtonText: @btrez.dll,-4015 = C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Προβολή επέκτασης κίνησης CPL = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Επεκτάσεις κελύφους για συμπίεση αρχείων = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Μενού κρυπτογραφημένου περιεχομένου = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Προέκταση εικονιδίου HyperTerminal = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Γραμμή εργασιών και μενού Έναρξη = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Ζώνη μέσων = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Λογαριασμοί χρηστών = ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll ()
\\{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - Pop-Up Stopper &Companion = C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} - CorelDRAW Shell Extension Component = C:\Program Files\Corel\Graphics10\Draw\CdrViewer\CrlShell100.dll (Corel Corporation)
\\{59403EC0-EA55-11d5-954A-9A53884D6E09} - SecureDoc = C:\PROGRA~1\MSI\SECURE~1\SecDoc.dll (msi)
\\{AC0B5D2E-B691-4E12-A4F9-CA88492579A2} - Zinio Shell Extension = C:\Program Files\Common Files\Zinio\ZShext.dll (Zinio Systems, Inc.)
\\{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} - Zinio Magazine Column Provider = C:\Program Files\Common Files\Zinio\ZShext.dll (Zinio Systems, Inc.)
\\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (Alcohol Soft Development Team)
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\InCDShellExt extension - {CAE3251E-9B15-4810-B268-852AD9792A59} = ()
\\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} - PowerISO = C:\Program Files\PowerISO\PowerISOShell.dll (PowerISO Computing, Inc.)
\\{A5110426-177D-4e08-AB3F-785F10B4439C} - Sony Ericsson File Manager = C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll (Sony Ericsson Mobile Communications AB)
\\{79BC0345-1015-11D2-A299-006008312725} - blue.shell = C:\Program Files\Pinnacle\Studio 10\programs\BlueShellExt.dll ()
\\ - = ()
\\{6af09ec9-b429-11d4-a1fb-0090960218cb} - My Bluetooth Places = C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation)
\\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - Adobe.Acrobat.ContextMenu = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)
\\{e57ce731-33e8-4c51-8354-bb4de9d215d1} - Συσκευές Τοποθέτησης και Άμεσης Λειτουργίας γενικής χρήσης = ()
\\{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{A965C8E0-54A7-11D6-BF08-00079500BB23} - ZipZag Shell extension = C:\PROGRA~1\ZipZag\zipzagcm.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\Adobe.Acrobat.ContextMenu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\HexWorkshopContextMenu - {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} = C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hwext.dll (BreakPoint Software, Inc.)
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PowerISOShell.dll (PowerISO Computing, Inc.)
\SecureDocMenu - {59403EC0-EA55-11d5-954A-9A53884D6E09} = C:\PROGRA~1\MSI\SECURE~1\SecDoc.dll (msi)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\ZipZag - {A965C8E0-54A7-11D6-BF08-00079500BB23} = C:\PROGRA~1\ZipZag\zipzagcm.dll ()
\ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC)
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PowerISOShell.dll (PowerISO Computing, Inc.)
\SecureDocMenu - {59403EC0-EA55-11d5-954A-9A53884D6E09} = C:\PROGRA~1\MSI\SECURE~1\SecDoc.dll (msi)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\ZipZag - {A965C8E0-54A7-11D6-BF08-00079500BB23} = C:\PROGRA~1\ZipZag\zipzagcm.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll ()
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\FineReader - {AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F} = c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll (ABBYY (BIT Software))
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PowerISOShell.dll (PowerISO Computing, Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC)
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} - Zinio Magazine Column Provider = C:\Program Files\Common Files\Zinio\ZShext.dll (Zinio Systems, Inc.)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
HP Component Manager - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
HPDJ Taskbar Utility - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
NWEReboot - Reg Data missing or invalid ()
Logitech Hardware Abstraction Layer - C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
- Reg Data missing or invalid ()
Zone Labs Client - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe ()
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
Winpower - C:\Program Files\UpsPilot\Winpower.exe (ZeroG Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
Vidalia - C:\Program Files\Vidalia\vidalia.exe ()
updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
 
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation)
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe ()
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Privoxy.lnk - C:\Program Files\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\adminX2\Start Menu\Προγράμματα\Εκκίνηση\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^adminX2^Start Menu^Προγράμματα^Εκκίνηση^Adobe Gamma.lnk
path C:\Documents and Settings\adminX2\Start Menu\Προγράμματα\Εκκίνηση\Adobe Gamma.lnk
backup C:\WINDOWS\pss\Adobe Gamma.lnkStartup
location Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Acrobat Assistant.lnk
path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Acrobat Assistant.lnk
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe
item Acrobat Assistant

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Adobe Acrobat Speed Launcher.lnk
path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Adobe Acrobat Speed Launcher.lnk
backup C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
location Common Startup
command C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
item Adobe Acrobat Speed Launcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^CoreCenter.lnk
path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\CoreCenter.lnk
backup C:\WINDOWS\pss\CoreCenter.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MSI\CORECE~1\CORECE~1.EXE
item CoreCenter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Device Detector 2.lnk
path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Device Detector 2.lnk
backup C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe
item Device Detector 2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Microsoft Office OneNote 2003 Quick Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Microsoft Office OneNote 2003 Quick Launch.lnk
backup C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
location Common Startup
item Microsoft Office OneNote 2003 Quick Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^SecureDoc.lnk
path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\SecureDoc.lnk
backup C:\WINDOWS\pss\SecureDoc.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MSI\SECURE~1\Logon.exe
item SecureDoc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 7.0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Acrotray
hkey HKLM
command "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ActiveSpeed
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AS
hkey HKLM
command C:\Program Files\Ascentive\ActiveSpeed\AS.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CallBridgeReg.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easy Messaging
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LogitechEasyMsg
hkey HKCU
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easy Synchronization
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LogitechEasySync
hkey HKLM
command C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eBayToolbar
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item eBayTBDaemon
hkey HKLM
command C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FineReader7NewsReaderPro
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AbbyyNewsReader
hkey HKLM
command C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item InCD
hkey HKLM
command C:\Program Files\Nero\Nero 7\InCD\InCD.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LiveMonitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LMonitor
hkey HKLM
command C:\Program Files\MSI\Live Update 3\LMonitor.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MediaGateway
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaGateway
hkey HKLM
command C:\Program Files\MediaGateway\MediaGateway.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvMcTray
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Converter Registry Controller
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RegistryController
hkey HKLM
command "C:\Program Files\SYSTRAN\5.0\Premium\RegistryController.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Skype
hkey HKCU
command "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSystemAnalyzer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SMSystemAnalyzer
hkey HKCU
command "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TXP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item txp
hkey HKLM
command c:\program files\topthemesxp\txp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AdobeUpdateManager
hkey HKCU
command "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zinio DLM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ZinioDeliveryManager
hkey HKCU
command C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Προφορτωτής Browseui = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Δαίμονας cache κατηγοριών στοιχείων = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll = (Logitech Inc.)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{2B189D7A-0484-4018-9933-946A5666B41E} - ()
{9A5143B9-6588-4A68-ACA0-670AB776DD39} - (Προσαρμογέας δικτύου 1394)
{9AF8CE68-A451-4C51-A003-5CAF8F86E1AB} - (NETGEAR WG311v2 802.11g Wireless PCI Adapter)
{F7E641DF-DE51-4D8A-8D1F-0868E66B518F} - ()

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll ()
\000000000002\\PackedCatalogItem - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll ()
\000000000003\\PackedCatalogItem - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll ()
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll ()
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
\ipp - ()
\msdaipp - ()
\widimg - C:\WINDOWS\system32\btxppanel.dll (Broadcom Corporation)

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
Hi :)

I'll do a little more research on your problem and ask some help too.

I'll get back to you as soon as possible :bigthumb:
 
Ok I got some help from an expert :)

Please copy the contents of the following quote box into Notepad: Don't forget to add the REGEDIT4

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"WallpaperStyle"=-
"Wallpaper"=-
"NoDispBackgroundPage"=-
"NoDispAppearancePage"=-

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-
Click to expand...
Save it to your desktop as fixme.reg

Then, locate fixme.reg on your desktop and <double-click> it.

You will receive a prompt similar to: "Do you wish to merge the information into the registry?".

Answer 'Yes' and wait for a message to appear similar to "Merged Successfully"

Reboot.

Can you access/change the desktop now?
=====================================

If that didn't work:
=====================================

Download next tool to a place where you'll find it easily:

http://djlizard.net/Dial-a-fix-2006-09-19.exe

Doubleclick Dial-a-fix-2006-09-19.exe to start the program.
Immediately a window will open with on top: "Dial-A-fix : Restrictive policies"
You'll see registry keys.
Check them all and click the remove button below.
Then click close. This should close the policies window.
Then click exit in the main window under it, because we don't need anything from there.

REBOOT your computer afterwards, important.

now see if HJT will work
Click to expand...

Let me know if that helps :bigthumb:

Also, what theme are you using ?
 
Last edited:
Hi Mr_JAk3,

and thanks for your help.

1) The fixme.reg copied into notepad and saved as you suggested does not work. I double-click it and what happens is that a window with the content of this notepad file pops up with no message such as the ones you suggested.

2) The other program did not help either.

Kind regards,

Mills
 
Ok, let's try this:

Right click on an empty spot on your desktop > properties
on first page "Themes" choose a different theme click apply, Now choose the theme you prefer click apply.
Basically, change it then change it back.
If you lost the XP style windows and buttons.
Right click on an empty spot on your desktop > properties > Appearance
under "Windows and buttons" change it then change it back to Windows XP style (clicking apply each time)
Same method basically, change it then change it back.

Let me know if you can now change yout wallpaper :bigthumb:

Then you seem to have this TopthemesXP installed.
It might have something to do with this problem. Have you uninstalled it ?
Have you tried to change the theme/background via it ?
 
Last edited:
Hi and Happy New Year,

I cannot change it. I haven't installed the program you mention. I can't choose any of the themes. The moment I am about to click on one the whole thing disappears. The only option I am able to choose and click is Windows Classic but this also does not work eventually, since my buttons and appearance are the WinXP style.

Thx
 
Happy New Year to you too :)

Let's try this...

Please download test.bmp and save it to C:\
(to the root of your C-drive, do not rename the file!)

Backup your registry:
  • Start
  • Run
  • Type the following to the box and hit Ok: regedit
  • A window opens, click on File
  • Choose Export form the menu
  • Change the save location to C:\
  • Give the filename, RegBackUp
  • Make sure that the filetype is set to Registryfiles (*.reg)
  • Click on Save and Close the window


Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :

REGEDIT4

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"="C:\\Test.bmp"
Click to expand...
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

Then click on Start -> Run -> Copy the following to the box and hit OK:
RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True

Then go back to your desktop and see if your wallpaper is changed. There should be a picture that says "TEST".
Let me know if this worked :bigthumb:

If i didn't work, please try to uninstall the TopthemesXP and see if it helps.
You may install it again later but I would like to see if the removal helps.

Let me know :bigthumb:
 
Hi there,

You said:

Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

I did exactly as you say but when I double-click I get no merge dialogue box but instead notepad pops up with the contents of the fix.reg file. Therefore I am unable to proceed with the rest of the steps.

Kind regards,

Mills
 
I finally managed to merge files into registry, but now I click on properties and nothing happens. The display dialogue does not pop up at all. I tried to import the reg backup to restore things but not all values were successfully imported. I tried the import both under normal and safe modes.
 
I applied the fixme.reg found in one of your previous posts on page 3 of this discussion. This brought back the display box but I still can't change the wallpaper or any theme really.
 
Hi :)

So you followed the instructions and saved the bmp to your C-drive ?
Did the regfix but did you do the "Start -> Run" part too ?

Do you have any other userprofiles on your computer ?
If you have, do they have the same issue ?

Let's try this:

Rightclick the following Smiley -->:bigthumb:<-- and choose "Set as Background"
See if the smiley now is your wallpaper.

Let me know :bigthumb:
 
I did part 2 but it didn't help.

Yes the smiley is my background now and the when i righ click on desktop click on properties nothing happens.
 
You must log in or register to reply here.
Back
Top