If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Vundo Infection [CLOSED] [RESOLVED]
Started by
Rachel Chipman
, Feb 05 2008 10:14 AM
#16
Posted 12 March 2008 - 05:58 PM
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
#17
Posted 13 March 2008 - 03:23 PM
Post the logs please
#18
Posted 13 March 2008 - 03:58 PM
Thank you for your patience.
DrvIconQuery Log:
Report
03/13/2008 17:54:11.76
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
IconUnderline REG_NONE 03000000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarSizeMove REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Type REG_SZ group
Text REG_SZ @shell32.dll,-30498
Bitmap REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,4
HelpID REG_SZ shell.hlp#51140
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30506
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ClassicViewState
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51076
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons
Text REG_SZ @shell32.dll,-30497
Type REG_SZ checkbox
ValueName REG_SZ {21EC2020-3AEA-1069-A2DD-08002B30309D}
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x1
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51150
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30507
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ SeparateProcess
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51079
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30517
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ DisableThumbnailCache
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51155
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30514
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ FolderContentsInfoTip
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30511
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ FriendlyTree
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51149
DefaultValue REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
Text REG_SZ @shell32.dll,-30499
Type REG_SZ group
Bitmap REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,4
HelpID REG_SZ shell.hlp#51131
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Text REG_SZ @shell32.dll,-30501
Type REG_SZ radio
CheckedValue REG_DWORD 0x2
ValueName REG_SZ Hidden
DefaultValue REG_DWORD 0x2
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51104
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Text REG_SZ @shell32.dll,-30500
Type REG_SZ radio
CheckedValue REG_DWORD 0x1
ValueName REG_SZ Hidden
DefaultValue REG_DWORD 0x2
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51105
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30503
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ HideFileExt
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30509
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ NoNetCrawling
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51147
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30513
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ PersistBrowsers
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51152
DefaultValue REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30512
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowCompColor
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51130
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30504
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
ValueName REG_SZ FullPath
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30505
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
ValueName REG_SZ FullPathAddress
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51107
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30502
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowInfoTip
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51102
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30508
WarningIfNotDefault REG_SZ @shell32.dll,-28964
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowSuperHidden
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30510
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ WebViewBarricade
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51148
DefaultValue REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\15
RegisteredApp REG_SZ Mail
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\16
Association REG_SZ .cda
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17
ShellExecute REG_SZ ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\18
ShellExecute REG_SZ calc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\7
Association REG_SZ http
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations
XMLLookup REG_SZ http://shell.windows...ass...x&Ext=%s
Application REG_SZ http://shell.windows...edir.asp?Ext=%s
intl REG_SZ http://shell.windows...ass...x&Ext=%s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID
2AF30D99-133E-421F-895A-150C432F46AC REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files
*setup*.exe REG_SZ
*instal*.exe REG_SZ
*setup*.bat REG_SZ
*instal*.bat REG_SZ
*setup*.cmd REG_SZ
*instal*.cmd REG_SZ
*setup*.com REG_SZ
*instal*.com REG_SZ
Y?kle* REG_SZ
Felrak.exe REG_SZ
Imposta.exe REG_SZ
KUR.exe REG_SZ
Ayarla.exe REG_SZ
sfc2.ico REG_SZ
evanims REG_SZ
00000001.tmp REG_SZ
updmoney.exe REG_SZ
hs\media\y\11399\11399_cd_fp.jpg REG_SZ
hs\media\y\9953\9953_cd_fp.jpg REG_SZ
hs\media\y\9951\9951_cd_fp.jpg REG_SZ
hs\media\y\9964\9964_cd_fp.jpg REG_SZ
hs\media\y\9968\9968_cd_fp.jpg REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-225
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers\MediaArrival
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\FriendlyName
Content REG_SZ music files
IconLabel REG_SZ Music files (WMA/MP3)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler
DefaultIcon REG_EXPAND_SZ shimgvw.dll,3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\DeviceArrival
ShowPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\MediaArrival
ShowPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\FriendlyName
Content REG_SZ picture files
IconLabel REG_SZ Pictures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers\MediaArrival
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\FriendlyName
Content REG_SZ video files
IconLabel REG_SZ Video
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\MusicFilesContentSniffer
ContentTypeHandler REG_SZ MusicFilesContentHandler
RelPattern REG_MULTI_SZ *.wma\0HIFI\*\*.wma\0*.mp3\0HIFI\*\*.mp3\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\PicturesContentSniffer
ContentTypeHandler REG_SZ PicturesContentHandler
RelPattern REG_MULTI_SZ *.bmp\0DCIM\*\*.bmp\0*.jpg\0DCIM\*\*.jpg\0*.gif\0DCIM\*\*.gif\0DC*\*.jpg\0*.tif\0MSSONY\*\*.tif\0IM*\*.jpg\0CAMERA01\*.jpg\0DC*\BR*\*.jpg\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer
ContentTypeHandler REG_SZ VideoFilesContentHandler
RelPattern REG_MULTI_SZ *.mpg\0VIDEO\*.mpg\0*.mpeg\0VIDEO\*.mpeg\0*.asf\0VIDEO\*.asf\0MSSONY\*\*.mpg\0MSSONY\*\*.mpeg\0*.wmv\0VIDEO\*.wmv\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{CC7BFB41-F175-11D1-A392-00E0291F3959}
DeviceHandlers REG_SZ VideoCameraDeviceHandler
Label REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61827
Icons REG_MULTI_SZ C:\WINDOWS\System32\shell32.dll,-317\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Camera
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-309\0\0
Label REG_SZ Digital Camera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CellPhone
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-310\0\0
Label REG_SZ Cell Phone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CFStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-303\0\0
Label REG_SZ CompactFlash Reader/Writer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ClikDrive
Label REG_SZ Clik! Drive
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\FaxDevice
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-196\0\0
Label REG_SZ Fax Machine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ImageMate
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-229\0\0
NoMediaIcons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-229\0\0
Label REG_SZ ImageMate
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\JazDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-312\0\0
Label REG_SZ Jaz Drive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-305\0\0
Label REG_SZ Memory Stick
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick-MG
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-233\0\0
Label REG_SZ Memory Stick - MG
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\OpticalDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-301\0\0
Label REG_SZ Optical Drive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PCMCIAStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-306\0\0
Label REG_SZ PCMCIA Storage Device
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PocketPC
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-314\0\0
Label REG_SZ Pocket PC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PortableAudioPlayer
Label REG_SZ Portable Audio Player
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-299\0\0
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Printer
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-17\0\0
Label REG_SZ Printer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Scanner
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-315\0\0
Label REG_SZ Scanner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\SMStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-308\0\0
Label REG_SZ SmartMedia Reader/Writer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\TapeDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-300\0\0
Label REG_SZ Tape Drive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\VideoCamera
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-317\0\0
Label REG_SZ Digital Video Camera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive100
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-230\0\0
Label REG_SZ Zip Drive 100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive250
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-230\0\0
Label REG_SZ Zip Drive 250
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\ContentTypes
MusicFilesContentSniffer REG_SZ
PicturesContentSniffer REG_SZ
VideoFilesContentSniffer REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceArrival
GenericVolumeArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArrival
GenericVolumeArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers\DeviceArrival
VideoCameraArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\AutorunINFLegacyArrival
MSOpenFolder REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\GenericVolumeArrival
MSGenericVolumeArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\HandleCDBurningOnArrival
MSCDBurningOnArrival REG_SZ
MMJBAutoplayBURNERPLUS REG_SZ
MSWMPBurnCDOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival
MSOpenFolder REG_SZ
Picasa2ImportPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival
MSPlayCDAudioOnArrival REG_SZ
MSOpenFolder REG_SZ
PCinemaPlayCDAudioOnArrival REG_SZ
MMJBPlayCDAudioOnArrival REG_SZ
MSRipCDAudioOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival
MSPlayDVDMovieOnArrival REG_SZ
MSOpenFolder REG_SZ
PCinemaPlayDVDMovieOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival
MSOpenFolder REG_SZ
MSPlayMediaOnArrival REG_SZ
MMJBPlayMediaOnArrival REG_SZ
OlyCamediaAutoplay1 REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival
MSOpenFolder REG_SZ
MSPlayMediaOnArrival REG_SZ
OlyCamediaAutoplay1 REG_SZ
Picasa2ImportPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival
MSWiaEventHandler REG_SZ
MSShowPicturesOnArrival REG_SZ
MSPrintPicturesOnArrival REG_SZ
MSOpenFolder REG_SZ
Jasc Paint Shop Photo AlbumShowPicturesOnArrivalHandler REG_SZ
OlyCamediaAutoplay1 REG_SZ
Picasa2ImportPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\VideoCameraArrival
MSVideoCameraArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\Jasc Paint Shop Photo AlbumShowPicturesOnArrivalHandler
Action REG_SZ View pictures on removable media
DefaultIcon REG_SZ C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe,0
InvokeProgID REG_SZ JascPaintShopPhotoAlbumAlbum
InvokeVerb REG_SZ OpenPCCard
Provider REG_SZ Jasc Paint Shop Photo Album
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBAutoplayBURNERPLUS
Action REG_SZ Burn CD
Provider REG_SZ MUSICMATCH Burner Plus
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe, 0
InvokeProgID REG_SZ MMJB.BURN
InvokeVerb REG_SZ Burn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBPlayCDAudioOnArrival
Action REG_SZ Play Audio CD
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe,0
InvokeVerb REG_SZ Play
Provider REG_SZ MUSICMATCH Jukebox
InvokeProgID REG_SZ MMJB.AUDIOCD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBPlayMediaOnArrival
Action REG_SZ Play
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe,0
InvokeVerb REG_SZ Play
Provider REG_SZ MUSICMATCH Jukebox
InvokeProgID REG_SZ MMJB.MMJB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSCDBurningOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-5
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17169
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17170
InvokeProgID REG_SZ Folder
InvokeVerb REG_SZ open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSOpenFolder
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-5
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17154
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17155
InvokeProgID REG_SZ Folder
InvokeVerb REG_SZ open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival
Action REG_SZ @wmploc.dll,-6503
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.AudioCD
InvokeVerb REG_SZ play
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival
Action REG_SZ @wmploc.dll,-6504
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.DVD
InvokeVerb REG_SZ play
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayMediaOnArrival
Action REG_SZ @wmploc.dll,-1800
Provider REG_SZ @wmploc.dll,-6502
InvokeProgid REG_SZ WMP.PlayMedia
InvokeVerb REG_SZ play
DefaultIcon REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPrintPicturesOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-17
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17158
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17159
InvokeProgID REG_SZ Applications\shimgvw.dll
InvokeVerb REG_SZ print
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTime
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-3
Action REG_SZ Prompt each time
Provider REG_SZ Windows Explorer
ProgID REG_SZ Shell.Autoplay
InitCmdLine REG_SZ PromptEachTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTimeNoContent
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-3
Action REG_SZ Prompt each time - No Content
Provider REG_SZ Windows Explorer
ProgID REG_SZ Shell.Autoplay
InitCmdLine REG_SZ PromptEachTimeNoContent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival
Action REG_SZ @wmploc.dll,-6506
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.RipCD
InvokeVerb REG_SZ Rip
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSShowPicturesOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-249
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17156
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17157
InvokeProgID REG_SZ Shell.AutoplayForSlideShow.1
InvokeVerb REG_SZ open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSTakeNoAction
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-338
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17168
Provider REG_SZ <TakeNoAction>
ProgID REG_SZ Shell.AutoplaySpecial
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSVideoCameraArrival
InitCmdLine REG_SZ "C:\Program Files\Movie Maker\moviemk.exe" /RECORD
ProgID REG_SZ Shell.HWEventHandlerShellExecute
DefaultIcon REG_SZ C:\Program Files\Movie Maker\moviemk.exe,0
CLSIDForCancel REG_SZ {AB007EC8-E2D4-4664-ACD9-1D059681F3DE}
Action REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61826
Provider REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61424
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWiaEventHandler
ProgID REG_SZ WiaDevMgr
Action REG_SZ @%systemroot%\System32\wiaacmgr.exe,-276
Provider REG_SZ @%systemroot%\System32\wiaacmgr.exe,-101
DefaultIcon REG_EXPAND_SZ %systemroot%\System32\wiaacmgr.exe,-2
InvokeProgID REG_SZ WIA.AutoplayDropHandler.1
InvokeVerb REG_SZ open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler
Action REG_SZ Transfer Files
CLSIDForCancel REG_SZ {91778246-9BE4-4713-A651-E833B853CC30}
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
InitCmdLine REG_EXPAND_SZ "%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:3 /task:PortableDevice
ProgID REG_SZ Shell.HWEventHandlerShellExecute
Provider REG_SZ @wmploc.dll,-6502
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival
Action REG_SZ @wmploc.dll,-6505
Provider REG_SZ @wmploc.dll,-6502
InvokeProgid REG_SZ WMP.BurnCD
InvokeVerb REG_SZ Burn
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\OlyCamediaAutoplay1
Action REG_SZ Launch CAMEDIA Master
Provider REG_SZ OLYMPUS CAMEDIA Master
DefaultIcon REG_SZ C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\AutoPlay.dll,0
InvokeProgID REG_SZ OLY.Autoplay1
InvokeVerb REG_SZ Play
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\PCinemaPlayCDAudioOnArrival
Action REG_SZ Play audio CD
DefaultIcon REG_SZ C:\Program Files\Dell\Media Experience\PCM2.exe,0
InvokeProgID REG_SZ AudioCD
InvokeVerb REG_SZ PlayWithPowerCinema
Provider REG_SZ Media Experience
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\PCinemaPlayDVDMovieOnArrival
Action REG_SZ Play DVD video
DefaultIcon REG_SZ C:\Program Files\Dell\Media Experience\PCM2.exe,0
InvokeProgID REG_SZ DVD
InvokeVerb REG_SZ PlayWithPowerCinema
Provider REG_SZ Media Experience
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\Picasa2ImportPicturesOnArrival
Action REG_SZ Copy pictures to your computer and view them
DefaultIcon REG_SZ C:\Program Files\Picasa2\Picasa2.exe
InvokeProgID REG_SZ picasa2.autoplay
InvokeVerb REG_SZ import
Provider REG_SZ Picasa2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
UseGlobalSettings REG_DWORD 0x1
Percent REG_DWORD 0xa
NukeOnDelete REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c
VolumeSerialNumber REG_DWORD 0x4687547
IsUnicode REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
BrowseNewProcess REG_SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
NoExplorer REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}
<NO NAME> REG_SZ McAntiPhishingBHO
NoExplorer REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
NoExplorer REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
<NO NAME> REG_SZ scriptproxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}
NoExplorer REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\AudioBurnHandlers
<NO NAME> REG_SZ {8dd448e6-c188-4aed-af92-44956194eb1f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\AudioBurnHandlers\{8dd448e6-c188-4aed-af92-44956194eb1f}
verb REG_SZ WMPBurnAsAudioCD
SupportedFileTypes REG_SZ *.WMA;*.MP3;*.WAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\ExcludedFS
UDF REG_SZ
CDUDF REG_SZ
CDUDFRW REG_SZ
UDFREADR REG_SZ
UDF1.50 REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\Flags
desk.cpl REG_DWORD 0x1
access.cpl REG_DWORD 0x1
hdwwiz.cpl REG_DWORD 0x1
keymgr.cpl REG_DWORD 0x1
inetcpl.cpl REG_DWORD 0x1
joy.cpl REG_DWORD 0x1
main.cpl REG_DWORD 0x1
intl.cpl REG_DWORD 0x1
mmsys.cpl REG_DWORD 0x1
sapi.cpl REG_DWORD 0x1
sysdm.cpl REG_DWORD 0x1
telephon.cpl REG_DWORD 0x1
timedate.cpl REG_DWORD 0x1
powercfg.cpl REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Accessibility_Options
IconIndex REG_DWORD 0x6e
Info REG_SZ Customizes accessibility features for your computer.
Module REG_EXPAND_SZ %SystemRoot%\system32\access.cpl
Name REG_SZ Accessibility Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Add-Remove_Programs
IconIndex REG_DWORD 0x5dc
Info REG_SZ Installs and removes programs and Windows components.
Module REG_EXPAND_SZ %SystemRoot%\system32\appwiz.cpl
Name REG_SZ Add/Remove Programs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Date-Time
IconIndex REG_DWORD 0xc8
Info REG_SZ Changes date, time, and time-zone information.
Module REG_EXPAND_SZ %SystemRoot%\system32\timedate.cpl
Name REG_SZ Date/Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Dialing_Options
IconIndex REG_DWORD 0x64
Info REG_SZ Configures telephone dialing rules for your location.
Module REG_EXPAND_SZ %SystemRoot%\system32\telephon.cpl
Name REG_SZ Dialing Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Display_Properties
IconIndex REG_DWORD 0x64
Info REG_SZ Customizes your desktop display and screen saver.
Module REG_EXPAND_SZ %SystemRoot%\system32\desk.cpl
Name REG_SZ Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Internet_Options
IconIndex REG_DWORD 0x1187
Info REG_SZ Configures your Internet display and connections settings.
Module REG_EXPAND_SZ %SystemRoot%\system32\inetcpl.cpl
Name REG_SZ Internet Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Printers
IconIndex REG_DWORD 0x12c
Info REG_SZ Adds, removes and changes settings for printers.
Module REG_EXPAND_SZ %SystemRoot%\system32\main.cpl
Name REG_SZ Printers and Faxes
<NO NAME> REG_SZ {2227A280-3AEA-1069-A2DE-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
<NO NAME> REG_SZ Taskbar and Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
<NO NAME> REG_SZ Folder Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
<NO NAME> REG_SZ Network Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524152}
<NO NAME> REG_SZ Fonts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}
<NO NAME> REG_SZ Administrative Tools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
<NO NAME> REG_SZ Scheduled Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{E211B736-43FD-11D1-9EFB-0000F8757FCD}
<NO NAME> REG_SZ Scanners & Cameras
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}
<NO NAME> REG_SZ Computer Search Results Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
<NO NAME> REG_SZ
Removal Message REG_SZ @mydocs.dll,-900
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
<NO NAME> REG_SZ Recycle Bin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}
<NO NAME> REG_SZ Search Results Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths
Owner REG_SZ C:\Documents and Settings\Owner\My Documents
Rwchipman REG_SZ C:\Documents and Settings\Rwchipman\My Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon
<NO NAME> REG_SZ %SystemRoot%\system32\shell32.dll,131
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
KillList REG_SZ %1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rund
ll32.exe;taskman.exe;bck32api.dll;
CutList REG_MULTI_SZ Application File\0MFC Application\0\0
AddRemoveApps REG_SZ SETUP.EXE;INSTALL.EXE;ISUNINST.EXE;UNWISE.EXE;UNWISE32.EXE;ST5UNST.EXE;RUNDLL32.
EXE;MSOOBE.EXE;LNKSTUB.EXE
AddRemoveNames REG_SZ Documentation;Help;Install;More Info;Readme;Read me;Read First;Setup;Support;What's New;Remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\ShellFindInDirectory
<NO NAME> REG_SZ {F020E586-5264-11d1-A532-0000F8757D7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\QuickFinderMenu
<NO NAME> REG_SZ {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\QuickFinderMenu\0
<NO NAME> REG_SZ using &QuickFinder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\QuickFinderMenu\0\DefaultIcon
<NO NAME> REG_SZ c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch
<NO NAME> REG_SZ {169A0691-8DF9-11d1-A1C4-00C04FD75D13}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0
<NO NAME> REG_SZ For &Files or Folders...
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23232
RunInProcess REG_SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-134
HotIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-50
GrayIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-51
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\HelpText
<NO NAME> REG_SZ Search for files or folders
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23296
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\SearchGUID
<NO NAME> REG_SZ {169A0691-8DF9-11d1-A1C4-00C04FD75D13}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\SearchGUID\UrlNavNew
<NO NAME> REG_EXPAND_SZ ::{e17d4fc0-5564-11d1-83f2-00a0c90dc849}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1
<NO NAME> REG_SZ For &Computers
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23233
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-135
HotIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-52
GrayIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-53
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\HelpText
<NO NAME> REG_SZ Search for computers on the network
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23297
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\SearchGUID
<NO NAME> REG_SZ {996E1EB1-B524-11d1-9120-00A0C98BA67D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\SearchGUID\UrlNavNew
<NO NAME> REG_EXPAND_SZ ::{1f4de370-d627-11d1-ba4f-00a0c91eedba}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2
<NO NAME> REG_SZ For &Printer
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23234
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-135
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\HelpText
<NO NAME> REG_SZ Search for a printer
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23298
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\SearchGUID
<NO NAME> REG_SZ {D515F311-B78B-11d1-9123-00A0C98BA67D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind
<NO NAME> REG_SZ {32714800-2E5F-11d0-8B85-00AA0044F941}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind\0
<NO NAME> REG_SZ For &People...
LocalizedString REG_SZ @C:\Program Files\Common Files\System\wab32res.dll,-1646
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind\0\DefaultIcon
<NO NAME> REG_SZ C:\Program Files\Outlook Express\wabfind.dll, 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch
<NO NAME> REG_SZ {07798131-AF23-11d1-9111-00A0C98BA67D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0
<NO NAME> REG_SZ On the &Internet...
LocalizedString REG_SZ @browselc.dll,-13060
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\shdocvw.dll,-111
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0\HelpText
<NO NAME> REG_SZ Search the web
LocalizedString REG_SZ @browselc.dll,-13061
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu
{871C5380-42A0-1069-A2EA-08002B30309D}.default REG_SZ 0
{871C5380-42A0-1069-A2EA-08002B30309D} REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel
{20D04FE0-3AEA-1069-A2D8-08002B30309D} REG_DWORD 0x1
{450D8FBA-AD25-11D0-98A8-0800361B1103} REG_DWORD 0x1
{208D2C60-3AEA-1069-A2D7-08002B30309D} REG_DWORD 0x1
{871C5380-42A0-1069-A2EA-08002B30309D} REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons
{21EC2020-3AEA-1069-A2DD-08002B30309D} REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\cleanuppath
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\cleanmgr.exe /D %c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
<NO NAME> REG_EXPAND_SZ %systemroot%\system32\dfrg.msc %c:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\Controls
<NO NAME> REG_SZ {21EC2020-3AEA-1069-A2DD-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee}
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{E211B736-43FD-11D1-9EFB-0000F8757FCD}
<NO NAME> REG_SZ Scanners & Cameras
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler
CLSID REG_SZ {72b3882f-453a-4633-aac9-8c3dced62aff}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\DelegateFolders\{9DB7A13C-F208-4981-8353-73CC61AE2783}
<NO NAME>
DrvIconQuery Log:
Report
03/13/2008 17:54:11.76
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
IconUnderline REG_NONE 03000000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarSizeMove REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Type REG_SZ group
Text REG_SZ @shell32.dll,-30498
Bitmap REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,4
HelpID REG_SZ shell.hlp#51140
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30506
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ClassicViewState
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51076
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons
Text REG_SZ @shell32.dll,-30497
Type REG_SZ checkbox
ValueName REG_SZ {21EC2020-3AEA-1069-A2DD-08002B30309D}
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x1
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51150
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30507
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ SeparateProcess
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51079
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30517
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ DisableThumbnailCache
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51155
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30514
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ FolderContentsInfoTip
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30511
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ FriendlyTree
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51149
DefaultValue REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
Text REG_SZ @shell32.dll,-30499
Type REG_SZ group
Bitmap REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,4
HelpID REG_SZ shell.hlp#51131
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Text REG_SZ @shell32.dll,-30501
Type REG_SZ radio
CheckedValue REG_DWORD 0x2
ValueName REG_SZ Hidden
DefaultValue REG_DWORD 0x2
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51104
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Text REG_SZ @shell32.dll,-30500
Type REG_SZ radio
CheckedValue REG_DWORD 0x1
ValueName REG_SZ Hidden
DefaultValue REG_DWORD 0x2
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51105
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30503
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ HideFileExt
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30509
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ NoNetCrawling
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51147
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30513
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ PersistBrowsers
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51152
DefaultValue REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30512
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowCompColor
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51130
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30504
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
ValueName REG_SZ FullPath
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30505
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
ValueName REG_SZ FullPathAddress
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51107
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30502
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowInfoTip
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51102
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30508
WarningIfNotDefault REG_SZ @shell32.dll,-28964
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowSuperHidden
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30510
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ WebViewBarricade
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51148
DefaultValue REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\15
RegisteredApp REG_SZ Mail
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\16
Association REG_SZ .cda
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17
ShellExecute REG_SZ ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\18
ShellExecute REG_SZ calc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\7
Association REG_SZ http
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations
XMLLookup REG_SZ http://shell.windows...ass...x&Ext=%s
Application REG_SZ http://shell.windows...edir.asp?Ext=%s
intl REG_SZ http://shell.windows...ass...x&Ext=%s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID
2AF30D99-133E-421F-895A-150C432F46AC REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files
*setup*.exe REG_SZ
*instal*.exe REG_SZ
*setup*.bat REG_SZ
*instal*.bat REG_SZ
*setup*.cmd REG_SZ
*instal*.cmd REG_SZ
*setup*.com REG_SZ
*instal*.com REG_SZ
Y?kle* REG_SZ
Felrak.exe REG_SZ
Imposta.exe REG_SZ
KUR.exe REG_SZ
Ayarla.exe REG_SZ
sfc2.ico REG_SZ
evanims REG_SZ
00000001.tmp REG_SZ
updmoney.exe REG_SZ
hs\media\y\11399\11399_cd_fp.jpg REG_SZ
hs\media\y\9953\9953_cd_fp.jpg REG_SZ
hs\media\y\9951\9951_cd_fp.jpg REG_SZ
hs\media\y\9964\9964_cd_fp.jpg REG_SZ
hs\media\y\9968\9968_cd_fp.jpg REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-225
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers\MediaArrival
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\FriendlyName
Content REG_SZ music files
IconLabel REG_SZ Music files (WMA/MP3)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler
DefaultIcon REG_EXPAND_SZ shimgvw.dll,3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\DeviceArrival
ShowPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\MediaArrival
ShowPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\FriendlyName
Content REG_SZ picture files
IconLabel REG_SZ Pictures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers\MediaArrival
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\FriendlyName
Content REG_SZ video files
IconLabel REG_SZ Video
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\MusicFilesContentSniffer
ContentTypeHandler REG_SZ MusicFilesContentHandler
RelPattern REG_MULTI_SZ *.wma\0HIFI\*\*.wma\0*.mp3\0HIFI\*\*.mp3\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\PicturesContentSniffer
ContentTypeHandler REG_SZ PicturesContentHandler
RelPattern REG_MULTI_SZ *.bmp\0DCIM\*\*.bmp\0*.jpg\0DCIM\*\*.jpg\0*.gif\0DCIM\*\*.gif\0DC*\*.jpg\0*.tif\0MSSONY\*\*.tif\0IM*\*.jpg\0CAMERA01\*.jpg\0DC*\BR*\*.jpg\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer
ContentTypeHandler REG_SZ VideoFilesContentHandler
RelPattern REG_MULTI_SZ *.mpg\0VIDEO\*.mpg\0*.mpeg\0VIDEO\*.mpeg\0*.asf\0VIDEO\*.asf\0MSSONY\*\*.mpg\0MSSONY\*\*.mpeg\0*.wmv\0VIDEO\*.wmv\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{CC7BFB41-F175-11D1-A392-00E0291F3959}
DeviceHandlers REG_SZ VideoCameraDeviceHandler
Label REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61827
Icons REG_MULTI_SZ C:\WINDOWS\System32\shell32.dll,-317\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Camera
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-309\0\0
Label REG_SZ Digital Camera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CellPhone
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-310\0\0
Label REG_SZ Cell Phone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CFStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-303\0\0
Label REG_SZ CompactFlash Reader/Writer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ClikDrive
Label REG_SZ Clik! Drive
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\FaxDevice
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-196\0\0
Label REG_SZ Fax Machine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ImageMate
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-229\0\0
NoMediaIcons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-229\0\0
Label REG_SZ ImageMate
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\JazDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-312\0\0
Label REG_SZ Jaz Drive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-305\0\0
Label REG_SZ Memory Stick
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick-MG
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-233\0\0
Label REG_SZ Memory Stick - MG
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\OpticalDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-301\0\0
Label REG_SZ Optical Drive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PCMCIAStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-306\0\0
Label REG_SZ PCMCIA Storage Device
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PocketPC
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-314\0\0
Label REG_SZ Pocket PC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PortableAudioPlayer
Label REG_SZ Portable Audio Player
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-299\0\0
NoSoftEject REG_SZ 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Printer
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-17\0\0
Label REG_SZ Printer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Scanner
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-315\0\0
Label REG_SZ Scanner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\SMStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-308\0\0
Label REG_SZ SmartMedia Reader/Writer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\TapeDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-300\0\0
Label REG_SZ Tape Drive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\VideoCamera
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-317\0\0
Label REG_SZ Digital Video Camera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive100
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-230\0\0
Label REG_SZ Zip Drive 100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive250
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-230\0\0
Label REG_SZ Zip Drive 250
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\ContentTypes
MusicFilesContentSniffer REG_SZ
PicturesContentSniffer REG_SZ
VideoFilesContentSniffer REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceArrival
GenericVolumeArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArrival
GenericVolumeArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers\DeviceArrival
VideoCameraArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\AutorunINFLegacyArrival
MSOpenFolder REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\GenericVolumeArrival
MSGenericVolumeArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\HandleCDBurningOnArrival
MSCDBurningOnArrival REG_SZ
MMJBAutoplayBURNERPLUS REG_SZ
MSWMPBurnCDOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival
MSOpenFolder REG_SZ
Picasa2ImportPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival
MSPlayCDAudioOnArrival REG_SZ
MSOpenFolder REG_SZ
PCinemaPlayCDAudioOnArrival REG_SZ
MMJBPlayCDAudioOnArrival REG_SZ
MSRipCDAudioOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival
MSPlayDVDMovieOnArrival REG_SZ
MSOpenFolder REG_SZ
PCinemaPlayDVDMovieOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival
MSOpenFolder REG_SZ
MSPlayMediaOnArrival REG_SZ
MMJBPlayMediaOnArrival REG_SZ
OlyCamediaAutoplay1 REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival
MSOpenFolder REG_SZ
MSPlayMediaOnArrival REG_SZ
OlyCamediaAutoplay1 REG_SZ
Picasa2ImportPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival
MSWiaEventHandler REG_SZ
MSShowPicturesOnArrival REG_SZ
MSPrintPicturesOnArrival REG_SZ
MSOpenFolder REG_SZ
Jasc Paint Shop Photo AlbumShowPicturesOnArrivalHandler REG_SZ
OlyCamediaAutoplay1 REG_SZ
Picasa2ImportPicturesOnArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\VideoCameraArrival
MSVideoCameraArrival REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\Jasc Paint Shop Photo AlbumShowPicturesOnArrivalHandler
Action REG_SZ View pictures on removable media
DefaultIcon REG_SZ C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe,0
InvokeProgID REG_SZ JascPaintShopPhotoAlbumAlbum
InvokeVerb REG_SZ OpenPCCard
Provider REG_SZ Jasc Paint Shop Photo Album
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBAutoplayBURNERPLUS
Action REG_SZ Burn CD
Provider REG_SZ MUSICMATCH Burner Plus
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe, 0
InvokeProgID REG_SZ MMJB.BURN
InvokeVerb REG_SZ Burn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBPlayCDAudioOnArrival
Action REG_SZ Play Audio CD
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe,0
InvokeVerb REG_SZ Play
Provider REG_SZ MUSICMATCH Jukebox
InvokeProgID REG_SZ MMJB.AUDIOCD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBPlayMediaOnArrival
Action REG_SZ Play
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe,0
InvokeVerb REG_SZ Play
Provider REG_SZ MUSICMATCH Jukebox
InvokeProgID REG_SZ MMJB.MMJB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSCDBurningOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-5
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17169
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17170
InvokeProgID REG_SZ Folder
InvokeVerb REG_SZ open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSOpenFolder
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-5
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17154
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17155
InvokeProgID REG_SZ Folder
InvokeVerb REG_SZ open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival
Action REG_SZ @wmploc.dll,-6503
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.AudioCD
InvokeVerb REG_SZ play
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival
Action REG_SZ @wmploc.dll,-6504
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.DVD
InvokeVerb REG_SZ play
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayMediaOnArrival
Action REG_SZ @wmploc.dll,-1800
Provider REG_SZ @wmploc.dll,-6502
InvokeProgid REG_SZ WMP.PlayMedia
InvokeVerb REG_SZ play
DefaultIcon REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPrintPicturesOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-17
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17158
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17159
InvokeProgID REG_SZ Applications\shimgvw.dll
InvokeVerb REG_SZ print
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTime
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-3
Action REG_SZ Prompt each time
Provider REG_SZ Windows Explorer
ProgID REG_SZ Shell.Autoplay
InitCmdLine REG_SZ PromptEachTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTimeNoContent
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-3
Action REG_SZ Prompt each time - No Content
Provider REG_SZ Windows Explorer
ProgID REG_SZ Shell.Autoplay
InitCmdLine REG_SZ PromptEachTimeNoContent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival
Action REG_SZ @wmploc.dll,-6506
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.RipCD
InvokeVerb REG_SZ Rip
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSShowPicturesOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-249
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17156
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17157
InvokeProgID REG_SZ Shell.AutoplayForSlideShow.1
InvokeVerb REG_SZ open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSTakeNoAction
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-338
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17168
Provider REG_SZ <TakeNoAction>
ProgID REG_SZ Shell.AutoplaySpecial
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSVideoCameraArrival
InitCmdLine REG_SZ "C:\Program Files\Movie Maker\moviemk.exe" /RECORD
ProgID REG_SZ Shell.HWEventHandlerShellExecute
DefaultIcon REG_SZ C:\Program Files\Movie Maker\moviemk.exe,0
CLSIDForCancel REG_SZ {AB007EC8-E2D4-4664-ACD9-1D059681F3DE}
Action REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61826
Provider REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61424
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWiaEventHandler
ProgID REG_SZ WiaDevMgr
Action REG_SZ @%systemroot%\System32\wiaacmgr.exe,-276
Provider REG_SZ @%systemroot%\System32\wiaacmgr.exe,-101
DefaultIcon REG_EXPAND_SZ %systemroot%\System32\wiaacmgr.exe,-2
InvokeProgID REG_SZ WIA.AutoplayDropHandler.1
InvokeVerb REG_SZ open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler
Action REG_SZ Transfer Files
CLSIDForCancel REG_SZ {91778246-9BE4-4713-A651-E833B853CC30}
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
InitCmdLine REG_EXPAND_SZ "%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:3 /task:PortableDevice
ProgID REG_SZ Shell.HWEventHandlerShellExecute
Provider REG_SZ @wmploc.dll,-6502
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival
Action REG_SZ @wmploc.dll,-6505
Provider REG_SZ @wmploc.dll,-6502
InvokeProgid REG_SZ WMP.BurnCD
InvokeVerb REG_SZ Burn
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\OlyCamediaAutoplay1
Action REG_SZ Launch CAMEDIA Master
Provider REG_SZ OLYMPUS CAMEDIA Master
DefaultIcon REG_SZ C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\AutoPlay.dll,0
InvokeProgID REG_SZ OLY.Autoplay1
InvokeVerb REG_SZ Play
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\PCinemaPlayCDAudioOnArrival
Action REG_SZ Play audio CD
DefaultIcon REG_SZ C:\Program Files\Dell\Media Experience\PCM2.exe,0
InvokeProgID REG_SZ AudioCD
InvokeVerb REG_SZ PlayWithPowerCinema
Provider REG_SZ Media Experience
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\PCinemaPlayDVDMovieOnArrival
Action REG_SZ Play DVD video
DefaultIcon REG_SZ C:\Program Files\Dell\Media Experience\PCM2.exe,0
InvokeProgID REG_SZ DVD
InvokeVerb REG_SZ PlayWithPowerCinema
Provider REG_SZ Media Experience
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\Picasa2ImportPicturesOnArrival
Action REG_SZ Copy pictures to your computer and view them
DefaultIcon REG_SZ C:\Program Files\Picasa2\Picasa2.exe
InvokeProgID REG_SZ picasa2.autoplay
InvokeVerb REG_SZ import
Provider REG_SZ Picasa2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
UseGlobalSettings REG_DWORD 0x1
Percent REG_DWORD 0xa
NukeOnDelete REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c
VolumeSerialNumber REG_DWORD 0x4687547
IsUnicode REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
BrowseNewProcess REG_SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
NoExplorer REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}
<NO NAME> REG_SZ McAntiPhishingBHO
NoExplorer REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
NoExplorer REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
<NO NAME> REG_SZ scriptproxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}
NoExplorer REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\AudioBurnHandlers
<NO NAME> REG_SZ {8dd448e6-c188-4aed-af92-44956194eb1f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\AudioBurnHandlers\{8dd448e6-c188-4aed-af92-44956194eb1f}
verb REG_SZ WMPBurnAsAudioCD
SupportedFileTypes REG_SZ *.WMA;*.MP3;*.WAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\ExcludedFS
UDF REG_SZ
CDUDF REG_SZ
CDUDFRW REG_SZ
UDFREADR REG_SZ
UDF1.50 REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\Flags
desk.cpl REG_DWORD 0x1
access.cpl REG_DWORD 0x1
hdwwiz.cpl REG_DWORD 0x1
keymgr.cpl REG_DWORD 0x1
inetcpl.cpl REG_DWORD 0x1
joy.cpl REG_DWORD 0x1
main.cpl REG_DWORD 0x1
intl.cpl REG_DWORD 0x1
mmsys.cpl REG_DWORD 0x1
sapi.cpl REG_DWORD 0x1
sysdm.cpl REG_DWORD 0x1
telephon.cpl REG_DWORD 0x1
timedate.cpl REG_DWORD 0x1
powercfg.cpl REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Accessibility_Options
IconIndex REG_DWORD 0x6e
Info REG_SZ Customizes accessibility features for your computer.
Module REG_EXPAND_SZ %SystemRoot%\system32\access.cpl
Name REG_SZ Accessibility Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Add-Remove_Programs
IconIndex REG_DWORD 0x5dc
Info REG_SZ Installs and removes programs and Windows components.
Module REG_EXPAND_SZ %SystemRoot%\system32\appwiz.cpl
Name REG_SZ Add/Remove Programs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Date-Time
IconIndex REG_DWORD 0xc8
Info REG_SZ Changes date, time, and time-zone information.
Module REG_EXPAND_SZ %SystemRoot%\system32\timedate.cpl
Name REG_SZ Date/Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Dialing_Options
IconIndex REG_DWORD 0x64
Info REG_SZ Configures telephone dialing rules for your location.
Module REG_EXPAND_SZ %SystemRoot%\system32\telephon.cpl
Name REG_SZ Dialing Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Display_Properties
IconIndex REG_DWORD 0x64
Info REG_SZ Customizes your desktop display and screen saver.
Module REG_EXPAND_SZ %SystemRoot%\system32\desk.cpl
Name REG_SZ Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Internet_Options
IconIndex REG_DWORD 0x1187
Info REG_SZ Configures your Internet display and connections settings.
Module REG_EXPAND_SZ %SystemRoot%\system32\inetcpl.cpl
Name REG_SZ Internet Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\Printers
IconIndex REG_DWORD 0x12c
Info REG_SZ Adds, removes and changes settings for printers.
Module REG_EXPAND_SZ %SystemRoot%\system32\main.cpl
Name REG_SZ Printers and Faxes
<NO NAME> REG_SZ {2227A280-3AEA-1069-A2DE-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
<NO NAME> REG_SZ Taskbar and Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
<NO NAME> REG_SZ Folder Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
<NO NAME> REG_SZ Network Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524152}
<NO NAME> REG_SZ Fonts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}
<NO NAME> REG_SZ Administrative Tools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
<NO NAME> REG_SZ Scheduled Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{E211B736-43FD-11D1-9EFB-0000F8757FCD}
<NO NAME> REG_SZ Scanners & Cameras
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}
<NO NAME> REG_SZ Computer Search Results Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
<NO NAME> REG_SZ
Removal Message REG_SZ @mydocs.dll,-900
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
<NO NAME> REG_SZ Recycle Bin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}
<NO NAME> REG_SZ Search Results Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths
Owner REG_SZ C:\Documents and Settings\Owner\My Documents
Rwchipman REG_SZ C:\Documents and Settings\Rwchipman\My Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon
<NO NAME> REG_SZ %SystemRoot%\system32\shell32.dll,131
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
KillList REG_SZ %1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rund
ll32.exe;taskman.exe;bck32api.dll;
CutList REG_MULTI_SZ Application File\0MFC Application\0\0
AddRemoveApps REG_SZ SETUP.EXE;INSTALL.EXE;ISUNINST.EXE;UNWISE.EXE;UNWISE32.EXE;ST5UNST.EXE;RUNDLL32.
EXE;MSOOBE.EXE;LNKSTUB.EXE
AddRemoveNames REG_SZ Documentation;Help;Install;More Info;Readme;Read me;Read First;Setup;Support;What's New;Remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\ShellFindInDirectory
<NO NAME> REG_SZ {F020E586-5264-11d1-A532-0000F8757D7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\QuickFinderMenu
<NO NAME> REG_SZ {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\QuickFinderMenu\0
<NO NAME> REG_SZ using &QuickFinder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\QuickFinderMenu\0\DefaultIcon
<NO NAME> REG_SZ c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch
<NO NAME> REG_SZ {169A0691-8DF9-11d1-A1C4-00C04FD75D13}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0
<NO NAME> REG_SZ For &Files or Folders...
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23232
RunInProcess REG_SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-134
HotIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-50
GrayIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-51
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\HelpText
<NO NAME> REG_SZ Search for files or folders
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23296
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\SearchGUID
<NO NAME> REG_SZ {169A0691-8DF9-11d1-A1C4-00C04FD75D13}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\0\SearchGUID\UrlNavNew
<NO NAME> REG_EXPAND_SZ ::{e17d4fc0-5564-11d1-83f2-00a0c90dc849}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1
<NO NAME> REG_SZ For &Computers
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23233
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-135
HotIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-52
GrayIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-53
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\HelpText
<NO NAME> REG_SZ Search for computers on the network
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23297
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\SearchGUID
<NO NAME> REG_SZ {996E1EB1-B524-11d1-9120-00A0C98BA67D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\1\SearchGUID\UrlNavNew
<NO NAME> REG_EXPAND_SZ ::{1f4de370-d627-11d1-ba4f-00a0c91eedba}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2
<NO NAME> REG_SZ For &Printer
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23234
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-135
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\HelpText
<NO NAME> REG_SZ Search for a printer
LocalizedString REG_EXPAND_SZ @%SystemRoot%\system32\SHELL32.dll,-23298
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\ShellSearch\2\SearchGUID
<NO NAME> REG_SZ {D515F311-B78B-11d1-9123-00A0C98BA67D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind
<NO NAME> REG_SZ {32714800-2E5F-11d0-8B85-00AA0044F941}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind\0
<NO NAME> REG_SZ For &People...
LocalizedString REG_SZ @C:\Program Files\Common Files\System\wab32res.dll,-1646
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WabFind\0\DefaultIcon
<NO NAME> REG_SZ C:\Program Files\Outlook Express\wabfind.dll, 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch
<NO NAME> REG_SZ {07798131-AF23-11d1-9111-00A0C98BA67D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0
<NO NAME> REG_SZ On the &Internet...
LocalizedString REG_SZ @browselc.dll,-13060
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0\DefaultIcon
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\shdocvw.dll,-111
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\WebSearch\0\HelpText
<NO NAME> REG_SZ Search the web
LocalizedString REG_SZ @browselc.dll,-13061
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu
{871C5380-42A0-1069-A2EA-08002B30309D}.default REG_SZ 0
{871C5380-42A0-1069-A2EA-08002B30309D} REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel
{20D04FE0-3AEA-1069-A2D8-08002B30309D} REG_DWORD 0x1
{450D8FBA-AD25-11D0-98A8-0800361B1103} REG_DWORD 0x1
{208D2C60-3AEA-1069-A2D7-08002B30309D} REG_DWORD 0x1
{871C5380-42A0-1069-A2EA-08002B30309D} REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons
{21EC2020-3AEA-1069-A2DD-08002B30309D} REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\cleanuppath
<NO NAME> REG_EXPAND_SZ %SystemRoot%\system32\cleanmgr.exe /D %c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
<NO NAME> REG_EXPAND_SZ %systemroot%\system32\dfrg.msc %c:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\Controls
<NO NAME> REG_SZ {21EC2020-3AEA-1069-A2DD-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee}
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{E211B736-43FD-11D1-9EFB-0000F8757FCD}
<NO NAME> REG_SZ Scanners & Cameras
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler
CLSID REG_SZ {72b3882f-453a-4633-aac9-8c3dced62aff}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\DelegateFolders\{9DB7A13C-F208-4981-8353-73CC61AE2783}
<NO NAME>
#19
Posted 13 March 2008 - 04:02 PM
I'm not certain if the entire DrvIconQuery log fit on the last post.
HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55, on 03/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Hijackthis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SunshineNet Web Accelerator\PBHELPER.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156893026992
O23 - Service: McAfee Application Installer Cleanup (0257771205124574) (0257771205124574mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\025777~1.EXE
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 10056 bytes
HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55, on 03/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Hijackthis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SunshineNet Web Accelerator\PBHELPER.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156893026992
O23 - Service: McAfee Application Installer Cleanup (0257771205124574) (0257771205124574mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\025777~1.EXE
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 10056 bytes
#20
Posted 13 March 2008 - 04:55 PM
Hello
Backup Your Registry with ERUNT
Note: to restore your registry, go to the folder and start ERDNT.exe
Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.
Then double click on the fix.reg file, when it prompts to merge click "Yes".
Reboot and tell me how your PC is running
Backup Your Registry with ERUNT
- Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php - For version with the Installer:
Use the setup program to install ERUNT on your computer - For the zipped version:
Unzip all the files into a folder of your choice.
Note: to restore your registry, go to the folder and start ERDNT.exe
Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.
Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Driveicons]
Then double click on the fix.reg file, when it prompts to merge click "Yes".
Reboot and tell me how your PC is running
#21
Posted 15 March 2008 - 05:50 PM
Thank you for this information. I will go through these steps on the computer but I won't be able to get to it until Monday. As soon as I have it done, I will post my results.
I appreciate your patience.
I appreciate your patience.
#22
Posted 15 March 2008 - 06:09 PM
Ok no problem
#23
Posted 18 March 2008 - 04:16 PM
Thank you very much.
The red "X" is now gone.
I have one more question, which is kind of stupid.....the clock in the system tray is set to military time. I have checked the time settings under Control Panel and the settings are fine. Any ideas?
The red "X" is now gone.
I have one more question, which is kind of stupid.....the clock in the system tray is set to military time. I have checked the time settings under Control Panel and the settings are fine. Any ideas?
#24
Posted 18 March 2008 - 05:37 PM
Yep
Now lets uninstall Combofix:
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.
Now lets uninstall Combofix:
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
- Delete ComboFix and its associated files and folders.
- Delete VundoFix backups, if present
- Delete the C:\Deckard folder, if present
- Delete the C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Reset System Restore.
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.
#25
Posted 23 March 2008 - 08:14 PM
Thank you for all of your help.
ComboFix was uninstalled but the clock is still showing military time. Will that change after a reboot?
Thank you for the suggestions. I do appreciate your time and assistance on this issue - you certainly DO know you stuff !!
ComboFix was uninstalled but the clock is still showing military time. Will that change after a reboot?
Thank you for the suggestions. I do appreciate your time and assistance on this issue - you certainly DO know you stuff !!
#26
Posted 30 March 2008 - 11:40 AM
That should hopefully be restored on a reboot
If it doesn't, feel free to make a topic in the Windows XP forum and they can fix it
Let me know if you have any more questions
If it doesn't, feel free to make a topic in the Windows XP forum and they can fix it
Let me know if you have any more questions
#27
Posted 03 April 2008 - 06:25 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users