Just a check up to see how it looks.

Logfile of HijackThis v1.99.1
Scan saved at 9:54:09 AM, on 1/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Weather Pulse\weatherpulse.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Search Current News - file://\program files\powershell-xp3\search5.htm
O8 - Extra context menu item: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp3\search3.htm
O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp3\search.htm
O15 - Trusted Zone: http://*.gladiator-antivirus.com
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/downl...lscbase1524.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122667411683
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

StartupList report, 1/31/2006, 9:54:49 AM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Weather Pulse\weatherpulse.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
Exif Launcher.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk = ?
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Eraser = C:\Program Files\Eraser\eraser.exe -hide
PPWebCap = C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
tinySpell = C:\Program Files\tinySpell\tinyspell.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Mouse Gestures - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll - {A6A49249-57AE-4295-8D4D-18A9502C7D8E}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Uninstall Expiration Reminder.job

--------------------------------------------------

Enumerating Download Program Files:

[PatchInstaller.Installer]
InProcServer32 = C:\WINDOWS\System32\XPPatchInstaller.dll
CODEBASE = file://E:\content\include\XPPatchInstaller.CAB

[CwlscInstall Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = https://scan.safety.live.com/resource/downl...lscbase1524.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdat...b?1122667411683

[MSSecurityAdvisorCD Class]
InProcServer32 = C:\WINDOWS\System32\mssecucd.dll
CODEBASE = file://E:\Content\include\msSecUcd.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 5,989 bytes
Report generated in 0.070 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Thanks

Grand dad

Hi there,

I see you are running the Windows Firewall. You should really run a third party firewall and disable the Window Firewall.

Do you use all those Works startups? I had a works update on my 98 HP and it never once updated anything!


Your Startuplist gave just the defaults. There's a more intens output if you do it this way:

Check both boxes next to the Generate StartupList log and then click the generate startuplist log button.

----------------

Then autoruns will give us even more:

Download Autoruns from this page:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in your next reply here.




How's it running?

Had a hard crash and had to reboot. Was using Opera at time. OK seems to be stable for now alltho some what slow at loading pages.

Terry

OK lets see what we have: Startup list:

StartupList report, 1/31/2006, 1:24:39 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5296.0000)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Weather Pulse\weatherpulse.exe
C:\Program Files\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Terry\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
Exif Launcher.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk = ?
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Eraser = C:\Program Files\Eraser\eraser.exe -hide
PPWebCap = C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
tinySpell = C:\Program Files\tinySpell\tinyspell.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "C:\Program Files\Internet Explorer\iexplore.exe" -userconfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Mouse Gestures - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll - {A6A49249-57AE-4295-8D4D-18A9502C7D8E}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Uninstall Expiration Reminder.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[PatchInstaller.Installer]
InProcServer32 = C:\WINDOWS\System32\XPPatchInstaller.dll
CODEBASE = file://E:\content\include\XPPatchInstaller.CAB

[CwlscInstall Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = https://scan.safety.live.com/resource/downl...lscbase1524.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdat...b?1122667411683

[Java Plug-in 1.4.1_07]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
CODEBASE = http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab

[MSSecurityAdvisorCD Class]
InProcServer32 = C:\WINDOWS\System32\mssecucd.dll
CODEBASE = file://E:\Content\include\msSecUcd.cab

[Java Plug-in 1.4.1_07]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
CODEBASE = http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Intel® 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)
Belarc SMBios Access: \SystemRoot\System32\Drivers\BANTExt.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Microsoft SideWinder Value Add - Filter Driver: System32\DRIVERS\GcKernel.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft SideWinder Virtual HID Device Mini-Driver: System32\DRIVERS\HIDSwvd.sys (manual start)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimFP5: system32\DRIVERS\wADV07nt.sys (manual start)
iAimFP6: system32\DRIVERS\wADV08nt.sys (manual start)
iAimFP7: system32\DRIVERS\wADV09nt.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
iAimTV5: system32\DRIVERS\wATV10nt.sys (manual start)
iAimTV6: system32\DRIVERS\wATV06nt.sys (manual start)
IdeBusDr: system32\DRIVERS\IdeBusDr.sys (system)
Intel® Ultra ATA Controller: system32\DRIVERS\IdeChnDr.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
mchInjDrv: \??\C:\DOCUME~1\Terry\LOCALS~1\Temp\mc211.tmp (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT Apm/Legacy Interface Driver: System32\DRIVERS\NtApm.sys (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (disabled)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{3D49AB00-9BB7-4974-8D2F-D62C1B6940E6} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 32,095 bytes
Report generated in 0.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Autoruns list:

HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ AVG7_CC AVG Control Center GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgcc.exe

+ AVG7_EMC AVG E-Mail Scanner GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgemc.exe

+ gcasServ Microsoft AntiSpyware Service Microsoft Corporation c:\program files\microsoft antispyware\gcasserv.exe

+ HP Software Update Hewlett-Packard Product Assistant Hewlett-Packard Co. c:\program files\hp\hp software update\hpwuschd2.exe

+ Microsoft Works Portfolio Microsoft® Works PortFolio Microsoft® Corporation c:\program files\microsoft works\wkssb.exe

+ Microsoft Works Update Detection Microsoft® Works Update Detection Microsoft® Corporation c:\program files\microsoft works\wkdetect.exe

+ Picasa Media Detector Picasa Google Inc. c:\program files\picasa2\picasamediadetector.exe

+ SystemTray Systray .exe stub Microsoft Corporation c:\windows\system32\systray.exe

+ WorksFUD Microsoft® Works Marketing Feature Microsoft® Corporation c:\program files\microsoft works\wkfud.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

+ Exif Launcher.lnk Exif Launcher FUJI PHOTO FILM CO., LTD. c:\program files\finepixviewer\quickdcf.exe

+ Microsoft Office.lnk Microsoft Office 2000 component Microsoft Corporation c:\program files\microsoft office\office\osa9.exe

+ Microsoft Works Calendar Reminders.lnk Microsoft® Works Calendar Reminder Service Microsoft® Corporation c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

+ Printkey2000.lnk Fred's Software c:\program files\printkey2000\printkey2000.exe

C:\Documents and Settings\Terry\Start Menu\Programs\Startup

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Eraser Eraser. - c:\program files\eraser\eraser.exe

+ PPWebCap Web Capture Scansoft Inc. c:\program files\scansoft\paperport\ppwebcap.exe

+ tinySpell c:\program files\tinyspell\tinyspell.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll

+ Internet Explorer Internet Explorer Microsoft Corporation c:\program files\internet explorer\iexplore.exe

+ Internet Explorer Windows Setup API Microsoft Corporation c:\windows\system32\setupapi.dll

+ Internet Explorer 7 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Power Policy Settings File not found: setupx.dll

+ Themes Setup Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ IE Component Categories cache daemon Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Microsoft AntiSpyware Service Hook Microsoft AntiSpyware Shell Extension Microsoft Corporation c:\program files\microsoft antispyware\shellextension.dll

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll

+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ &Links Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ &Links Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll

+ Address Bar Parser Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Augmented Merge Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl

+ AVG7 Find Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ AVG7 Shell Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ a² Context Menu Shell Extension c:\program files\a2 free\a2contmenu.dll

+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Context Magic Shell Extension c:\windows\system32\ctxmagic.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll

+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll

+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll

+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll

+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll

+ Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll

+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Eraser Shell Extension Eraser Shell Extension. - c:\program files\eraser\erasext.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Explorer Search Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Explorer Travel Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Favorites Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Fonts Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll

+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ History Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ IE &Address Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Address EditBox Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE AutoComplete Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE BandProxy Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Custom MRU AutoCompleted List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Fade Task Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Global Folder Settings Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE IShellFolderBand Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Desk Bar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Site Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft BrowserBand Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft History AutoComplete List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Internet Toolbar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Multiple AutoComplete List Container Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Shell Folder AutoComplete List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE MRU AutoComplete List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Navigation Bar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Registry Tree Options Utility Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Search Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Search Control Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell Band Site Menu Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell DeskBar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell Rebar BandSite Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Thumbnail Image Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Tracking Shell Menu Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE User Assist Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Name Space Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ InternetShortcut Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ IShellFolderBand Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Menu Band Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Menu Desk Bar Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Menu Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Menu Site Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Microsoft Browser Architecture Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Url History Service Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Microsoft

Autoruns got cut off. CAn you post the rest please? just the reamins will be fine.

Microsoft Url History Service Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

was the last full entry.


Are you using opera now?

Do you know how to use Event Viewer to get details on errors?

Autorun list:

HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ AVG7_CC AVG Control Center GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgcc.exe

+ AVG7_EMC AVG E-Mail Scanner GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgemc.exe

+ gcasServ Microsoft AntiSpyware Service Microsoft Corporation c:\program files\microsoft antispyware\gcasserv.exe

+ HP Software Update Hewlett-Packard Product Assistant Hewlett-Packard Co. c:\program files\hp\hp software update\hpwuschd2.exe

+ Microsoft Works Portfolio Microsoft® Works PortFolio Microsoft® Corporation c:\program files\microsoft works\wkssb.exe

+ Microsoft Works Update Detection Microsoft® Works Update Detection Microsoft® Corporation c:\program files\microsoft works\wkdetect.exe

+ Picasa Media Detector Picasa Google Inc. c:\program files\picasa2\picasamediadetector.exe

+ SystemTray Systray .exe stub Microsoft Corporation c:\windows\system32\systray.exe

+ WorksFUD Microsoft® Works Marketing Feature Microsoft® Corporation c:\program files\microsoft works\wkfud.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

+ Exif Launcher.lnk Exif Launcher FUJI PHOTO FILM CO., LTD. c:\program files\finepixviewer\quickdcf.exe

+ Microsoft Office.lnk Microsoft Office 2000 component Microsoft Corporation c:\program files\microsoft office\office\osa9.exe

+ Microsoft Works Calendar Reminders.lnk Microsoft® Works Calendar Reminder Service Microsoft® Corporation c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

+ Printkey2000.lnk Fred's Software c:\program files\printkey2000\printkey2000.exe

C:\Documents and Settings\Terry\Start Menu\Programs\Startup

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Eraser Eraser. - c:\program files\eraser\eraser.exe

+ PPWebCap Web Capture Scansoft Inc. c:\program files\scansoft\paperport\ppwebcap.exe

+ tinySpell c:\program files\tinyspell\tinyspell.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll

+ Internet Explorer Internet Explorer Microsoft Corporation c:\program files\internet explorer\iexplore.exe

+ Internet Explorer Windows Setup API Microsoft Corporation c:\windows\system32\setupapi.dll

+ Internet Explorer 7 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Power Policy Settings File not found: setupx.dll

+ Themes Setup Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ IE Component Categories cache daemon Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Microsoft AntiSpyware Service Hook Microsoft AntiSpyware Shell Extension Microsoft Corporation c:\program files\microsoft antispyware\shellextension.dll

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll

+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ &Links Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ &Links Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll

+ Address Bar Parser Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Augmented Merge Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl

+ AVG7 Find Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ AVG7 Shell Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ a² Context Menu Shell Extension c:\program files\a2 free\a2contmenu.dll

+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Context Magic Shell Extension c:\windows\system32\ctxmagic.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll

+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll

+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll

+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll

+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll

+ Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll

+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Eraser Shell Extension Eraser Shell Extension. - c:\program files\eraser\erasext.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Explorer Search Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Explorer Travel Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Favorites Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Fonts Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll

+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ History Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ IE &Address Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Address EditBox Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE AutoComplete Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE BandProxy Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Custom MRU AutoCompleted List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Fade Task Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Global Folder Settings Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE IShellFolderBand Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Desk Bar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Site Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft BrowserBand Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft History AutoComplete List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Internet Toolbar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Multiple AutoComplete List Container Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Shell Folder AutoComplete List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE MRU AutoComplete List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Navigation Bar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Registry Tree Options Utility Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Search Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Search Control Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell Band Site Menu Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell DeskBar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell Rebar BandSite Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Thumbnail Image Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Tracking Shell Menu Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE User Assist Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Name Space Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ InternetShortcut Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ IShellFolderBand Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Menu Band Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Menu Desk Bar Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Menu Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Menu Site Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Microsoft Browser Architecture Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Url History Service Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Microsoft Url Search Hook Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl

+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll

+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll

+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll

+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll

+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll

+ Portable Media Devices Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll

+ Portable Media Devices Menu Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll

+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll

+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll

+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll

+ Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll

+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Shell extensions for Windows Scripting Host Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll

+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll

+ Shell Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ SlowFile Icon Overlay Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Temporary Internet Files Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Temporary Internet Files Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ The Internet Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Thumbnail Image Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Thumbnails Thumbnail View Extension Microsoft Corporation c:\windows\system32\thumbvw.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Tracking Shell Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ User Accounts Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll

+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ ZipGenius DnD Extract handler Drag and drop dll M.Dev Software c:\program files\zipgenius 6\zgdragdrop.dll

+ ZipGenius Drop handler ZG Drop Handler M.Dev Software c:\program files\zipgenius 6\drophandler.dll

+ ZipGenius Shell Extension Context Menu for ZipGenius M.Dev Software c:\program files\zipgenius 6\contmenu.dll

+ ZipGenius Zip InfoTip Infotips shell extension for ZipGenius M.Dev Software c:\program files\zipgenius 6\zgtips.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web Folders c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ BrowserHelperObject Object Mouse Gestures plugin for Internet Explorer Drowse c:\program files\internet explorer\plugins\drowse\mousegestures.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ ieframe.dll Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

HKLM\Software\Microsoft\Internet Explorer\Extensions

Task Scheduler

+ Tune-up Application Start.job File not found: walign

+ Uninstall Expiration Reminder.job Windows OOBE Balloon Reminder Microsoft Corporation c:\windows\system32\oobe\oobebaln.exe

HKLM\System\CurrentControlSet\Services

+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ Avg7Alrt AVG Alert Manager GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgamsvr.exe

+ Avg7UpdSvc AVG Update Service GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgupsvc.exe

+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\svchost.exe

+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\svchost.exe

+ dmserver Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe

+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\svchost.exe

+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe

+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe

+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe

+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\svchost.exe

+ SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe

+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\svchost.exe

+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\svchost.exe

+ ShellHWDetection Generic Host Process for Win32 Services Microsoft Corporation c:\windows\system32\svchost.exe

+ Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe

+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\svchost.exe

+ stisvc Provides image acquisition services for scanners and cameras. Microsoft Corporation c:\windows\system32\svchost.exe

+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\svchost.exe

+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\svchost.exe

+ UMWdf Enables Windows user mode drivers. Microsoft Corporation c:\windows\system32\wdfmgr.exe

+ upnphost Provides support to host Universal Plug and Play devices. Microsoft Corporation c:\windows\system32\svchost.exe

+ W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Microsoft Corporation c:\windows\system32\svchost.exe

+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\svchost.exe

+ wuauserv Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Microsoft Corporation c:\windows\system32\svchost.exe

+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\svchost.exe

HKLM\System\CurrentControlSet\Services

+ ac97intc Intel® Integrated Controller Hub Audio Driver Intel Corporation c:\windows\system32\drivers\ac97intc.sys

+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys

+ AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys

+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys

+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys

+ Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys

+ audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys

+ Avg7Core AVG Scanning Engine GRISOFT, s.r.o. c:\windows\system32\drivers\avg7core.sys

+ Avg7RsW AVG Resident Shield Unload Helper GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsw.sys

+ Avg7RsXP AVG Resident Anti-Virus Shield GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsxp.sys

+ AvgTdi AVG Network connection watcher GRISOFT, s.r.o. c:\windows\system32\drivers\avgtdi.sys

+ BANTExt c:\windows\system32\drivers\bantext.sys

+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys

+ Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys

+ dmio NT Disk Manager I/O Driver Microsoft Corp., Veritas Software c:\windows\system32\drivers\dmio.sys

+ dmload NT Disk Manager Startup Driver Microsoft Corp., Veritas Software. c:\windows\system32\drivers\dmload.sys

+ DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys

+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys

+ Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys

+ Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys

+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys

+ gameenum Game Port Enumerator Microsoft Corporation c:\windows\system32\drivers\gameenum.sys

+ GcKernel SideWinder Value Add Filter Driver Microsoft Corporation c:\windows\system32\drivers\gckernel.sys

+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys

+ HIDSwvd SideWinder Virtual Device HID Mini-Driver Microsoft Corporation c:\windows\system32\drivers\hidswvd.sys

+ hidusb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys

+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys

+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys

+ i81x Miniport Driver for Intel Graphics Driver Intel® Corporation c:\windows\system32\drivers\i81xnt5.sys

+ iAimFP0 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\wadv01nt.sys

+ iAimFP1 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\wadv02nt.sys

+ iAimFP2 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\wadv05nt.sys

+ iAimFP3 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\wsiintxx.sys

+ iAimFP4 Local Flat Panel Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\wvchntxx.sys

+ iAimFP5 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\wadv07nt.sys

+ iAimFP6 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\wadv08nt.sys

+ iAimFP7 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\wadv09nt.sys

+ iAimTV0 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\watv01nt.sys

+ iAimTV1 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\watv02nt.sys

+ iAimTV2 File not found: System32\DRIVERS\wATV03nt.sys

+ iAimTV3 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\watv04nt.sys

+ iAimTV4 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\wch7xxnt.sys

+ iAimTV5 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\watv10nt.sys

+ iAimTV6 Digital Display Minidriver for Intel® Graphics Driver Intel® Corporation c:\windows\system32\drivers\watv06nt.sys

+ IdeBusDr Intel Application Accelerator Driver Intel Corporation c:\windows\system32\drivers\idebusdr.sys

+ IdeChnDr Intel Application Accelerator Driver Intel Corporation c:\windows\system32\drivers\idechndr.sys

+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys

+ IntelIde Intel PCI IDE Driver Microsoft Corporation c:\windows\system32\drivers\intelide.sys

+ ip6fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys

+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys

+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys

+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys

+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys

+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys

+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys

+ Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys

+ kbdhid HID Mouse Filter Driver Microsoft Corporation c:\windows\system32\drivers\kbdhid.sys

+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys

+ ltmodem5 LT Windows Modem LT c:\windows\system32\drivers\ltmdmnt.sys

+ Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys

+ ms_mpu401 MPU401 Adapter Driver Microsoft Corporation c:\windows\system32\drivers\msmpu401.sys

+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys

+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys

+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys

+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys

+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys

+ Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys

+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys

+ NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys

+ NtApm NT Legacy APM Support Driver Microsoft Corporation c:\windows\system32\drivers\ntapm.sys

+ NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys

+ NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys

+ Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys

+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys

+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys

+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys

+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys

+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys

+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys

+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys

+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys

+ rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys

+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys

+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys

+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys

+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys

+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys

+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys

+ sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys

+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys

+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys

+ Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys

+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys

+ usbscan USB Scanner Driver Microsoft Corporation c:\windows\system32\drivers\usbscan.sys

+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys

+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys

+ VgaSave Controls the VGA display adapter to provide basic display capabilities. Microsoft Corporation c:\windows\system32\drivers\vga.sys

+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys

+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe

HKLM\SOFTWARE\Microsoft\Command Processor\Autorun

HKCU\SOFTWARE\Microsoft\Command Processor\Autorun

HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll

+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll

+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll

+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll

+ oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll

+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll

+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll

+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll

+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll

+ cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll

+ cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll

+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ Schedule Common DLL to rece

Post not showing all of Autorun list let me see what I can do.

Terry

heres the rest of Autorun list:

+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll

+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKCU\Control Panel\Desktop\Scrnsave.exe

HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll

+ BJ Language Monitor2 Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon2.dll

+ Canon BJ Language Monitor BJC-2100 BJ Language Monitor CANON INC. c:\windows\system32\cnmlm2f.dll

+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll

+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll

+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll

+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll

Terry

Regards Event Viewer: point me in the rite direction and I'll do it. Tell me what you need?? From it....

Terry

go to Start >Run and type
Eventvwr.msc

Press enter

When event viewer opens, have a look around. See if you can spot one where the source column reads Save Dump and the dare of the crash matches.
Double click on that to get the details if it exists.

What does it say?

If you want to copy it, look at the icon which looks like two pages and click on it.

That copies it to your clipboard. Paste that in here.


While in event viewer, also have a look aroind for any other errors which may have happened around that same time.

I'll be back with more in a bit.

Applications:

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 1/30/2006
Time: 11:56:05 PM
User: NT AUTHORITY\SYSTEM
Computer: TERRY
Description:
Windows saved user TERRY\Terry registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 1/31/2006
Time: 9:19:16 AM
User: NT AUTHORITY\SYSTEM
Computer: TERRY
Description:
Windows saved user TERRY\Terry registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Terry

Another crash and reboot using Opera.

Terry

System Log::;

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 1/31/2006
Time: 2:47:25 PM
User: N/A
Computer: TERRY
Description:
The IPSEC Services service terminated with the following error:
The authentication service is unknown.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 1/31/2006
Time: 1:41:37 PM
User: N/A
Computer: TERRY
Description:
The IPSEC Services service terminated with the following error:
The authentication service is unknown.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 1/31/2006
Time: 1:03:02 PM
User: N/A
Computer: TERRY
Description:
The IPSEC Services service terminated with the following error:
The authentication service is unknown.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Terry

That is a very common error and would not be involved. WE can rule that out.

Are you using opera now? Is IE slow too? If you think there is a problem with just Opera, you might uninstall it and reinstall to see if the situation improves.


Here are a few things I see:

You show these:
Java Plug-in 1.4.1_07
Java Plug-in 1.4.1_07

There has been an issue found recently with Sun Java.

When newer versions are installed, the older versions are left behind and malware can call these older versions to exploit flaws. Some malware has been found to install this way.

First update to the very latest version of Sun Java, which is 1.5.0_06

Then go into Add Remove programs and uninstall any older versions you find listed there.

------------------------



You have this driver disabled:
mchInjDrv: \??\C:\DOCUME~1\Terry\LOCALS~1\Temp\mc211.tmp (disabled)


Although mchInjDrv can be either good or bad depending on what is using it, I believe it belongs(ed) to a-squared in this case. Have you uninstalled a squared? If so, we can do some cleanup on these too later.

+ a² Context Menu Shell Extension c:\program files\a2 free\a2contmenu.dll

----------

Have you made any recent changes to the system?

Maybe let's do a chkdsk too.

To run Chkdsk go to start >Run and type

cmd.exe
Press enter

Copy this command to your clipboard:
chkdsk /r /f

When the prompt appears Right click in the window and click paste on the menu.

Press enter.
You'll be told that the drive is locked and asked if you want to run the check at next boot. Choose yes.

Restart and allow it to run.

When you get back, go to Start >Run and type
Eventvwr.msc

Press enter


Double click on Application in the left pane.
Look in the right pane for an item whose source says winlogon.

Double click on that to get the report chkdsk created.

What does it say?

If you want to copy it, look at the icon which looks like two pages and click on it.

That copies it to your clipboard. Paste that in here.

We cross posted and I just now saw these and the fact that you crashed again using Opera.

System Log::;

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 1/31/2006
Time: 2:47:25 PM
User: N/A
Computer: TERRY
Description:
The IPSEC Services service terminated with the following error:
The authentication service is unknown.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 1/31/2006
Time: 1:41:37 PM
User: N/A
Computer: TERRY
Description:
The IPSEC Services service terminated with the following error:
The authentication service is unknown.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 1/31/2006
Time: 1:03:02 PM
User: N/A
Computer: TERRY
Description:
The IPSEC Services service terminated with the following error:
The authentication service is unknown.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Terry

Did you disable the windows Firewall already? IF so, that may be the cause fo the latest errors. Enable it again and see if those stop.

OK:::

IE 6
Firefox
Opera

All load slow...Also all crash when in use.

A2 installed: freeversion

Off to do chkdsk thingie..

Have done scandisk for errors and defrag in safe mode.

Win firewall enabled never disabled it..Just started useing it yesterday. Kerio 2,1,5 was firewall in use til then.

Terry

When you open event viewer and get to those messages, clicking on the link to MS
For more information, see Help and Support Center at

can often get you more infromation on the error involved. Give that a shot too for this last one. But it has to be clicked while in Event Viewer to get the right search results.

The change of firewall is a major change. Why did you switch and I wonder if there is any correlation.

Did you go into ?Event Viewer and click the link to get more information? That error is a clue.

OK Java J2SE Runtine Env. 5.0 update 6 installed. Reason for Firewall switch was I thought it was the problem.

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 1/31/2006
Time: 4:02:51 PM
User: N/A
Computer: TERRY
Description:
Checking file system on C:
The type of the file system is FAT32.

A disk check has been scheduled.
Windows will now check the disk.
Volume Serial Number is 3915-1B02
Windows is verifying free space...
Free space verification is complete.
Windows has checked the file system and found no problems.
40133728 KB total disk space.
871808 KB in 915 hidden files.
73312 KB in 2272 folders.
6337408 KB in 37271 files.
32851168 KB are available.

32768 bytes in each allocation unit.
1254179 total allocation units on disk.
1026599 allocation units available on disk.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

On the error showing:



Details
Event ID: 7023
Source: Service Control Manager

We're sorry
There is no additional information about this issue in the Error and Event Log Messages or Knowledge Base databases at this time. You can use the links in the Support area to determine whether any additional information might be available elsewhere.





Terry

So then this has been happening for a bit? Even before you uninstlled Kerio?

I have been researching this and there may have been a change in your network connection setup. Possibly Client for Microsoft or windows has been removed. Check the propewrties of your connections in Control panel.


How long have you had this problem?

Started about 3 days ago. Thought it was Kerio at first so uninstalled it. Uninstalled Opera and Firefox and reinstalled each.

Network connection show normal operation no problems noted. I'm only connected to the Internet.

Terry

Something is causing IPSEC to close.

Do you have a restore point from before this all started? If you do, how about giving that a try and see if it works.

If it doesn't help you can always undo it.

Ok will give that a look see and play some more..

Thanks for the help.

Terry

Hi:

Did a restore currently redoing some programs. Reset IPSEC Service to manual was in auto. Will see if that helps. Firefox seems to be working better at this time. Removed Opera will reinstall later.

Removed A2 Squared also.

Terry

But IPSEC will run if called.

It is shutting down for some reason and that is the problem.


What makes the computer shut down when IPSEC fails is that the system is set to do restart on failure. There is no recovery.

Have a look:

Go to Start >Run
type services.msc
press enter

Scroll to the IPSEC services entry and then click the Recovery Tab to see what I am saying.

Now have a look to see if the IPSEC service has started. If not and set to manual, nothing has called it.




What is IPSEC services?

Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.


The Elder Geek has more:

http://www.theeldergeek.com/ipsec_services.htm
Scroll down to IPSEC services.

What we really need is for you to set this back to automatic and then restart. See if you do crash again.


When we troubleshoot a problem like this, we need to change onlhy one variable at a time or the experiment fails.

Oinpointing cause and effect is hard. After the system restore, make no changes otherwise we won;t know if the restore did the trick, or just making that change you made did the trick.

Now if the IPSEC service is currently running and you have had no crashes, then the Restore worked. If it is not running, then we won't really know what was going on.

Tried IPSEC om both manual and auto. still had hard crashs and had to reboot several time.

So decided that either the register was corrupt or there was something else broke in the OS.

Best bet was to do a reformat and reinstall of OS. Currently using ME and updating it.

Running faster and no crashs so far.

Thanks for the help.

Terry

You're welcome.

Right, because on manual it was still being called, ran and crashed. We had to see about troubleshooting IPSEC. But sometimes a format and reinstall is faster.