Here is my Hijack this thread


Logfile of HijackThis v1.99.1
Scan saved at 6:22:51 PM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tmj4.com/
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: BHODemon.lnk = C:\Program Files\BHODemon\BHODemon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://67.78.197.18:800/LNetCam.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.sdwtech.com/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PLease supply the filename and full path of the trojan that Norton reported.


Also....

Download 'Autoruns' from here:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in this thread.

Thanks for your help...here is what you had asked for:

ADW_ELITEBAR.N [Trend Micro], AdWare.ToolBar.EliteBar.z [Kaspersky], Adware-EliteBar.dll [McAfee], Adware/EliteBar [Panda]

C:\Program Files\Microsoft AntiSpyware\Quarantine\9DB3AA84-7946-4889-9213-A44A54\C603AA38-9A4B-463E-B61F-3C71A1

______________________________________________________________________

Here is the Autoruns:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Windows XP Publisher c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Windows XP Publisher c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ Advanced Tools Check Norton AntiVirus Advanced Tools Integrity Checker Symantec Corporation c:\program files\norton antivirus\advtools\advchk.exe

+ ccApp Symantec User Session Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe

+ dla Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\tfswctrl.exe

+ DwlClient Support (Not verified) Dell c:\program files\common files\dell\eusw\support.exe

+ gcasServ Microsoft AntiSpyware Service Microsoft Corporation c:\program files\microsoft antispyware\gcasserv.exe

+ HotKeysCmds hkcmd Module Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\hkcmd.exe

+ IgfxTray igfxTray Module Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\igfxtray.exe

+ iTunesHelper iTunesHelper Module (Not verified) Apple Computer, Inc. c:\program files\itunes\ituneshelper.exe

+ MediaFace Integration MediaFACE Hook Application (Not verified) Fellowes, Inc. c:\program files\fellowes\mediaface 4.0\sethook.exe

+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ Omnipage OCR Aware (32-bit) (Not verified) ScanSoft, Inc c:\program files\scansoft\omnipagese\opware32.exe

+ PCMService PowerCinema Resident Program for Dell (Not verified) CyberLink Corp. c:\program files\dell\media experience\pcmservice.exe

+ QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe

+ SSC_UserPrompt Norton Security Center Helper Symantec Corporation c:\program files\common files\symantec shared\security center\usrprmpt.exe

+ StorageGuard Sonic Update Manager (Not verified) Sonic Solutions c:\program files\common files\sonic\update manager\sgtray.exe

+ Symantec NetDriver Monitor Symantec Security Drivers Install Monitor Symantec Corporation c:\program files\symnetdrv\sndmon.exe

+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ Digital Line Detect.lnk Digital Line Detection (Not verified) BVRP Software c:\program files\digital line detect\dlg.exe

C:\Documents and Settings\Tim\Start Menu\Programs\Startup

+ BHODemon.lnk BHODemon - Freeware - Manages BHOs. (Not verified) Definitive Solutions, Inc. c:\program files\bhodemon\bhodemon.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ MSMSGS Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe

HKLM\System\CurrentControlSet\Services

+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ ccEvtMgr Symantec Event Manager Symantec Corporation c:\program files\common files\symantec shared\ccevtmgr.exe

+ ccSetMgr Symantec Settings Manager Symantec Corporation c:\program files\common files\symantec shared\ccsetmgr.exe

+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ dmserver Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Windows XP Publisher c:\windows\system32\services.exe

+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ Messenger Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ NPFMntor Detects installation of Symantec Firewall clients Symantec Corporation c:\program files\norton antivirus\iwp\npfmntor.exe

+ NProtectService Norton Protection Status (Not verified) Symantec Corporation c:\program files\norton antivirus\advtools\nprotect.exe

+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Windows XP Publisher c:\windows\system32\services.exe

+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Windows XP Publisher c:\windows\system32\lsass.exe

+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Windows XP Publisher c:\windows\system32\lsass.exe

+ RemoteRegistry Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ SamSs Stores security information for local user accounts. Microsoft Windows XP Publisher c:\windows\system32\lsass.exe

+ SBService Norton AntiVirus ScripBlocking Service Symantec Corporation c:\program files\common files\symantec shared\script blocking\sbserv.exe

+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ SNDSrvc Symantec Network Drivers Service Symantec Corporation c:\program files\common files\symantec shared\sndsrvc.exe

+ SPBBCSvc Symantec SPBBC Symantec Corporation c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe

+ Spooler Loads files to memory for later printing. Microsoft Windows XP Publisher c:\windows\system32\spoolsv.exe

+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ stisvc Provides image acquisition services for scanners and cameras. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ Symantec Core LC Symantec Core LC Symantec Corporation c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe

+ SymWSC Symantec WMI Service Symantec Corporation c:\program files\common files\symantec shared\security center\symwsc.exe

+ Themes Provides user experience theme management. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ uploadmgr Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ wuauserv Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Windows XP Publisher c:\windows\system32\svchost.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Windows XP Publisher c:\program files\outlook express\setup50.exe

+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Windows XP Publisher c:\windows\system32\iedkcs32.dll

+ Fax ADVPACK Microsoft Windows XP Publisher c:\windows\system32\advpack.dll

+ Fax Provider Microsoft Fax Optional Component Installer Microsoft Windows XP Publisher c:\windows\system32\setup\fxsocm.dll

+ Internet Explorer Windows NT User Data Migration Tool Microsoft Windows XP Publisher c:\windows\system32\shmgrate.exe

+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Windows XP Publisher c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Windows XP Publisher c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Windows XP Publisher c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Windows XP Publisher c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Windows XP Publisher c:\windows\system32\shmgrate.exe

+ Themes Setup Microsoft© Register Server Microsoft Windows XP Publisher c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Windows XP Publisher c:\windows\system32\regsvr32.exe

+ Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Windows Component Publisher c:\windows\inf\unregmp2.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Windows XP Publisher c:\windows\system32\advpack.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Windows XP Publisher c:\windows\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Microsoft AntiSpyware Service Hook Microsoft AntiSpyware Shell Extension Microsoft Corporation c:\program files\microsoft antispyware\shellextension.dll

+ shell32.dll Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Windows XP Publisher c:\windows\system32\photowiz.dll

+ &Address Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Windows XP Publisher c:\windows\system32\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Windows XP Publisher c:\windows\system32\occache.dll

+ Address Bar Parser Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Address EditBox Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Administrative Tools Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Windows XP Publisher c:\windows\system32\shmedia.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Windows XP Publisher c:\windows\system32\wuaucpl.cpl

+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Windows XP Publisher c:\windows\system32\shmedia.dll

+ BandProxy Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Briefcase Windows Briefcase Microsoft Windows XP Publisher c:\windows\system32\syncui.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Channel File Channel Definition File Viewer Microsoft Windows Component Publisher c:\windows\system32\cdfview.dll

+ Channel Handler Object Channel Definition File Viewer Microsoft Windows Component Publisher c:\windows\system32\cdfview.dll

+ Channel Menu Channel Definition File Viewer Microsoft Windows Component Publisher c:\windows\system32\cdfview.dll

+ Channel Properties Channel Definition File Viewer Microsoft Windows Component Publisher c:\windows\system32\cdfview.dll

+ Channel Shortcut Channel Definition File Viewer Microsoft Windows Component Publisher c:\windows\system32\cdfview.dll

+ Code Download Agent Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Windows XP Publisher c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Windows XP Publisher c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Windows XP Publisher c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Windows XP Publisher c:\windows\system32\zipfldr.dll

+ ConnectionAgent Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Windows XP Publisher c:\windows\system32\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Windows XP Publisher c:\windows\system32\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Darwin App Publisher Shell Application Manager Microsoft Windows XP Publisher c:\windows\system32\appwiz.cpl

+ DfsShell Distributed File System shell extension Microsoft Windows XP Publisher c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Directory Service Common UI Microsoft Windows XP Publisher c:\windows\system32\dsuiext.dll

+ Directory Object Find Directory Service Find Microsoft Windows XP Publisher c:\windows\system32\dsquery.dll

+ Directory Property UI Directory Service Common UI Microsoft Windows XP Publisher c:\windows\system32\dsuiext.dll

+ Directory Query UI Directory Service Find Microsoft Windows XP Publisher c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Directory Service Find Microsoft Windows XP Publisher c:\windows\system32\dsquery.dll

+ Disk Copy Extension Windows DiskCopy Microsoft Windows XP Publisher c:\windows\system32\diskcopy.dll

+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Windows XP Publisher c:\windows\system32\dskquoui.dll

+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Windows XP Publisher c:\windows\system32\deskadp.dll

+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Windows XP Publisher c:\windows\system32\deskmon.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Windows XP Publisher c:\windows\system32\deskperf.dll

+ Download Status Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ DriveLetterAccess Drive Letter Access Component (Not verified) Sonic Solutions c:\windows\system32\dla\tfswshx.dll

+ DS Security Page Directory Service Security UI Microsoft Windows XP Publisher c:\windows\system32\dssec.dll

+ E-mail Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Fonts Windows Font Folder Microsoft Windows XP Publisher c:\windows\system32\fontext.dll

+ Fonts Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ For &People... Find People Microsoft Windows Component Publisher c:\program files\outlook express\wabfind.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Windows XP Publisher c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Windows XP Publisher c:\windows\system32\shimgvw.dll

+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Windows XP Publisher c:\windows\system32\netplwiz.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ History Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Windows XP Publisher c:\windows\system32\shimgvw.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Microsoft Windows XP Publisher c:\windows\system32\hticons.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Windows XP Publisher c:\windows\system32\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Windows XP Publisher c:\windows\system32\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Windows XP Publisher c:\windows\system32\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Windows XP Publisher c:\windows\system32\icmui.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Installed Apps Enumerator Shell Application Manager Microsoft Windows XP Publisher c:\windows\system32\appwiz.cpl

+ Internet Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Internet Name Space Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ InternetShortcut Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll

+ Media Band Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ MediaFace extension Shell Extensions (Not verified) Fellowes, Inc. c:\program files\fellowes\mediaface 4.0\mfshlext.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Windows XP Publisher c:\windows\msagent\agentpsh.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Windows Component Publisher c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Windows XP Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Windows XP Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows XP Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows XP Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Windows XP Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Windows XP Publisher c:\windows\system32\docprop2.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Microsoft Office HTML Icon Handler Microsoft Office 2003 component Microsoft Corporation c:\program files\microsoft office\office11\msohev.dll

+ Microsoft Office Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office11\olkfstub.dll

+ Microsoft Office Outlook Desktop Icon Handler Microsoft Shell Extension Library Microsoft Corporation c:\program files\microsoft office\office11\mlshext.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Microsoft Url History Service Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Windows XP Publisher c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Windows XP Publisher c:\windows\system32\mmcshext.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Windows XP Publisher c:\windows\system32\mmsys.cpl

+ MyDocs Copy Hook My Documents Folder UI Microsoft Windows XP Publisher c:\windows\system32\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Windows XP Publisher c:\windows\system32\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Windows XP Publisher c:\windows\system32\mydocs.dll

+ Network Connections Network Connections Shell Microsoft Windows XP Publisher c:\windows\system32\netshell.dll

+ Network Connections Network Connections Shell Microsoft Windows XP Publisher c:\windows\system32\netshell.dll

+ NTFS Security Page Security Shell Extension Microsoft Windows XP Publisher c:\windows\system32\rshx32.dll

+ Offline Files Folder Client Side Caching UI Microsoft Windows XP Publisher c:\windows\system32\cscui.dll

+ Offline Files Folder Options Client Side Caching UI Microsoft Windows XP Publisher c:\windows\system32\cscui.dll

+ Offline Files Menu Client Side Caching UI Microsoft Windows XP Publisher c:\windows\system32\cscui.dll

+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Windows XP Publisher c:\windows\system32\docprop.dll

+ PlusPack CPL Extension Windows Theme API Microsoft Windows XP Publisher c:\windows\system32\themeui.dll

+ PostAgent Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Windows XP Publisher c:\windows\system32\netplwiz.dll

+ Printers Security Page Security Shell Extension Microsoft Windows XP Publisher c:\windows\system32\rshx32.dll

+ RecordNow! SendToExt Shell Extensions (Not verified) Sonic Solutions c:\program files\sonic\recordnow!\shlext.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Windows XP Publisher c:\windows\system32\remotepg.dll

+ Run... Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows XP Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows XP Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows XP Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows XP Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows XP Publisher c:\windows\system32\wiashext.dll

+ Scheduled Tasks Task Scheduler interface DLL Microsoft Windows XP Publisher c:\windows\system32\mstask.dll

+ Search Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Search Band Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Sendmail service Send Mail Microsoft Windows XP Publisher c:\windows\system32\sendmail.dll

+ Sendmail service Send Mail Microsoft Windows XP Publisher c:\windows\system32\sendmail.dll

+ Shell Application Manager Shell Application Manager Microsoft Windows XP Publisher c:\windows\system32\appwiz.cpl

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Windows XP Publisher c:\windows\system32\ntlanui2.dll

+ Shell Extensions for RealOne Player RealOne Player Shell Extensions (Not verified) RealNetworks c:\program files\real\realplayer\rpshellext.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Windows XP Publisher c:\windows\system32\ntshrui.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Windows XP Publisher c:\windows\system32\ntshrui.dll

+ Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Windows XP Publisher c:\windows\system32\wshext.dll

+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Windows XP Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Windows XP Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Windows XP Publisher c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Directory Service Find Microsoft Windows XP Publisher c:\windows\system32\dsquery.dll

+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Windows XP Publisher c:\windows\system32\netplwiz.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Shell Scrap DataHandler Shell scrap object handler Microsoft Windows XP Publisher c:\windows\system32\shscrap.dll

+ SmartFTP Shell Extension DLL SmartFTP Shell Extension (Not verified) SmartFTP c:\program files\smartftp\smarthook.dll

+ Subscription Folder Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Windows XP Publisher c:\windows\system32\shimgvw.dll

+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Windows XP Publisher c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Windows XP Publisher c:\windows\system32\mstask.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ The Internet Shell Doc Object and Control Library Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ TrayAgent Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ User Accounts Map Network Drives/Network Places Wizard Microsoft Windows XP Publisher c:\windows\system32\netplwiz.dll

+ User Assist Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Windows XP Publisher c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Windows XP Publisher c:\windows\system32\shmedia.dll

+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Windows XP Publisher c:\windows\system32\shmedia.dll

+ Web Folders Microsoft Web Folders Microsoft Corporation c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll

+ Web Printer Shell Extension Print UI DLL Microsoft Windows XP Publisher c:\windows\system32\printui.dll

+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Windows XP Publisher c:\windows\system32\netplwiz.dll

+ Web Search Shell Browser UI Library Microsoft Windows Component Publisher c:\windows\system32\browseui.dll

+ WebCheck Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Windows XP Publisher c:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll

+ {506F4668-F13E-4AA1-BB04-B43203AB3CC0} Microsoft Corporation c:\program files\microsoft office\visio11\visshe.dll

+ {D66DC78C-4F61-447F-942B-3FB6980118CF} Microsoft Corporation c:\program files\microsoft office\visio11\visshe.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ Messenger Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Auto Check Utility Microsoft Windows XP Publisher c:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Windows XP Publisher c:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 Advanced Windows 32 Base API Microsoft Windows XP Publisher c:\windows\system32\advapi32.dll

+ comdlg32 Common Dialogs DLL Microsoft Windows XP Publisher c:\windows\system32\comdlg32.dll

+ DllDirectory c:\windows\system32

+ gdi32 GDI Client DLL Microsoft Windows XP Publisher c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Windows XP Publisher c:\windows\system32\imagehlp.dll

+ kernel32 Windows NT BASE API Client DLL Microsoft Windows XP Publisher c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Windows XP Publisher c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\ole32.dll

+ oleaut32 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems Microsoft Windows XP Publisher c:\windows\system32\oleaut32.dll

+ olecli32 Object Linking and Embedding Client Library Microsoft Windows XP Publisher c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Windows XP Publisher c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Windows XP Publisher c:\windows\system32\rpcrt4.dll

+ shell32 Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ url Internet Shortcut Shell Extension DLL Microsoft Windows XP Publisher c:\windows\system32\url.dll

+ urlmon OLE32 Extensions for Win32 Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll

+ user32 Windows XP USER API Client DLL Microsoft Windows XP Publisher c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Windows XP Publisher c:\windows\system32\version.dll

+ wininet Internet Extensions for Win32 Microsoft Windows Component Publisher c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Windows XP Publisher c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ cscdll Offline Network Agent Microsoft Windows XP Publisher c:\windows\system32\cscdll.dll

+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Windows XP Publisher c:\windows\system32\wlnotify.dll

+ Schedule Common DLL to receive Winlogon notifications Microsoft Windows XP Publisher c:\windows\system32\wlnotify.dll

+ SensLogn Common DLL to receive Winlogon notifications Microsoft Windows XP Publisher c:\windows\system32\wlnotify.dll

+ termsrv Common DLL to receive Winlogon notifications Microsoft Windows XP Publisher c:\windows\system32\wlnotify.dll

+ wlballoon Common DLL to receive Winlogon notifications Microsoft Windows XP Publisher c:\windows\system32\wlnotify.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\System32\logon.scr Logon Screen Saver Microsoft Windows XP Publisher c:\windows\system32\logon.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{23985840-0C1D-442A-9469-F3498A527354}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{23985840-0C1D-442A-9469-F3498A527354}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DC5A55F-F84E-4566-BDF5-E5B1B330E70D}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DC5A55F-F84E-4566-BDF5-E5B1B330E70D}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Windows XP Publisher c:\windows\system32\rsvpsp.dll

Thanks,

Your system is clean.

Delete the item in MSAS quarantine. No need to keep garbage on your system. It is a known item, so MS does not need it.

Thanks for your help! How did the trojan go away? I don't believe I did anything to get rid of it.

Thanks again!!

:dance:

It did not go away. MSAS put the file in quarantine which effectively neuters it. Unless the files are needed, clear quarantine at regular intervals. Always check the files first, though, to be sure that a false positive did not capture a valid file.