Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE7 hangs on startup and Outlook affected as well

Started by jimd07 , Mar 18 2009 07:16 AM

  • Please log in to reply

#16
jimd07
Posted 22 March 2009 - 06:08 AM

jimd07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I've done all that, but I would not say it has changed. IE6 still opens correctly sometimes and sometimes it hangs before the home page opens, just a blank page, with nothing in the taskbar at the bottom (where it usually says finding website, weaiting, website found www.xxx etc).
Outlook still freezes when I open emails with graphics, most of the time. However sometimes it works.

Everything else appears to work OK, although Firefox is now sometimes just closing down for no reason. This is new and has only happened over the past two days.

Jim
  • 0

Advertisements

#17
Metallica
Posted 22 March 2009 - 11:31 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

NEXT

Open Notepad

Click Start >Run type notepad into the run box click OK
Click Format and make certain that Word Wrap is NOT checked.

Copy the text inside of the code box, put your mouse cursor at the very beginning of the text and then hold down the left button and drag your mouse so that all of the text is highlighted. Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Now paste the copied text into the open notepad. To do this click in the blank page so that your cursor is flashing there and press CTRL+V (or right click and choose 'paste')

Note: There must be NO blank lines in front of the pasted text, but ensure that there is a blank line at the end of the text, otherwise the registry merge will not work.

REGEDIT4

[HKEY_CLASSES_ROOT\.GIF]
"Content Type"="image/gif"

[HKEY_CLASSES_ROOT\.JPG]
"Content Type"="image/jpeg"

[HKEY_CLASSES_ROOT\.bmp]
"Content Type"="image/bmp"

[HKEY_CLASSES_ROOT\.jpeg] 
"Content Type"="image/jpeg" 

[HKEY_CLASSES_ROOT\.png] 
"Content Type"="image/png"


Now go to File > and click Save As,
From the drop down menu at the top of the box choose Desktop as the location to save this file.
Go down to the File Name box and type in imagefix.reg as the file name, then choose All Files as the save as file type.
Then click the save button.
Once you have clicked the save button, close Notepad.

You should now see a file on your desktop that looks like this:

Posted Image

Locate the imagefix.reg icon on your desktop and double click it, an information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Once this has been done, the information will have merged with your registry so you can delete imagefix.reg from your desktop as you won't be needing it any more.
  • 0

#18
jimd07
Posted 23 March 2009 - 10:48 AM

jimd07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
No luck!!

Did all you said and rebooted the machine.

Nothing has changed.

This is a very weird problem!!

Anything else I can try.

Regards

Jim
  • 0

#19
Metallica
Posted 23 March 2009 - 12:49 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I think I'd like to have a better look at the software you have running.

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#20
jimd07
Posted 23 March 2009 - 02:41 PM

jimd07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I had no idea so much was running!!!
Regards Jim

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"kdx" = "C:\Program Files\KHost.exe -all" [file not found]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"DelayShred" = ""C:\Program Files\McAfee\McAfee Shared Components\Shredder\SHRED32.EXE" /q C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\ANTIPH~1.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK3.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\History\History.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK4.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK231.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK557.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLKF8.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK10C.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK5A.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK6.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK22.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK27.SH! C:\DOCUME~1\JIMDEV~1\LOCALS~1\TEMPOR~1\OLK8.SH!" ["Network Associates, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"EPSON Stylus Photo RX620 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"" ["SEIKO EPSON CORPORATION"]
"WheelMouse" = "C:\WheelMou\wh_exec.exe" [empty string]
"McAfee Guardian" = ""C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU" ["Network Associates, Inc."]
"KeyMaestro" = "C:\KMaestro\KMaestro.exe" [null data]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub"
\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
\StubPath = "rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1392b8d2-5c05-419f-a8f6-b9f15a596612}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Freecorder Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Freecorder\tbFre0.dll" ["Conduit Ltd."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java™ Plug-In SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll" ["Google Inc."]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\(Default) = "Google Dictionary Compression sdch"
-> {HKLM...CLSID} = "Google Dictionary Compression sdch"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll" ["Google Inc."]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java™ Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera"
-> {HKLM...CLSID} = "My Digital Camera"
\InProcServer32\(Default) = "C:\Program Files\PhotoDeluxe HE 3.1\FotoNation Explorer\camview.dll" [file not found]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{21D928D4-4850-45E3-9982-AD57051ECD42}" = "Edrawings Document Thumbnail Handler"
-> {HKLM...CLSID} = "EdrawingThumbNailProvider Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\eDrawings2008\edrwthumbnailprovider.dll" ["Solidworks"]
"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"
-> {HKLM...CLSID} = "Studio.Project"
\InProcServer32\(Default) = "C:\Program Files\Pinnacle\Studio 11\programs\BlueShellExt.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{9D4E3F43-DB97-40D6-BDCB-7C9CFC69E222}\(Default) = "{9D4E3F43-DB97-40D6-BDCB-7C9CFC69E222}"
-> {HKLM...CLSID} = "Softpointer Column Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\AUDIOS~1\AUDIOS~1.DLL" ["Softpointer Inc"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jim Devlin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

EPSONCardMonitor\
"Provider" = "EPSON CardMonitor1.2"
"InvokeProgID" = "EPSON.CardMonitor.1"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\EPSON.CardMonitor.1\shell\Play\DropTarget\CLSID = "{95ABECB2-A2BC-4fdc-A413-554CB2AAD55F}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\EPSON\EPSON CardMonitor\epcmcom.exe" [null data]

ExpressBurnCDBurningOnArrival\
"Provider" = "Express Burn"
"InvokeProgID" = "expressburn.AutoPlay"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\expressburn.AutoPlay\shell\open\command\(Default) = "C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe" ["NCH Software"]

ExpressRipCDAudioOnArrival\
"Provider" = "Express Rip"
"InvokeProgID" = "rip.AutoPlay"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\rip.AutoPlay\shell\open\command\(Default) = "C:\Program Files\NCH Swift Sound\ExpressRip\rip.exe" [null data]

ImgBurnBluRayBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnBluRayBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnCDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnCDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnHDDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnHDDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnPlayBluRayOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayBluRayOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

ImgBurnPlayCDAudioOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayCDAudioOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

ImgBurnPlayDVDMovieOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayDVDMovieOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

ImgBurnPlayHDDVDOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayHDDVDOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

itunesburncdonarrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

itunesimportsongsonarrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

itunesplaysongsonarrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

itunesshowsongsonarrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSWMEncVCArrival\
"Provider" = "Windows Media Encoder 9 Series"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DVDVideoToNeroDigital\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayDVDMovieOnArrival_DVDVideoToNeroDigital"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayDVDMovieOnArrival_DVDVideoToNeroDigital\command\(Default) = "C:\Program Files\Ahead\Nero Recode\Recode.exe /New:ReAuthorNeroDigital /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2PlayAudioCD\
"Provider" = "Nero Media Player"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayMusicFilesOnArrival_PlayAudioCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayMusicFilesOnArrival_PlayAudioCD\command\(Default) = "C:\Program Files\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe /Play %L" ["Ahead software"]

NeroAutoPlay2PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayVideoFilesOnArrival_PlayDVD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayVideoFilesOnArrival_PlayDVD\command\(Default) = "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay2TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayDVDMovieOnArrival_TranscodeVideo"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayDVDMovieOnArrival_TranscodeVideo\command\(Default) = "C:\Program Files\Ahead\Nero Recode\Recode.exe /New:CopyDVDVideo /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2VideoCapture\
"Provider" = "NeroVision Express"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Ahead\NeroVision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay2ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "ShowPicturesOnArrival_ViewPhotos"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\ShowPicturesOnArrival_ViewPhotos\command\(Default) = "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe /Drive:%L" ["Ahead Software AG"]

PCLEVideoCameraArrival\
"Provider" = "Pinnacle Studio"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Pinnacle\Studio 11\programs\studio.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

Picasa2ImportPicturesOnArrival\
"Provider" = "Picasa3"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]


Startup items in "Jim Devlin" & "All Users" startup folders:
------------------------------------------------------------

C:\Documents and Settings\Jim Devlin\Start Menu\Programs\Startup
"Yahoo! Widgets" -> shortcut to: "C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe" ["Yahoo! Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"{4956739E-94F1-4F31-AB56-8B4EF44ABF0F}_NOVATECH_Jim Devlin" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{4956739E-94F1-4F31-AB56-8B4EF44ABF0F}_NOVATECH_Jim Devlin"" [MS]
"{8A33CD18-9269-406A-B0B0-D7BA8D486854}_NOVATECH_Jim Devlin" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{8A33CD18-9269-406A-B0B0-D7BA8D486854}_NOVATECH_Jim Devlin"" [MS]
"{FE7A4309-C4DB-4961-AA3E-25F311A721E8}_NOVATECH_Jim Devlin" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{FE7A4309-C4DB-4961-AA3E-25F311A721E8}_NOVATECH_Jim Devlin"" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]
000000000005\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\CSLSP.DLL ["Networks Associates Technologies, Inc."], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 42
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"
-> {HKLM...CLSID} = "Freecorder Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Freecorder\tbFre0.dll" ["Conduit Ltd."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{ACB1E670-3217-45C4-A021-6B829A8A27CB}" = "Mcafee VirusScan"
-> {HKLM...CLSID} = "McAfee VirusScan"
\InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll" ["Network Associates, Inc."]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}" = "Freecorder Toolbar"
-> {HKLM...CLSID} = "Freecorder Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Freecorder\tbFre0.dll" ["Conduit Ltd."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}\(Default) = "Google Find Bar"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INETREPL.DLL" [MS]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

{FB858B22-55E2-413F-87F5-30ADC5552151}\
"ButtonText" = "PDFill PDF Editor"
"Exec" = "C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe" ["PlotSoft LLC"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]
AVSync Manager, AvSynMgr, ""C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe"" ["Network Associates, Inc."]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]
IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
KService, KService, ""C:\Program Files\Kontiki\KService.exe"" ["Kontiki Inc."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
McAfee Firewall, McAfee Firewall, ""C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE" ["Network Associates, Inc."]
McShield, McShield, ""C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe"" ["Network Associates, Inc."]
Retrospect Express HD Launcher, RetroExpLauncher, ""C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe"" ["EMC Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "KeyMaestro" [file not found]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
EPSON Stylus Photo RX620 Series 2KMonitor5E\Driver = "E_FLM9HE.DLL" ["SEIKO EPSON CORPORATION"]
PDFill Writer Monitor\Driver = "C:\Program Files\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll" ["Windows ® Codename Longhorn DDK provider"]


---------- (launch time: 2009-03-23 20:34:15)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 127 seconds, including 18 seconds for message boxes)
  • 0

#21
Metallica
Posted 23 March 2009 - 02:59 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Would you happen to know how to disable McAfee's phishing filter?
There seems to be a problem that can be caused when it is activated together with the one included in IE7
Maybe this still llingers on.
If you don't know how, I'll find someone who does.
If you do know, try it and let me know if it makes a difference.
  • 0

#22
jimd07
Posted 23 March 2009 - 04:16 PM

jimd07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I am using MacAfee VirusScan Professional 7. I was not aware this had a phishing filter and if it has I don't know how this is controlled. It actively scans all the time and I can switch this off.
The only things I can find are a system scanner, an email scanner and a script stopper.

I thought the phishing filter was in IE7, I have backtracked onto IE6 but there could be remnants of IE7 still about.

Regards

Jim
  • 0

#23
Metallica
Posted 24 March 2009 - 01:38 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hey Jim,

Sorry it took so long, I couldn't find anyone with McAfee installed that knew how to disable it.
I did find this thread at the McAfee forums.
Can you see if that makes sense?
http://community.mca...ad.php?t=199774
  • 0

#24
jimd07
Posted 25 March 2009 - 09:06 AM

jimd07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I have had a good look aroung the MacAfee forums and I can find no reference to phishing filters in the version of VirusScan that I have. I think it pre-dates phishing.
Although I can open IE one time in four or five trys, the main problem is with Outlook where I can only open emails with plain text. I receive many that I cannot open.

Is it worth trying to reinstall XP? I don't know if it will let me do a reinstall of XP without service packs.
  • 0

#25
Metallica
Posted 25 March 2009 - 09:27 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
That would not be a very secure solution.
And as long as we don't know the reason it may re-occur.

On the other hand I'm quite at a loss about what else it could be.
You did try and install IE8 right?
  • 0

Advertisements

#26
jimd07
Posted 25 March 2009 - 01:00 PM

jimd07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I did try IE8 but I will give it another go.

Jim
  • 0

#27
Metallica
Posted 25 March 2009 - 02:02 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I'm sorry Jim, but I'm out of better ideas.
Keep us posted. :)
  • 0

#28
Dan
Posted 25 March 2009 - 10:46 PM

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
Howdy Jim & Metallica,

I only skimmed through the thread, so if it's already been tried then feel free to ignore this, but how do IE and Outlook function when you restart in Safe Mode with Networking? Do the symptoms persist even when in Safe Mode?

Step 1 - Restart your machine in Safe Mode with Networking:
Please restart the problematic machine in Safe Mode with Networking and then see if the issue(s) persist.
*Note: You will not be able to use a wireless connection while in Safe Mode; please ensure all tests are performed with a wired (Ethernet) connection.

As a side note, it's recommended that you do not browse sites you don't trust while in Safe Mode.

It just seems odd to me; the steps that Metallica had you do really were quite extensive and should have resolved any forms of internal defects within IE/OE, so I'd be inclined to look at external factors (i.e. anti-virus/firewall software) on this one.

Just my two cents :)
- Dan
  • 0

#29
jimd07
Posted 26 March 2009 - 04:57 AM

jimd07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
All seems well with things when in safe mode.

I will have a poke around with the firwall and antivirus and see what I can find.

Any tips on what to check?

Thanks

Jim
  • 0

#30
Dan
Posted 26 March 2009 - 05:57 AM

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
I think Metallica has pretty good instincts, so I'd be looking at McAfee first. It's possible that it has become corrupt; try uninstalling it and see if the issue(s) persist. If they don't, then you'll know it's something to do with McAfee. You could try re-installing it and seeing if that corrects it; or even try a repair re-install, if that's an option. It may just be that something became corrupt in one of your updates.
  • 0
Back to Web Browsers and Email · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Software
  3. Web Browsers and Email

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP