Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

web-nexus removal


  • Please log in to reply

#1
quant65

quant65

    New Member

  • Member
  • Pip
  • 6 posts
from track-voo script
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ADUserMon"="C:\\Program Files\\Iomega\\AutoDisk\\ADUserMon.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"Deskup"="C:\\Program Files\\Iomega\\DriveIcons\\deskup.exe /IMGSTART"
"noC="="c:\\windows\\mrjj.exe"
"F ma"="C:\\windows\\mrjj.exe"
"winsync"="C:\\WINDOWS\\system32\\wyoqrc.exe reg_run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ALZip
{4EB37360-49E8-11D3-95B5-004033382980}
C:\PROGRA~1\ESTsoft\ALZip\AZCTM.DLL

Subkey --- fgkstxgt
{11d33f69-5052-4d86-bebb-c398f900b184}
C:\WINDOWS\system32\fgkqr.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

Subkey --- WinRAR



Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

DESKTOP.INI
==============================
C:\Documents and Settings\melvin\Start Menu\Programs\Startup

DESKTOP.INI
DESKTOP.INI
==============================
C:\WINDOWS\SYSTEM32 cpl files


access.cpl Microsoft Corporation
ADPanel.cpl Iomega Corporation
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
igfxcpl.cpl Intel Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems
MAIN.CPL Microsoft Corporation
mmsys.cpl Microsoft Corporation
NCPA.CPL Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
NWC.CPL Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
PRApplet.cpl Intel® Corporation
QTW32.CPL Apple Computer, Inc.
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
timedate.cpl Microsoft Corporation
vgactl.cpl
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

from winp scan
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 11/21/2005 11:51:34 PM 89623 C:\WINDOWS\noC=.exe
66.63.167.77 12/1/2005 7:24:32 PM 3952501 C:\WINDOWS\pfirewall.log
PTech 11/21/2005 11:51:18 PM 5632 C:\WINDOWS\pi1_25.exe
UPX! 11/21/2005 11:51:22 PM 226536 C:\WINDOWS\whCC-GIANT.exe

Checking %System% folder...
PEC2 3/19/2004 4:35:10 PM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 10/26/2004 4:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/26/2004 4:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 7/12/2005 5:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 11/1/2005 11:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/1/2005 11:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/19/2004 4:44:18 PM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/1/2005 7:26:58 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
11/28/2005 10:16:48 PM H 54156 C:\WINDOWS\QTFont.qfn
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/4/2005 7:17:40 PM S 21737 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
12/1/2005 7:26:48 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
12/1/2005 7:27:34 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
12/1/2005 7:27:02 PM H 12288 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
12/1/2005 7:30:20 PM H 69632 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
12/1/2005 7:27:12 PM H 1118208 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
11/10/2005 7:22:16 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
12/1/2005 7:25:50 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Iomega Corporation 9/24/2002 3:44:10 PM 151552 C:\WINDOWS\SYSTEM32\ADPanel.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 1/23/2005 9:33:44 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 11/19/2003 4:48:12 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/19/2004 4:38:44 PM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/19/2004 4:40:24 PM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 3/19/2004 4:41:00 PM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel® Corporation 3/2/2004 10:39:06 AM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Apple Computer, Inc. 8/26/1996 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
Apple Computer, Inc. 1/6/2004 4:02:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 3/19/2004 4:43:36 PM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
11/30/2005 5:36:16 PM 87552 C:\WINDOWS\SYSTEM32\vgactl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 2/10/2004 10:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/20/2004 11:58:38 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
12/1/2005 6:10:48 PM 227840 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xpqw.exe

Checking files in %ALLUSERSPROFILE%\Application Data folder...
3/20/2004 11:50:30 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
3/20/2004 11:58:38 AM HS 84 C:\Documents and Settings\melvin\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
3/20/2004 11:50:30 AM HS 62 C:\Documents and Settings\melvin\Application Data\DESKTOP.INI

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ALZip
{4EB37360-49E8-11D3-95B5-004033382980} = C:\PROGRA~1\ESTsoft\ALZip\AZCTM.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fgkstxgt
{11d33f69-5052-4d86-bebb-c398f900b184} = C:\WINDOWS\system32\fgkqr.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ALZip
{4EB37360-49E8-11D3-95B5-004033382980} = C:\PROGRA~1\ESTsoft\ALZip\AZCTM.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ALZip
{4EB37360-49E8-11D3-95B5-004033382980} = C:\PROGRA~1\ESTsoft\ALZip\AZCTM.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
= C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
ButtonText = PartyPoker.com : C:\Program Files\PartyPoker\PartyPoker.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}
ButtonText = MUSICMATCH MX Web Player :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
ADUserMon C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
Iomega Drive Icons C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
Deskup C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
noC= c:\windows\mrjj.exe
F ma C:\windows\mrjj.exe
winsync C:\WINDOWS\system32\wyoqrc.exe reg_run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader.exe
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup C:\WINDOWS\pss\Billminder.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Quicken\billmind.exe -startup
item Billminder
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup C:\WINDOWS\pss\Billminder.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Quicken\billmind.exe -startup
item Billminder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Carlin Financial Group Carlin Equities VPN Client.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Carlin Financial Group Carlin Equities VPN Client.lnk
backup C:\WINDOWS\pss\Carlin Financial Group Carlin Equities VPN Client.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\CARLIN~2\VPNCLI~1\vpngui.exe "-user_logon"
item Carlin Financial Group Carlin Equities VPN Client
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Carlin Financial Group Carlin Equities VPN Client.lnk
backup C:\WINDOWS\pss\Carlin Financial Group Carlin Equities VPN Client.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\CARLIN~2\VPNCLI~1\vpngui.exe "-user_logon"
item Carlin Financial Group Carlin Equities VPN Client

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Quicken\bagent.exe
item Quicken Scheduled Updates
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Quicken\bagent.exe
item Quicken Scheduled Updates

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Quicken\QWDLLS.EXE
item Quicken Startup
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Quicken\QWDLLS.EXE
item Quicken Startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataLayer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DataLayer
hkey HKLM
command C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DataLayer
hkey HKLM
command C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dla
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tfswctrl
hkey HKLM
command C:\WINDOWS\system32\dla\tfswctrl.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tfswctrl
hkey HKLM
command C:\WINDOWS\system32\dla\tfswctrl.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DVDLauncher
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DVDLauncher
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DVDLauncher
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\system32\hkcmd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\system32\hkcmd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\system32\igfxtray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\system32\igfxtray.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MimBoot
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mimboot
hkey HKLM
command C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mimboot
hkey HKLM
command C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mnyexpr
hkey HKCU
command "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mnyexpr
hkey HKCU
command "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCMService
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PCMService
hkey HKLM
command "C:\Program Files\Dell\Media Experience\PCMService.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PCMService
hkey HKLM
command "C:\Program Files\Dell\Media Experience\PCMService.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSuiteTrayApplication
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LaunchApplication
hkey HKLM
command C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LaunchApplication
hkey HKLM
command C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PcSync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PcSync2
hkey HKCU
command C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PcSync2
hkey HKCU
command C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateManager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sgtray
hkey HKLM
command "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sgtray
hkey HKLM
command "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/1/2005 7:35:35 PM

--
what now ?????
--
  • 0

Advertisements


#2
quant65

quant65

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
please close this
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP