Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No icons or Start bar Windows XP [CLOSED]


  • This topic is locked This topic is locked

#16
Tomigirl1947

Tomigirl1947

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
nada.........nada a darn thing

Tomi :tazz:
  • 0

Advertisements


#17
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Can you list the running processes you have please

Create a Startup List:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notebook onto your post


Ex
  • 0

#18
Tomigirl1947

Tomigirl1947

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok, here's the start up list:

StartupList report, 8/19/2005, 10:52:08 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Administrator.YOUR-5OLNB28OAO.000\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator.YOUR-5OLNB28OAO.000\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Administrator.YOUR-5OLNB28OAO.000\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Billminder.lnk = C:\Program Files\QUICKEN2000\BILLMIND.EXE
MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
Quicken Startup.lnk = C:\Program Files\QUICKEN2000\QWDLLS.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\AUserInit.exe

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Iomega Startup Options = C:\Program Files\Iomega\Common\ImgStart.exe
Iomega Drive Icons = C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

SpybotSnD = "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
*Registry key not found*

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}]
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: *Registry key not found*
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\Program Files\Cox\Applications\app\AuthBHO.dll - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - C:\WINDOWS\System32\SZIEBHO.dll - {E3215F20-3212-11D6-9F8B-00D0B743919D}
(no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Scan for Viruses - My Computer (YOUR-5OLNB28OAO-Tomi McIntosh).job
Symantec NetDetect.job
{755C4661-5237-46E4-BA7F-A5CB2D89A965}_YOUR-5OLNB28OAO_Tim McIntosh.job

--------------------------------------------------

Enumerating Download Program Files:

[3 Point Showdown by pogo]
CODEBASE = http://threepoint01....t-ob-assets.cab

[6th Street Omaha Poker by pogo]
CODEBASE = http://game1.pogo.co...a-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\6th Street Omaha Poker by pogo.osd

[Aces Up! by pogo]
CODEBASE = http://game1.pogo.co...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Aces Up! by pogo.osd

[Ali Baba Slots TM by pogo.com]
CODEBASE = http://slots01.pogo....a-ob-assets.cab

[Blackjack by pogo]
CODEBASE = http://game1.pogo.co...k-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Blackjack by pogo.osd

[Buckaroo Blackjack TM by pogo]
CODEBASE = http://vbjack.pogo.c...k-ob-assets.cab

[Buckaroo Blackjack TM by pogo.com]
CODEBASE = http://vbjack.pogo.c...k-ob-assets.cab

[Canasta by pogo]
CODEBASE = http://game1.pogo.co...a-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Canasta by pogo.osd

[Checkers by pogo]
CODEBASE = http://game3.pogo.co...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Checkers by pogo.osd

[Command and Conquer Comanche by pogo]
CODEBASE = http://ccstrike.pogo...e-ob-assets.cab

[Dice Derby by pogo]
CODEBASE = http://game1.pogo.co...g-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Dice Derby by pogo.osd

[Dice Derby by pogo.com]
CODEBASE = http://checkeredflag...g-ob-assets.cab

[Dominoes by pogo]
CODEBASE = http://game1.pogo.co...o-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Dominoes by pogo.osd

[Double Deuce Poker by pogo]
CODEBASE = http://doublebonus.p...e-ob-assets.cab

[First Class Solitaire by pogo]
CODEBASE = http://game1.pogo.co...2-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\First Class Solitaire by pogo.osd

[First Class Solitaire by pogo.com]
CODEBASE = http://solitaire43.p...2-ob-assets.cab

[Fortune Bingo by pogo]
CODEBASE = http://game1.pogo.co...o-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Fortune Bingo by pogo.osd

[Greenback Bayou by pogo]
CODEBASE = http://game1.pogo.co...k-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Greenback Bayou by pogo.osd

[Greenback Bayou by pogo.com]
CODEBASE = http://greenback.pog...k-ob-assets.cab

[Harvest Mania by pogo]
CODEBASE = http://game1.pogo.co...t-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Harvest Mania by pogo.osd

[High Stakes Poker by pogo]
CODEBASE = http://game1.pogo.co...r-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\High Stakes Poker by pogo.osd

[High Stakes Poker by pogo.com]
CODEBASE = http://hspoker01.pog...r-ob-assets.cab

[High Stakes Pool by pogo]
CODEBASE = http://game1.pogo.co...l-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\High Stakes Pool by pogo.osd

[Its Outta Here 2 by pogo]
CODEBASE = http://game1.pogo.co...e-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Its Outta Here 2 by pogo.osd

[Jigsaw Detective by pogo]
CODEBASE = http://game1.pogo.co...w-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Jigsaw Detective by pogo.osd

[Jokers Wild Poker by pogo]
CODEBASE = http://vpjoke03.pogo...d-ob-assets.cab

[Jungle Gin by pogo.com]
CODEBASE = http://gin.pogo.com/...n-ob-assets.cab

[Keno by pogo]
CODEBASE = http://keno.pogo.com...o-ob-assets.cab

[Keno by pogo.com]
CODEBASE = http://keno.pogo.com...o-ob-assets.cab

[Lottso by pogo]
CODEBASE = http://game1.pogo.co...o-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Lottso by pogo.osd

[Mah Jong Garden by pogo]
CODEBASE = http://mahjong2.pogo...g-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Mah Jong Garden by pogo.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

[Multiline Slots by pogo]
CODEBASE = http://game1.pogo.co...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Multiline Slots by pogo.osd

[NASCAR Web Racing by pogo]
CODEBASE = http://game1.pogo.co...r-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\NASCAR Web Racing by pogo.osd

[Payday FreeCell by pogo]
CODEBASE = http://game1.pogo.co...l-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Payday FreeCell by pogo.osd

[Payday FreeCell by pogo.com]
CODEBASE = http://freecell.pogo...l-ob-assets.cab

[Perfect Pair Solitaire by pogo]
CODEBASE = http://game1.pogo.co...l-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Perfect Pair Solitaire by pogo.osd

[Phlinx by pogo]
CODEBASE = http://game1.pogo.co...r-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Phlinx by pogo.osd

[Pirate's Gold by pogo]
CODEBASE = http://solitaire31.p...d-ob-assets.cab

[Pop Fu by pogo]
CODEBASE = http://popfu.pogo.co...u-ob-assets.cab

[Pop Fu by pogo.com]
CODEBASE = http://popfu.pogo.co...u-ob-assets.cab

[Poppit by pogo]
CODEBASE = http://game1.pogo.co...2-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Poppit by pogo.osd

[Poppit TM by pogo]
CODEBASE = http://poppit.pogo.c...t-ob-assets.cab

[Poppit! TM by pogo.com]
CODEBASE = http://poppit01.pogo...t-ob-assets.cab

[Quick Shot by pogo]
CODEBASE = http://game1.pogo.co...t-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Quick Shot by pogo.osd

[Showbiz Slots by pogo]
CODEBASE = http://showbiz.pogo....z-ob-assets.cab

[Showbiz Slots by pogo.com]
CODEBASE = http://showbiz.pogo....z-ob-assets.cab

[Spider Solitaire by pogo]
CODEBASE = http://game1.pogo.co...r-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Spider Solitaire by pogo.osd

[Squelchies by pogo]
CODEBASE = http://game1.pogo.co...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Squelchies by pogo.osd

[Squelchies by pogo.com]
CODEBASE = http://squelchies.po...s-ob-assets.cab

[Sweet Tooth TM by pogo]
CODEBASE = http://game1.pogo.co...h-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Sweet Tooth TM by pogo.osd

[Texas Hold'em Poker by pogo]
CODEBASE = http://game1.pogo.co...m-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Texas Hold'em Poker by pogo.osd

[The Sims Pinball by pogo]
CODEBASE = http://simball.pogo....l-ob-assets.cab

[The Sims Pinball by pogo.com]
CODEBASE = http://simball01.pog...l-ob-assets.cab

[Tri-Peaks by pogo]
CODEBASE = http://game1.pogo.co...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tri-Peaks by pogo.osd

[Tumble Bees by pogo]
CODEBASE = http://game1.pogo.co...e-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tumble Bees by pogo.osd

[Video Poker]
CODEBASE = http://download.game...ts/y/vpt0_x.cab

[Word Whomp by pogo]
CODEBASE = http://whomp.pogo.co...p-ob-assets.cab

[Word Whomp Whackdown by pogo]
CODEBASE = http://game1.pogo.co...n-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Word Whomp Whackdown by pogo.osd

[WordJong by pogo]
CODEBASE = http://game1.pogo.co...g-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\WordJong by pogo.osd

[World Class Solitaire by pogo]
CODEBASE = http://game1.pogo.co...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\World Class Solitaire by pogo.osd

[Yahoo! Blackjack]
CODEBASE = http://download.game...nts/y/jt0_x.cab

[Yahoo! Chat]
CODEBASE = http://us.chat1.yimg...t/c381/chat.cab

[Yahoo! Dominoes]
CODEBASE = http://download.game...ts/y/dot2_x.cab

[Yahoo! Freecell Solitaire]
CODEBASE = http://yog55.games.s...yog/y/fs9_x.cab

[Yahoo! Klondike Solitaire]
CODEBASE = http://yog55.games.s...og/y/ks11_x.cab

[Yahoo! Literati]
CODEBASE = http://download.game...nts/y/tt0_x.cab

[Yahoo! MahJong Solitaire]
CODEBASE = http://download.game...s/y/mjst3_x.cab

[Yahoo! Pyramids]
CODEBASE = http://download.game...ts/y/pyt1_x.cab

[Yahoo! Towers 2.0]
CODEBASE = http://download.game...ts/y/ywt0_x.cab

[{0000000A-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...0367/wmavax.CAB

[{01111C00-3E00-11D2-8470-0060089874ED}]
CODEBASE = http://support.cox.n...oad/tgctlar.cab

[{01111E00-3E00-11D2-8470-0060089874ED}]
CODEBASE = http://support.cox.n...oad/tgctlsi.cab

[Microsoft Office Template and Media Control]
InProcServer32 = C:\PROGRA~1\MICROS~3\OFFICE11\IEAWSDC.DLL
CODEBASE = http://office.micros...tes/ieawsdc.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[{072D3F2E-5FB6-11D3-B461-00C04FA35A21}]
CODEBASE = http://www.jeld-wen....sses/CFJava.cab

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBin\Shared\MGBrwFld.dll
CODEBASE = http://download.mcaf...ed/MGBrwFld.cab

[DjVuCtl Class]
InProcServer32 = C:\Program Files\LizardTech\DjVuControl\DjVuCntl.dll
CODEBASE = http://www.lizardtec...ntrol_en_US.cab

[CompositeView Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IRCVIE~3.OCX
CODEBASE = http://imagin.munpl....t/IrcViewer.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...ector/swdir.cab

[EABootStrap Class]
InProcServer32 = C:\WINDOWS\System32\eabtstrp.dll
CODEBASE = http://www.ea.com/do...trap/iegils.cab

[ChainCast VMR Client Proxy]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ccpm_0237.dll
CODEBASE = http://www.streamaud...d/ccpm_0237.cab

[Tkweb Control]
InProcServer32 = C:\WINDOWS\System32\TKWEB.OCX
CODEBASE = http://www.toolkitcm...tkweb/tkweb.cab

[{2C52AF58-B9B1-11D5-9DF6-00508B755B44}]
CODEBASE = http://www.smartforc...XClientUtil.cab

[CompositeView Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IRCVIE~1.OCX
CODEBASE = http://imagin.munpl....t/IrcViewer.cab

[YInstStarter Class]
CODEBASE = http://download.yaho...alls/yinstc.cab

[{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8}]
CODEBASE = http://www.cult3d.co...user/index.html

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc2.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcaf...90/mcinsctl.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
CODEBASE = http://by1fd.bay1.ho...es/MsnPUpld.cab

[Autodesk MapGuide ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MgAxCtrl.dll
CODEBASE = http://www.maricopa....in/mgaxctrl.cab

[{6A060448-60F9-11D5-A6CD-0002B31F7455}]
CODEBASE = http://us.games2.yim...ctl_0_0_0_0.ocx

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[ImageControl Class]
InProcServer32 = C:\WINDOWS\system32\mfimgvwr.ocx
CODEBASE = http://c.ancestry.co...er/MFImgVwr.cab

[{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F}]
CODEBASE = http://de.trendmicro...eCallButton.CAB

[MrSIDI Control]
InProcServer32 = C:\WINDOWS\MrSIDI.ocx
CODEBASE = http://images.myfami...oads/MrSIDI.cab

[{8714912E-380D-11D5-B8AA-00D0B78F3D48}]
CODEBASE = http://chat.yahoo.com/cab/yuplapp.cab

[Java Plug-in 1.4.1_02]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft...free/asinst.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7603.7812615741

[{A17E30C4-A9BA-11D4-8673-60DB54C10000}]
CODEBASE = http://us.dl1.yimg.c...ymmapi_0727.dll

[InetDownload Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WMDownload.dll
CODEBASE = http://activex.micro...loadcontrol.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://zone.msn.com/...ro.cab34246.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE = http://download.mcaf...,23/mcgdmgr.cab

[Downloader Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dwnldr.dll
CODEBASE = http://www.stopzilla...ller/dwnldr.cab

[Java Plug-in 1.4.1_02]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[PopCapLoader Object]
CODEBASE = http://download.game...aploader_v5.cab

[{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}]
CODEBASE = http://lw4fd.law4.ho...ex/HMAtchmt.ocx

[{F281A59C-7B65-11D3-8617-0010830243BD}]

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

.NET Framework Service: C:\WINDOWS\svchost.exe (autostart)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
basic2: System32\DRIVERS\basic2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-DillaCdaC11BA: C:\WINDOWS\System32\drivers\CDAC11BA.EXE (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CdaC15BA: \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Cnxtdiag: System32\DRIVERS\cnxtdiag.sys (autostart)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Creative Service for CDROM Access: C:\WINDOWS\System32\CTSVCCDA.EXE (autostart)
Crypkey License: crypserv.exe (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CSS DVP: system32\DRIVERS\css-dvp.sys (autostart)
Curtains for Windows System Service: c:\program files\cox\applications\app\CurtainsSysSvcNt.exe (autostart)
Kodak Camera Proxy: System32\DRIVERS\DcCam.sys (system)
DcFpoint: System32\DRIVERS\DcFpoint.sys (manual start)
Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)
Legacy Polling Service: System32\DRIVERS\DcLps.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
dcptp: System32\DRIVERS\DcPTP.sys (manual start)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DvpApi: "C:\Program Files\Common Files\Command Software\dvpapi.exe" (autostart)
EPSON Printer Status Agent2: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido\security suite\ewidoguard.exe (autostart)
Exportit: System32\DRIVERS\exportit.sys (system)
Fallback: System32\DRIVERS\fallback.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\fsksnt.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
GR TDI Mon: System32\Drivers\GRTdiMon.sys (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)
Iomega Activity Disk2: "C:\PROGRA~1\Iomega\System32\ActivityDisk.exe" (autostart)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\k56nt.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
McAfee SecurityCenter Update Manager: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NetworkX: \SystemRoot\system32\ckldrv.sys (system)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Creative PC-CAM 300 (Still Image): System32\DRIVERS\PD016blk.sys (manual start)
Creative PC-CAM 300 (Video): System32\DRIVERS\PD016vid.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Iomega Parallel Port Filter Driver: System32\DRIVERS\ppa.sys (system)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\rksample.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139/810X Family Fast Ethernet NIC NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ScsiAccess: C:\WINDOWS\System32\ScsiAccess.EXE (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
SoftFax: System32\DRIVERS\faxnt.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
STOPzilla Local Service: C:\Program Files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{6944B265-66BE-4DAF-BFB9-E56C43C8A291} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Terayon Cable Modem (NDIS): System32\DRIVERS\tj2knd5.sys (manual start)
Terayon Cable Modem (WDM): System32\DRIVERS\tj2kunic.sys (manual start)
Tones: System32\DRIVERS\tonesnt.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVE
  • 0

#19
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
boot into safe mode please

Go to Start->Run and type CMD.

type in the following:

sc stop .NET Connection Service

then enter

sc delete .NET Connection Service

then enter

You can close DOS window out now

Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\svchost.exe


reboot into normal mode

Edited by Excal, 20 August 2005 - 01:02 AM.

  • 0

#20
Tomigirl1947

Tomigirl1947

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Was unable to complete instructions......

[SC] OpenService FAILED 1060:

The specified service does not exists as an installed service.

Also, the file svchost.exe isn't there.

Thanks, again,

Tomi
  • 0

#21
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
go to run and type in nusrmgr.cpl

Go to "Create a New Account" type the new name for the account, then click the Next button. Choose "Computer Administrator", then click "create account". Now reboot your computer and log onto the new account you just created.

Let me know if you are having the same problems on the new account.


Thanks,

:tazz:

Excal
  • 0

#22
Tomigirl1947

Tomigirl1947

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Same problem............. :tazz:
  • 0

#23
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Download CWShredder here to its own folder.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • then Fix and then Next, let it fix everything it asks about.
Download WinPFind and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
don't do anything with it yet.

boot into safe mode


Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

reboot

Please post the winpfind log

Silent Runners:
  • Please click this link to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
  • Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

  • NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
    For some time it will look like nothing is happening. Just keep waiting.
  • Once it's done it will create a log. A window will come up telling you when it's saved. Please post that log here

  • 0

#24
Tomigirl1947

Tomigirl1947

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok, here are the 2 logs:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PEC2 5/25/2002 5:28:42 PM 365056 C:\WINDOWS\Dotest.exe
PEC2 5/19/2001 5:08:44 PM 6656 C:\WINDOWS\pcboot.exe
PEC2 3/15/2003 10:46:14 PM 168448 C:\WINDOWS\realtime.exe
UPX! 8/13/2005 8:38:02 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 8/13/2005 8:38:02 PM 15628561 C:\WINDOWS\VPTNFILE.777
qoologic 8/13/2005 8:38:02 PM 15628561 C:\WINDOWS\VPTNFILE.777
SAHAgent 8/13/2005 8:38:02 PM 15628561 C:\WINDOWS\VPTNFILE.777
UPX! 8/13/2005 9:24:36 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 8/13/2005 9:24:36 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 1/26/2004 11:42:26 AM 222208 C:\WINDOWS\SYSTEM32\actskn43.ocx
PEC2 8/18/2001 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 5/11/2004 8:35:28 PM 128000 C:\WINDOWS\SYSTEM32\Dsslji.dat
PEC2 2/14/1997 11:24:14 PM 197171 C:\WINDOWS\SYSTEM32\Dwapilib.tlb
PEC2 1/22/2003 5:30:40 AM 187904 C:\WINDOWS\SYSTEM32\gmi.tad
PEC2 6/6/2004 5:30:38 PM 7708515 C:\WINDOWS\SYSTEM32\june 2004.Scr
PECompact2 6/9/2005 2:14:14 PM 1292120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 6/9/2005 2:14:14 PM 1292120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
aspack 12/10/2004 10:30:48 AM 707176 C:\WINDOWS\SYSTEM32\drivers\css-dvp.sys
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/20/2005 2:43:44 PM 2048 C:\WINDOWS\bootstat.dat
H 8/19/2005 10:25:40 PM 749 C:\WINDOWS\WindowsShell.Manifest
H 6/24/2005 5:06:28 PM 0 C:\WINDOWS\inf\oem44.inf
H 8/19/2005 10:25:40 PM 749 C:\WINDOWS\system32\cdplayer.exe.manifest
H 8/19/2005 10:25:40 PM 749 C:\WINDOWS\system32\ncpa.cpl.manifest
H 8/19/2005 10:25:40 PM 749 C:\WINDOWS\system32\nwc.cpl.manifest
H 8/19/2005 10:25:40 PM 749 C:\WINDOWS\system32\sapi.cpl.manifest
H 8/19/2005 10:25:40 PM 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
S 7/8/2005 4:23:18 PM 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
S 6/30/2005 9:06:34 AM 11437 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
S 7/19/2005 7:18:10 PM 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
S 6/30/2005 1:42:18 PM 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
S 6/30/2005 2:21:10 PM 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
S 6/30/2005 8:46:18 AM 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
S 6/28/2005 7:12:56 PM 11845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
H 8/20/2005 2:43:32 PM 8192 C:\WINDOWS\system32\config\default.LOG
H 8/20/2005 2:44:06 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
H 8/20/2005 2:43:48 PM 12288 C:\WINDOWS\system32\config\SECURITY.LOG
H 8/20/2005 2:44:06 PM 57344 C:\WINDOWS\system32\config\software.LOG
H 8/20/2005 2:43:56 PM 1003520 C:\WINDOWS\system32\config\system.LOG
H 7/13/2005 5:45:24 PM 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
S 8/7/2005 8:53:30 AM 17209 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
S 8/7/2005 8:53:30 AM 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
SH 6/28/2005 10:12:22 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\19ea113c-b2ea-498e-a4a2-ff4510ead883
SH 6/28/2005 10:12:22 PM 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
H 8/20/2005 2:27:24 PM 6 C:\WINDOWS\Tasks\SA.DAT
H 8/13/2005 12:00:02 PM 422 C:\WINDOWS\Tasks\{755C4661-5237-46E4-BA7F-A5CB2D89A965}_YOUR-5OLNB28OAO_Tim McIntosh.job

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Creative Technology Ltd. 3/30/2001 3:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2/20/2003 4:42:34 PM 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 9/27/2002 2:38:00 PM 192512 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 4/11/2001 12:22:06 PM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Caere Corp. 11/3/2000 4:18:52 PM 303104 C:\WINDOWS\SYSTEM32\scmgrcpl50.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/23/2002 11:39:06 PM 910 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
3/10/2002 5:20:26 PM 890 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
3/10/2002 5:33:24 PM 890 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
10/31/2002 6:56:40 PM 1587 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
9/14/2002 12:50:08 PM 697 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk
10/31/2002 6:56:40 PM 1569 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
8/20/2005 2:41:14 PM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
Q312461 =
Cox High Speed Internet Customer = IEAKCox
FunWebProducts-MyWay =
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4D90779-6CB2-4752-83C2-A2AB4D9A672D}
AuthBHO.cBHO = C:\Program Files\Cox\Applications\app\AuthBHO.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}
STOPzilla Browser Helper Object = C:\WINDOWS\System32\SZIEBHO.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
= C:\Program Files\Microsoft Money\System\mnyviewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
{64634180-B0EA-48B6-82B7-9620D33362C1} = AuthBHO.cBlockerBar : C:\Program Files\Cox\Applications\app\AuthBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Iomega Startup Options C:\Program Files\Iomega\Common\ImgStart.exe
Iomega Drive Icons C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
Disc Detector C:\Program Files\Creative\ShareDLL\CtNotify.exe
OmniPage C:\Program Files\Caere\OmniPagePro90\opware32.exe
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
nwiz nwiz.exe /install
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
workflo D:\install\workflow.exe
EPSON Stylus CX6400 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O5 "LPT1:" /M "Stylus CX6400"
EPSON Stylus CX6400 (Copy 1) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P28 "EPSON Stylus CX6400 (Copy 1)" /O6 "USB001" /M "Stylus CX6400"
STOPzilla "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
FLMOFFICE4DMOUSE C:\Program Files\Browser MOUSE\mouse32a.exe
IntelliType "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
msnappau "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
AuthConsoleStart
VirusScan Online "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
SpybotSnD "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\AUserInit.exe
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/20/2005 2:55:50 PM


"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"Iomega Startup Options" = "C:\Program Files\Iomega\Common\ImgStart.exe" ["Iomega Corporation"]
"Iomega Drive Icons" = "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"]
"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"OmniPage" = "C:\Program Files\Caere\OmniPagePro90\opware32.exe" ["Caere Corporation"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"workflo" = "D:\install\workflow.exe" [file not found]
"EPSON Stylus CX6400" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O5 "LPT1:" /M "Stylus CX6400"" ["SEIKO EPSON CORPORATION"]
"EPSON Stylus CX6400 (Copy 1)" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P28 "EPSON Stylus CX6400 (Copy 1)" /O6 "USB001" /M "Stylus CX6400"" ["SEIKO EPSON CORPORATION"]
"STOPzilla" = ""C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun" ["International Software Systems Solutions"]
"FLMOFFICE4DMOUSE" = "C:\Program Files\Browser MOUSE\mouse32a.exe" [empty string]
"IntelliType" = ""C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"" [MS]
"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"" [MS]
"AuthConsoleStart" = (empty string)
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" [file not found]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" [file not found]
"THGuard" = ""C:\Program Files\TrojanHunter 4.2\THGuard.exe"" ["Mischel Internet Security"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"SpybotSnD" = ""C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\(Default) = "Browser Customizations"
\StubPath = "RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\(Default) = "Microsoft Outlook Express 6"
\StubPath = ""C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install" [MS]
{4b218e3e-bc98-4770-93d3-2731b9329278}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\inf\ie.inf" [MS]
{5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "Windows Messenger 4.7"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser" [MS]
{6BF52A52-394A-11d3-B153-00C04F79FAA6}\(Default) = "Microsoft Windows Media Player"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub" [MS]
{7790769C-0471-11d2-AF11-00C04FA35D02}\(Default) = "Address Book 6"
\StubPath = ""C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install" [MS]
{89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = "Windows Desktop Update"
\StubPath = "regsvr32.exe /s /n /i:U shell32.dll" [MS]
{89820200-ECBD-11cf-8B85-00AA005B4383}\(Default) = "Internet Explorer 6"
\StubPath = "C:\WINDOWS\system32\ie4uinit.exe" [MS]
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
{A4D90779-6CB2-4752-83C2-A2AB4D9A672D}\(Default) = "AuthBHO.cBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Cox\Applications\app\AuthBHO.dll" ["Authentium, Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS]
{E3215F20-3212-11D6-9F8B-00D0B743919D}\(Default) = "STOPzilla Browser Helper Object" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\SZIEBHO.dll" ["International Software Systems Solutions"]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{1CAA843A-6DBD-40EF-AB71-8F7B209997C0}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Hardware\Keyboard\itcpl.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\emachines.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "fixit" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."]
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Billminder" -> shortcut to: "C:\Program Files\QUICKEN2000\BILLMIND.EXE" ["Intuit"]
"MightyFAX Controller" -> shortcut to: "C:\Program Files\MightyFax NT\MFNTCTL.EXE" [null data]
"Quicken Startup" -> shortcut to: "C:\Program Files\QUICKEN2000\QWDLLS.EXE" ["Intuit"]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Scan for Viruses - My Computer (YOUR-5OLNB28OAO-Tomi McIntosh)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0" [file not found]
"{755C4661-5237-46E4-BA7F-A5CB2D89A965}_YOUR-5OLNB28OAO_Tim McIntosh" -> launches: "C:\WINDOWS\system32\mobsync.exe /Schedule="{755C4661-5237-46E4-BA7F-A5CB2D89A965}_YOUR-5OLNB28OAO_Tim McIntosh"" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll" ["Yahoo! Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS]

"{64634180-B0EA-48B6-82B7-9620D33362C1}" = "AuthBHO.cBlockerBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Cox\Applications\app\AuthBHO.dll" ["Authentium, Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll" ["Yahoo! Inc."]

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll" ["Yahoo! Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{301DA1EE-F65C-4188-A417-9E915CC8FBFA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

Missing lines (compared with English-language version):
HIJACK WARNING! "NavigationCanceled" = "http://www.the-exit.com" [file not found]
HIJACK WARNING! "blank" = "http://www.the-exit.com" [file not found]
HIJACK WARNING! "OnlineInformation" = "http://www.the-exit.com" [file not found]


All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------

.NET Framework Service, .NET Connection Service, "C:\WINDOWS\svchost.exe" [file not found]
Application Management, AppMgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\appmgmts.dll" [file not found]}
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTSVCCDA.EXE" ["Creative Technology Ltd"]
Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."]
Curtains for Windows System Service, CurtainsSysSvc, "c:\program files\cox\applications\app\CurtainsSysSvcNt.exe" ["Authentium, Inc."]
DvpApi, dvpapi, ""C:\Program Files\Common Files\Command Software\dvpapi.exe"" ["Command Software Systems, Inc."]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Fax, Fax, "C:\WINDOWS\system32\fxssvc.exe" [MS]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Iomega Activity Disk2, Iomega Activity Disk2, ""C:\PROGRA~1\Iomega\System32\ActivityDisk.exe"" ["Iomega Corporation"]
Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]
Logical Disk Manager Administrative Service, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
McAfee SecurityCenter Update Manager, mcupdmgr.exe, "C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe" ["McAfee, Inc"]
Network Provisioning Service, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Office Source Engine, ose, ""C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"" [MS]
Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mspmsnsv.dll" [MS]}
ScsiAccess, ScsiAccess, "C:\WINDOWS\System32\ScsiAccess.EXE" [null data]
STOPzilla Local Service, STOPzilla Local Service, "C:\Program Files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service"" ["International Software Systems Solutions"]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]
WMI Performance Adapter, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 57 seconds, including 18 seconds for message boxes)


Thanks again

Tomigirl
  • 0

#25
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Download About Buster and unzip it to a folder on your Desktop. Run the program and click OK. Click Update > Check For Update then exit About Buster once the update is complete.

Please boot into safe mode

Run About Buster and click Begin Removal. save the log file


Reboot into normal mode and please post me that log.


Thanks,

:tazz:

Excal
  • 0

Advertisements


#26
Tomigirl1947

Tomigirl1947

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok, here the AB log file:

AboutBuster 5.0 reference file 31
Scan started on [8/20/2005] at [5:09:15 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\Thumbs.db:encryptable
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 5:10:36 PM
  • 0

#27
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Next go to task manager, then file, and to run. type Control Panel and enter. click appearance and themes>click Display > Desktop Tab> click Customize Desktop > Web tab > Uncheck anthing in there if present.

:tazz:

Ex
  • 0

#28
Tomigirl1947

Tomigirl1947

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ex

There was 1 item in there, but nothing checked................

Tomi
  • 0

#29
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Go ahead and download, install and run this program.

http://www.download....4-10377263.html


Please save the log for me to view.

Thanks,

:tazz:

Excal
  • 0

#30
Tomigirl1947

Tomigirl1947

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the log................should I finish running the program or wait until you view the log?????

Tomi

Spyware Doctor Activity Report
Generated on 8/20/2005 6:07:30 PM Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 8/20/2005 6:08:04 PM
scan stop: 8/20/2005 6:20:39 PM
scanned items: 84755
found items: 641
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Disk Scanner



Infection Name Location Risk
Fastfind multiple Elevated
Admilli Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdmilliServX.dll Elevated
Admilli Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdmilliServX.dll## Elevated
Admilli Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdmilliServX.dll##.Owner Elevated
Admilli Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdmilliServX.dll##{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} Elevated
BingoFun Games HKLM\software\classes\interface\{154c4802-8666-11d1-b4ce-000001021773} Medium
BingoFun Games HKLM\software\classes\interface\{154c4802-8666-11d1-b4ce-000001021773}## Medium
BingoFun Games HKLM\software\classes\interface\{154c4802-8666-11d1-b4ce-000001021773}\ProxyStubClsid Medium
BingoFun Games HKLM\software\classes\interface\{154c4802-8666-11d1-b4ce-000001021773}\ProxyStubClsid## Medium
BingoFun Games HKLM\software\classes\interface\{154c4802-8666-11d1-b4ce-000001021773}\ProxyStubClsid32 Medium
BingoFun Games HKLM\software\classes\interface\{154c4802-8666-11d1-b4ce-000001021773}\ProxyStubClsid32## Medium
BingoFun Games HKLM\software\classes\interface\{154c4802-8666-11d1-b4ce-000001021773}\TypeLib Medium
BingoFun Games HKLM\software\classes\interface\{154c4802-8666-11d1-b4ce-000001021773}\TypeLib## Medium
BingoFun Games HKLM\software\classes\interface\{154c4802-8666-11d1-b4ce-000001021773}\TypeLib##Version Medium
BingoFun Games HKLM\software\classes\interface\{40e79fc5-8b22-11d1-b4d4-000001021773} Medium
BingoFun Games HKLM\software\classes\interface\{40e79fc5-8b22-11d1-b4d4-000001021773}## Medium
BingoFun Games HKLM\software\classes\interface\{40e79fc5-8b22-11d1-b4d4-000001021773}\ProxyStubClsid Medium
BingoFun Games HKLM\software\classes\interface\{40e79fc5-8b22-11d1-b4d4-000001021773}\ProxyStubClsid## Medium
BingoFun Games HKLM\software\classes\interface\{40e79fc5-8b22-11d1-b4d4-000001021773}\ProxyStubClsid32 Medium
BingoFun Games HKLM\software\classes\interface\{40e79fc5-8b22-11d1-b4d4-000001021773}\ProxyStubClsid32## Medium
BingoFun Games HKLM\software\classes\interface\{40e79fc5-8b22-11d1-b4d4-000001021773}\TypeLib Medium
BingoFun Games HKLM\software\classes\interface\{40e79fc5-8b22-11d1-b4d4-000001021773}\TypeLib## Medium
BingoFun Games HKLM\software\classes\interface\{40e79fc5-8b22-11d1-b4d4-000001021773}\TypeLib##Version Medium
BingoFun Games HKLM\software\classes\interface\{bd7e4540-8e51-11d1-b4da-000001021773} Medium
BingoFun Games HKLM\software\classes\interface\{bd7e4540-8e51-11d1-b4da-000001021773}## Medium
BingoFun Games HKLM\software\classes\interface\{bd7e4540-8e51-11d1-b4da-000001021773}\ProxyStubClsid Medium
BingoFun Games HKLM\software\classes\interface\{bd7e4540-8e51-11d1-b4da-000001021773}\ProxyStubClsid## Medium
BingoFun Games HKLM\software\classes\interface\{bd7e4540-8e51-11d1-b4da-000001021773}\ProxyStubClsid32 Medium
BingoFun Games HKLM\software\classes\interface\{bd7e4540-8e51-11d1-b4da-000001021773}\ProxyStubClsid32## Medium
BingoFun Games HKLM\software\classes\interface\{bd7e4540-8e51-11d1-b4da-000001021773}\TypeLib Medium
BingoFun Games HKLM\software\classes\interface\{bd7e4540-8e51-11d1-b4da-000001021773}\TypeLib## Medium
BingoFun Games HKLM\software\classes\interface\{bd7e4540-8e51-11d1-b4da-000001021773}\TypeLib##Version Medium
BingoFun Games HKLM\software\classes\interface\{e30a4900-b80d-11d1-b0a1-5254ff00038f} Medium
BingoFun Games HKLM\software\classes\interface\{e30a4900-b80d-11d1-b0a1-5254ff00038f}## Medium
BingoFun Games HKLM\software\classes\interface\{e30a4900-b80d-11d1-b0a1-5254ff00038f}\ProxyStubClsid Medium
BingoFun Games HKLM\software\classes\interface\{e30a4900-b80d-11d1-b0a1-5254ff00038f}\ProxyStubClsid## Medium
BingoFun Games HKLM\software\classes\interface\{e30a4900-b80d-11d1-b0a1-5254ff00038f}\ProxyStubClsid32 Medium
BingoFun Games HKLM\software\classes\interface\{e30a4900-b80d-11d1-b0a1-5254ff00038f}\ProxyStubClsid32## Medium
BingoFun Games HKLM\software\classes\interface\{e30a4900-b80d-11d1-b0a1-5254ff00038f}\TypeLib Medium
BingoFun Games HKLM\software\classes\interface\{e30a4900-b80d-11d1-b0a1-5254ff00038f}\TypeLib## Medium
BingoFun Games HKLM\software\classes\interface\{e30a4900-b80d-11d1-b0a1-5254ff00038f}\TypeLib##Version Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773} Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}## Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1 Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1## Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1\0 Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1\0## Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1\0\win32 Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1\0\win32## Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1\0\win32##default Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1\FLAGS Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1\FLAGS## Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1\HELPDIR Medium
BingoFun Games HKLM\software\classes\typelib\{154c47f3-8666-11d1-b4ce-000001021773}\1.1\HELPDIR## Medium
BingoFun Games HKLM\software\classes\ebsgame.message Medium
BingoFun Games HKLM\software\classes\ebsgame.message## Medium
BingoFun Games HKLM\software\classes\ebsgame.message\CLSID Medium
BingoFun Games HKLM\software\classes\ebsgame.message\CLSID## Medium
BingoFun Games HKLM\software\classes\ebsgame.message\CurVer Medium
BingoFun Games HKLM\software\classes\ebsgame.message\CurVer## Medium
BingoFun Games HKLM\software\classes\ebsgame.message.1 Medium
BingoFun Games HKLM\software\classes\ebsgame.message.1## Medium
BingoFun Games HKLM\software\classes\ebsgame.message.1\CLSID Medium
BingoFun Games HKLM\software\classes\ebsgame.message.1\CLSID## Medium
BingoFun Games HKLM\software\classes\ebsgame.socket Medium
BingoFun Games HKLM\software\classes\ebsgame.socket## Medium
BingoFun Games HKLM\software\classes\ebsgame.socket\CLSID Medium
BingoFun Games HKLM\software\classes\ebsgame.socket\CLSID## Medium
BingoFun Games HKLM\software\classes\ebsgame.socket\CurVer Medium
BingoFun Games HKLM\software\classes\ebsgame.socket\CurVer## Medium
BingoFun Games HKLM\software\classes\ebsgame.socket.1 Medium
BingoFun Games HKLM\software\classes\ebsgame.socket.1## Medium
BingoFun Games HKLM\software\classes\ebsgame.socket.1\CLSID Medium
BingoFun Games HKLM\software\classes\ebsgame.socket.1\CLSID## Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink## Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink\CLSID Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink\CLSID## Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink\CurVer Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink\CurVer## Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink.1 Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink.1## Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink.1\CLSID Medium
BingoFun Games HKLM\software\classes\socketsink.socketsink.1\CLSID## Medium
ClipGenie HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClipGenie Low
ClipGenie HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClipGenie## Low
ClipGenie HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClipGenie##SlowInfoCache Low
ClipGenie HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClipGenie##Changed Low
Common Components for GAIN HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll Elevated
Common Components for GAIN HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll Elevated
Common Components for WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WUInst.dll Medium
Common Components for WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WUInst.dll## Medium
Common Components for WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WUInst.dll##.Owner Medium
Fastfind HKCR\E.HH Elevated
Fastfind HKCR\E.HH## Elevated
Fastfind HKCR\E.HH\Clsid Elevated
Fastfind HKCR\E.HH\Clsid## Elevated
Fastfind HKCR\Interface\{47D8F3A0-C511-4D91-A963-F00DDDEE4E49} Elevated
Fastfind HKCR\Interface\{47D8F3A0-C511-4D91-A963-F00DDDEE4E49}## Elevated
Fastfind HKCR\Interface\{47D8F3A0-C511-4D91-A963-F00DDDEE4E49}\ProxyStubClsid Elevated
Fastfind HKCR\Interface\{47D8F3A0-C511-4D91-A963-F00DDDEE4E49}\ProxyStubClsid## Elevated
Fastfind HKCR\Interface\{47D8F3A0-C511-4D91-A963-F00DDDEE4E49}\ProxyStubClsid32 Elevated
Fastfind HKCR\Interface\{47D8F3A0-C511-4D91-A963-F00DDDEE4E49}\ProxyStubClsid32## Elevated
Fastfind HKCR\Interface\{47D8F3A0-C511-4D91-A963-F00DDDEE4E49}\TypeLib Elevated
Fastfind HKCR\Interface\{47D8F3A0-C511-4D91-A963-F00DDDEE4E49}\TypeLib## Elevated
Fastfind HKCR\Interface\{47D8F3A0-C511-4D91-A963-F00DDDEE4E49}\TypeLib##Version Elevated
Fastfind HKCR\Interface\{5A4E1627-8677-41F7-B78C-4CACDF5B12FF} Elevated
Fastfind HKCR\Interface\{5A4E1627-8677-41F7-B78C-4CACDF5B12FF}## Elevated
Fastfind HKCR\Interface\{5A4E1627-8677-41F7-B78C-4CACDF5B12FF}\ProxyStubClsid Elevated
Fastfind HKCR\Interface\{5A4E1627-8677-41F7-B78C-4CACDF5B12FF}\ProxyStubClsid## Elevated
Fastfind HKCR\Interface\{5A4E1627-8677-41F7-B78C-4CACDF5B12FF}\ProxyStubClsid32 Elevated
Fastfind HKCR\Interface\{5A4E1627-8677-41F7-B78C-4CACDF5B12FF}\ProxyStubClsid32## Elevated
Fastfind HKCR\Interface\{5A4E1627-8677-41F7-B78C-4CACDF5B12FF}\TypeLib Elevated
Fastfind HKCR\Interface\{5A4E1627-8677-41F7-B78C-4CACDF5B12FF}\TypeLib## Elevated
Fastfind HKCR\Interface\{5A4E1627-8677-41F7-B78C-4CACDF5B12FF}\TypeLib##Version Elevated
ILookup.Begin2Search HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/winb2s32.dll High
ILookup.Begin2Search HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/winb2s32.dll## High
ILookup.Begin2Search HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/winb2s32.dll##.Owner High
ILookup.Begin2Search HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/winb2s32.dll##{07E9CDF4-20D2-46B1-B681-663968F527CE} High
InternetOptimizer HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer High
InternetOptimizer HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer## High
InternetOptimizer HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer##SlowInfoCache High
InternetOptimizer HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer##Changed High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc## High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##SlowInfoCache High
ISTbar HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc##Changed High
Lycos SideSearch HKLM\SOFTWARE\Lycos Medium
Lycos SideSearch HKLM\SOFTWARE\Lycos## Medium
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service## Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service##Type Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service##Start Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service##ErrorControl Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service##ImagePath Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service##DisplayName Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service##ObjectName Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service\Security Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service\Security## Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service\Security##Security Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service\Enum Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service\Enum## Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service\Enum##0 Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service\Enum##Count Elevated
ShopNav HKLM\SYSTEM\CurrentControlSet\Services\.NET Connection Service\Enum##NextInstance Elevated
WebSearch Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow_AS2.dll Elevated
WebSearch Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow_AS2.dll## Elevated
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Info
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}## Info
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FriendlyName Info
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##CLSID Info
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FilterData Info
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000} Info
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}## Info
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid Info
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid## Info
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Info
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib## Info
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib##Version Info
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000} Info
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}## Info
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid Info
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid## Info
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Info
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib## Info
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib##Version Info
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} Info
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}## Info
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid Info
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid## Info
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Info
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib## Info
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib##Version Info
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} Info
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}## Info
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid Info
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid## Info
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Info
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib## Info
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib##Version Info
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f} Info
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}## Info
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid Info
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid## Info
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Info
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib## Info
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib##Version Info
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} Info
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}## Info
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid Info
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid## Info
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Info
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib## Info
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib##Version Info
WildTangent HKCR\Interface\{378FAD15-80E9-4847-89C2-3D8B1E9C1786} Info
WildTangent HKCR\Interface\{378FAD15-80E9-4847-89C2-3D8B1E9C1786}## Info
WildTangent HKCR\Interface\{378FAD15-80E9-4847-89C2-3D8B1E9C1786}\ProxyStubClsid Info
WildTangent HKCR\Interface\{378FAD15-80E9-4847-89C2-3D8B1E9C1786}\ProxyStubClsid## Info
WildTangent HKCR\Interface\{378FAD15-80E9-4847-89C2-3D8B1E9C1786}\ProxyStubClsid32 Info
WildTangent HKCR\Interface\{378FAD15-80E9-4847-89C2-3D8B1E9C1786}\ProxyStubClsid32## Info
WildTangent HKCR\Interface\{378FAD15-80E9-4847-89C2-3D8B1E9C1786}\TypeLib Info
WildTangent HKCR\Interface\{378FAD15-80E9-4847-89C2-3D8B1E9C1786}\TypeLib## Info
WildTangent HKCR\Interface\{378FAD15-80E9-4847-89C2-3D8B1E9C1786}\TypeLib##Version Info
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227} Info
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}## Info
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid Info
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid## Info
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Info
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib## Info
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib##Version Info
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0} Info
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}## Info
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid Info
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid## Info
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib Info
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib## Info
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib##Version Info
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64} Info
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}## Info
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid Info
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid## Info
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Info
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib## Info
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib##Version Info
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} Info
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}## Info
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid Info
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid## Info
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib Info
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib## Info
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib##Version Info
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469} Info
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}## Info
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid Info
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid## Info
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib Info
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib## Info
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib##Version Info
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000} Info
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}## Info
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid Info
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid## Info
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Info
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib## Info
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib##Version Info
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa} Info
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}## Info
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid Info
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid## Info
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Info
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib## Info
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib##Version Info
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} Info
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}## Info
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid Info
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid## Info
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib Info
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib## Info
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib##Version Info
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626} Info
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}## Info
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid Info
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid## Info
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib Info
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib## Info
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib##Version Info
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5} Info
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}## Info
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid Info
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid## Info
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib Info
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib## Info
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib##Version Info
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} Info
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}## Info
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid Info
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid## Info
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Info
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib## Info
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib##Version Info
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} Info
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}## Info
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid Info
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid## Info
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib Info
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib## Info
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib##Version Info
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} Info
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Info
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid## Info
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Info
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib## Info
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib##Version Info
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} Info
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Info
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid## Info
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Info
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib## Info
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib##Version Info
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} Info
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}## Info
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid Info
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid## Info
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib Info
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib## Info
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib##Version Info
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf} Info
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}## Info
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid Info
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid## Info
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib Info
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib## Info
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib##Version Info
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000} Info
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}## Info
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid Info
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid## Info
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Info
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib## Info
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib##Version Info
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} Info
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}## Info
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid Info
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid## Info
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Info
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib## Info
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib##Version Info
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} Info
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}## Info
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid Info
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid## Info
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib Info
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib## Info
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib##Version Info
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} Info
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}## Info
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid Info
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid## Info
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib Info
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib## Info
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib##Version Info
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000} Info
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}## Info
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid Info
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid## Info
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Info
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib## Info
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib##Version Info
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} Info
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Info
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} Info
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Info
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} Info
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Info
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} Info
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Info
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} Info
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib Info
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} Info
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib Info
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} Info
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib Info
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a} Info
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}## Info
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid Info
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid## Info
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32 Info
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32## Info
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib Info
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib## Info
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib##Version Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad} Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}## Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0 Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0## Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\0 Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\0## Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\0\win32 Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\0\win32## Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\0\win32##default Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\FLAGS Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\FLAGS## Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\HELPDIR Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\HELPDIR## Info
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\HELPDIR##default Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8} Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}## Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0 Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0## Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\0 Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\0## Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\0\win32 Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\0\win32## Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\0\win32##default Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\FLAGS Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\FLAGS## Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\HELPDIR Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\HELPDIR## Info
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\HELPDIR##default Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281} Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}## Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0 Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0## Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\0 Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\0## Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\0\win32 Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\0\win32## Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\0\win32##default Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\FLAGS Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\FLAGS## Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\HELPDIR Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\HELPDIR## Info
WildTangent HKCR\TypeLib\{D0CE4DD1-7FCD-46F9-BF4E-B1C79DBB0281}\1.0\HELPDIR##default Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3} Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}## Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0 Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0## Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0 Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0## Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0\win32 Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0\win32## Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0\win32##default Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\FLAGS Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\FLAGS## Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\HELPDIR Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\HELPDIR## Info
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\HELPDIR##default Info
WildTangent HKCR\wdmhhost.wthoster Info
WildTangent HKCR\wdmhhost.wthoster## Info
WildTangent HKCR\wdmhhost.wthoster\CLSID Info
WildTangent HKCR\wdmhhost.wthoster\CLSID## Info
WildTangent HKCR\wdmhhost.wthoster\CurVer Info
WildTangent HKCR\wdmhhost.wthoster\CurVer## Info
WildTangent HKCR\wdmhhost.wthoster.1 Info
WildTangent HKCR\wdmhhost.wthoster.1## Info
WildTangent HKCR\wdmhhost.wthoster.1\CLSID Info
WildTangent HKCR\wdmhhost.wthoster.1\CLSID## Info
WildTangent HKCR\wt.wtmultiplayer Info
WildTangent HKCR\wt.wtmultiplayer## Info
WildTangent HKCR\wt.wtmultiplayer\CLSID Info
WildTangent HKCR\wt.wtmultiplayer\CLSID## Info
WildTangent HKCR\wt.wtmultiplayer\CurVer Info
WildTangent HKCR\wt.wtmultiplayer\CurVer## Info
WildTangent HKCR\wt.wtmultiplayer.1 Info
WildTangent HKCR\wt.wtmultiplayer.1## Info
WildTangent HKCR\wt.wtmultiplayer.1\CLSID Info
WildTangent HKCR\wt.wtmultiplayer.1\CLSID## Info
WildTangent HKCR\wt3d.wt Info
WildTangent HKCR\wt3d.wt## Info
WildTangent HKCR\wt3d.wt\CLSID Info
WildTangent HKCR\wt3d.wt\CLSID## Info
WildTangent HKCR\wt3d.wt\CurVer Info
WildTangent HKCR\wt3d.wt\CurVer## Info
WildTangent HKCR\wt3d.wt\Insertable Info
WildTangent HKCR\wt3d.wt\Insertable## Info
WildTangent HKCR\wt3d.wt.1 Info
WildTangent HKCR\wt3d.wt.1## Info
WildTangent HKCR\wt3d.wt.1\CLSID Info
WildTangent HKCR\wt3d.wt.1\CLSID## Info
WildTangent HKCR\wtvis.wtvisreceiver Info
WildTangent HKCR\wtvis.wtvisreceiver## Info
WildTangent HKCR\wtvis.wtvisreceiver\CLSID Info
WildTangent HKCR\wtvis.wtvisreceiver\CLSID## Info
WildTangent HKCR\wtvis.wtvisreceiver\CurVer Info
WildTangent HKCR\wtvis.wtvisreceiver\CurVer## Info
WildTangent HKCR\wtvis.wtvisreceiver.1 Info
WildTangent HKCR\wtvis.wtvisreceiver.1## Info
WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID Info
WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID## Info
WildTangent HKCR\wtvis.wtvissender Info
WildTangent HKCR\wtvis.wtvissender## Info
WildTangent HKCR\wtvis.wtvissender\CLSID Info
WildTangent HKCR\wtvis.wtvissender\CLSID## Info
WildTangent HKCR\wtvis.wtvissender\CurVer Info
WildTangent HKCR\wtvis.wtvissender\CurVer## Info
WildTangent HKCR\wtvis.wtvissender.1 Info
WildTangent HKCR\wtvis.wtvissender.1## Info
WildTangent HKCR\wtvis.wtvissender.1\CLSID Info
WildTangent HKCR\wtvis.wtvissender.1\CLSID## Info
Xupiter HKCR\OESearch.OESearchHook\CLSID Elevated
Xupiter HKCR\OESearch.OESearchHook\CLSID## Elevated
Xupiter HKCR\OESearch.OESearchHook.1\CLSID Elevated
Xupiter HKCR\OESearch.OESearchHook.1\CLSID## Elevated
Xupiter HKLM\software\classes\OESearch.OESearchHook\CLSID Elevated
Xupiter HKLM\software\classes\OESearch.OESearchHook\CLSID## Elevated
Xupiter HKLM\software\classes\OESearch.OESearchHook.1\CLSID Elevated
Xupiter HKLM\software\classes\OESearch.OESearchHook.1\CLSID## Elevated
Xupiter HKLM\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/OELoader.dll Elevated
Xupiter HKLM\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/OELoader.dll## Elevated
Xupiter HKLM\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/OELoader.dll##.Owner Elevated
Xupiter HKLM\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/OELoader.dll##{D7B3E460-9968-4191-BD6F-BEED1BC18482} Elevated
Tracking Cookie(s) [email protected][1].txt Medium
Tracking Cookie(s) fixit@geekstogo[1].txt Medium
Tracking Cookie(s) fixit@seeq[1].txt Medium
Tracking Cookie(s) [email protected][1].txt Medium
Tracking Cookie(s) [email protected][1].txt Medium
Advertising fixit@com[2].txt Low
BingoFun Games HKCR\CLSID\{05DCC4C5-958F-11D2-8883-52544C004D83} Medium
BingoFun Games HKCR\CLSID\{05DCC4C5-958F-11D2-8883-52544C004D83}\InprocServer32 Medium
BingoFun Games HKCR\CLSID\{05DCC4C5-958F-11D2-8883-52544C004D83}\ProgID Medium
BingoFun Games HKCR\CLSID\{05DCC4C5-958F-11D2-8883-52544C004D83}\VersionIndependentProgID Medium
BingoFun Games HKLM\Software\Classes\CLSID\{05DCC4C5-958F-11D2-8883-52544C004D83} Medium
BingoFun Games HKLM\Software\Classes\CLSID\{05DCC4C5-958F-11D2-8883-52544C004D83}\InprocServer32 Medium
BingoFun Games HKLM\Software\Classes\CLSID\{05DCC4C5-958F-11D2-8883-52544C004D83}\ProgID Medium
BingoFun Games HKLM\Software\Classes\CLSID\{05DCC4C5-958F-11D2-8883-52544C004D83}\VersionIndependentProgID Medium
BingoFun Games HKCR\CLSID\{154C4803-8666-11D1-B4CE-000001021773} Medium
BingoFun Games HKCR\CLSID\{154C4803-8666-11D1-B4CE-000001021773}\InprocServer32 Medium
BingoFun Games HKCR\CLSID\{154C4803-8666-11D1-B4CE-000001021773}\ProgID Medium
BingoFun Games HKCR\CLSID\{154C4803-8666-11D1-B4CE-000001021773}\Programmable Medium
BingoFun Games HKCR\CLSID\{154C4803-8666-11D1-B4CE-000001021773}\VersionIndependentProgID Medium
BingoFun Games HKLM\Software\Classes\CLSID\{154C4803-8666-11D1-B4CE-000001021773} Medium
BingoFun Games HKLM\Software\Classes\CLSID\{154C4803-8666-11D1-B4CE-000001021773}\InprocServer32 Medium
BingoFun Games HKLM\Software\Classes\CLSID\{154C4803-8666-11D1-B4CE
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP