PDA

View Full Version : Script Errors


matrix54
18-10-08, 16:46
my computer has many script errors. i know becuase every 5 minutes i get a swam of pop ups that ask me to click something and then i get a large box with infor and its say "Do you want to continue running this script on this page" and i click "[No]" and its clear for a few and then bam! for the next 2 minutes im clearing boxes from the screen. What to do?

EscondeR
18-10-08, 18:26
1. Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report.

2. Boot in the Safe Mode (F8 at boot and choose from menu) and run full system antivirus scan and anti-spyware scan.

matrix54
18-10-08, 19:01
Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------

[code]

Program:
"Auto Check Utility"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name:
autocheck autochk *
Program path & name:
"c:\windows\system32\autochk.exe"
Enabled: [V]


Program:
"Symbolic Debugger for Windows 2000"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Entry name:
Your Image File Name Here without a path
Program path & name:
"c:\windows\system32\ntsd.exe"
Enabled: [V]


Program:
"Manages audio devices for Windows-based programs. If this service is stopped
Publisher:
audio devices and effects will not function properly. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AudioSrv
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\audiosrv.dll"
Enabled: [V]


Program:
"Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped
Publisher:
this list will not be updated or maintained. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Browser
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\browser.dll"
Enabled: [V]


Program:
"Symantec Event Manager"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ccEvtMgr
Program path & name:
"c:\program files\common files\symantec shared\ccevtmgr.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
cmdService
Program path & name:
c:\windows\twljagflbcbdbgfuy3k\command.exe"
Enabled: [V]


Program:
"Provides three management services: Catalog Database Service
Publisher:
which confirms the signatures of Windows files; Protected Root Service which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service which helps enroll this computer for certificates. If this service is stopped these management services will not function properly. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
CryptSvc
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\cryptsvc.dll"
Enabled: [V]


Program:
"Manages network configuration by registering and updating IP addresses and DNS names."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Dhcp
Program path & name:
"c:\windows\system32\dhcpcsvc.dll"
Enabled: [V]


Program:
"Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped
Publisher:
this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Dnscache
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\dnsrslvr.dll"
Enabled: [V]


Program:
"Allows error reporting for services and applictions running in non-standard environments."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ERSvc
Program path & name:
"c:\windows\system32\ersvc.dll"
Enabled: [V]


Program:
"Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Eventlog
Program path & name:
"c:\windows\system32\services.exe"
Enabled: [V]


Program:
"gusvc"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
gusvc
Program path & name:
"c:\program files\google\common\google updater\googleupdaterservice.exe"
Enabled: [V]


Program:
"Enables Help and Support Center to run on this computer. If this service is stopped
Publisher:
Help and Support Center will be unavailable. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
helpsvc
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\pchealth\helpctr\binaries\pchsvc.dll"
Enabled: [V]


Program:
"Supports file
Publisher:
print and named-pipe sharing over the network for this computer. If this service is stopped these functions will be unavailable. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
lanmanserver
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\srvsvc.dll"
Enabled: [V]


Program:
"Creates and maintains client network connections to remote servers. If this service is stopped
Publisher:
these connections will be unavailable. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
lanmanworkstation
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\wkssvc.dll"
Enabled: [V]


Program:
"Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LmHosts
Program path & name:
"c:\windows\system32\lmhsvc.dll"
Enabled: [V]


Program:
"Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped
Publisher:
Alerter messages will not be transmitted. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Messenger
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\msgsvc.dll"
Enabled: [V]


Program:
"Handles Norton AntiVirus Auto-Protect events."
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
navapsvc
Program path & name:
"c:\program files\norton antivirus\navapsvc.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Network Monitor
Program path & name:
c:\program files\network monitor\netmon.exe"
Enabled: [V]


Program:
"Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PlugPlay
Program path & name:
"c:\windows\system32\services.exe"
Enabled: [V]


Program:
"Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PolicyAgent
Program path & name:
"c:\windows\system32\lsass.exe"
Enabled: [V]


Program:
"Provides protected storage for sensitive data
Publisher:
such as private keys to prevent access by unauthorized services processes or users."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ProtectedStorage
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\lsass.exe"
Enabled: [V]


Program:
"Offers routing services to businesses in local area and wide area network environments."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RemoteAccess
Program path & name:
"c:\windows\system32\mprdim.dll"
Enabled: [V]


Program:
"Provides the endpoint mapper and other miscellaneous RPC services."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RpcSs
Program path & name:
"c:\windows\system32\rpcss.dll"
Enabled: [V]


Program:
"Stores security information for local user accounts."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SamSs
Program path & name:
"c:\windows\system32\lsass.exe"
Enabled: [V]


Program:
"ScriptBlocking registration"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SBService
Program path & name:
"c:\program files\common files\symantec shared\script blocking\sbserv.exe"
Enabled: [V]


Program:
"Enables a user to configure and schedule automated tasks on this computer. If this service is stopped
Publisher:
these tasks will not be run at their scheduled times. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Schedule
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\schedsvc.dll"
Enabled: [V]


Program:
"Enables starting processes under alternate credentials. If this service is stopped
Publisher:
this type of logon access will be unavailable. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
seclogon
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\seclogon.dll"
Enabled: [V]


Program:
"Tracks system events such as Windows logon
Publisher:
network and power events. Notifies COM+ Event System subscribers of these events."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SENS
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\sens.dll"
Enabled: [V]


Program:
"Windows Shell Services Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ShellHWDetection
Program path & name:
"c:\windows\system32\shsvcs.dll"
Enabled: [V]


Program:
"Loads files to memory for later printing."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Spooler
Program path & name:
"c:\windows\system32\spoolsv.exe"
Enabled: [V]


Program:
"Performs system restore functions. To stop service
Publisher:
turn off System Restore from the System Restore tab in My Computer->Properties"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
srservice
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\srsvc.dll"
Enabled: [V]


Program:
"Provides user experience theme management."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Themes
Program path & name:
"c:\windows\system32\shsvcs.dll"
Enabled: [V]


Program:
"Maintains links between NTFS files within a computer or across computers in a network domain."
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TrkWks
Program path & name:
"c:\windows\system32\trkwks.dll"
Enabled: [V]


Program:
"Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped
Publisher:
synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
uploadmgr
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\pchealth\helpctr\binaries\pchsvc.dll"
Enabled: [V]


Program:
"Maintains date and time synchronization on all clients and servers in the network. If this service is stopped
Publisher:
date and time synchronization will be unavailable. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
W32Time
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\w32time.dll"
Enabled: [V]


Program:
"Enables Windows-based programs to create
Publisher:
access and modify Internet-based files. If this service is stopped these functions will not be available. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
WebClient
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\webclnt.dll"
Enabled: [V]


Program:
"Provides a common interface and object model to access management information about operating system
Publisher:
devices applications and services. If this service is stopped most Windows-based software will not function properly. If this service is disabled any services that explicitly depend on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
winmgmt
Program path & name:
"(Not verified) Microsoft Corporation""c:\windows\system32\wbem\wmisvc.dll"
Enabled: [V]


Program:
"Retrieves the serial number of any portable music player connected to your computer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
WmdmPmSp
Program path & name:
"c:\windows\system32\mspmspsv.dll"
Enabled: [V]


Program:
"Provides automatic configuration for the 802.11 adapters"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
WZCSVC
Program path & name:
"c:\windows\system32\wzcsvc.dll"
Enabled: [V]


Program:
"ACPI Driver for NT"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ACPI
Program path & name:
"c:\windows\system32\drivers\acpi.sys"
Enabled: [V]


Program:
"Andrea Audio Stub Driver"
Publisher:
"(Not verified) Andrea Electronics Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aeaudio
Program path & name:
"c:\windows\system32\drivers\aeaudio.sys"
Enabled: [V]


Program:
"Microsoft Acoustic Echo Canceller"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aec
Program path & name:
"c:\windows\system32\drivers\aec.sys"
Enabled: [V]


Program:
"Ancillary Function Driver for WinSock"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AFD
Program path & name:
"c:\windows\system32\drivers\afd.sys"
Enabled: [V]


Program:
"RAS Asynchronous Media Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AsyncMac
Program path & name:
"c:\windows\system32\drivers\asyncmac.sys"
Enabled: [V]


Program:
"IDE/ATAPI Port Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
atapi
Program path & name:
"c:\windows\system32\drivers\atapi.sys"
Enabled: [V]


Program:
"ATI RAGE 128 Miniport Driver"
Publisher:
"(Not verified) ATI Technologies Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ati2mtaa
Program path & name:
"c:\windows\system32\drivers\ati2mtaa.sys"
Enabled: [V]


Program:
"ATM ARP Client Protocol"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Atmarpc
Program path & name:
"c:\windows\system32\drivers\atmarpc.sys"
Enabled: [V]


Program:
"AudStub Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
audstub
Program path & name:
"c:\windows\system32\drivers\audstub.sys"
Enabled: [V]


Program:
"NTRksample driver"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
basic2
Program path & name:
"c:\windows\system32\drivers\hsf_bsc2.sys"
Enabled: [V]


Program:
"SCSI CD-ROM Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Cdrom
Program path & name:
"c:\windows\system32\drivers\cdrom.sys"
Enabled: [V]


Program:
"PnP Disk Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Disk
Program path & name:
"c:\windows\system32\drivers\disk.sys"
Enabled: [V]


Program:
"Microsoft Kernel DLS Synthesizer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
DMusic
Program path & name:
"c:\windows\system32\drivers\dmusic.sys"
Enabled: [V]


Program:
"Microsoft Kernel DRM Audio Descrambler Filter"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
drmkaud
Program path & name:
"c:\windows\system32\drivers\drmkaud.sys"
Enabled: [V]


Program:
"NDIS 5 driver"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
E100B
Program path & name:
"c:\windows\system32\drivers\e100b325.sys"
Enabled: [V]


Program:
"Fallback driver"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Fallback
Program path & name:
"c:\windows\system32\drivers\hsf_fall.sys"
Enabled: [V]


Program:
"Floppy Disk Controller Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Fdc
Program path & name:
"c:\windows\system32\drivers\fdc.sys"
Enabled: [V]


Program:
"Floppy Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Flpydisk
Program path & name:
"c:\windows\system32\drivers\flpydisk.sys"
Enabled: [V]


Program:
"FSKsNT driver"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Fsks
Program path & name:
"c:\windows\system32\drivers\hsf_fsks.sys"
Enabled: [V]


Program:
"FT Disk Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Ftdisk
Program path & name:
"c:\windows\system32\drivers\ftdisk.sys"
Enabled: [V]


Program:
"CD/DVD Class Filter Driver"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]


Program:
"Generic Packet Classifier"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Gpc
Program path & name:
"c:\windows\system32\drivers\msgpc.sys"
Enabled: [V]


Program:
"USB Miniport Driver for Input Devices"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
hidusb
Program path & name:
"c:\windows\system32\drivers\hidusb.sys"
Enabled: [V]


Program:
"WinACHSF driver"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
hsf_msft
Program path & name:
"c:\windows\system32\drivers\hsf_msft.sys"
Enabled: [V]


Program:
"i8042 Port Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
i8042prt
Program path & name:
"c:\windows\system32\drivers\i8042prt.sys"
Enabled: [V]


Program:
"IMAPI Kernel Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Imapi
Program path & name:
"c:\windows\system32\drivers\imapi.sys"
Enabled: [V]


Program:
"Intel PCI IDE Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IntelIde
Program path & name:
"c:\windows\system32\drivers\intelide.sys"
Enabled: [V]


Program:
"IP Traffic Filter Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpFilterDriver
Program path & name:
"c:\windows\system32\drivers\ipfltdrv.sys"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
"c:\windows\system32\drivers\ipinip.sys"
Enabled: [V]


Program:
"IP Network Address Translator"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpNat
Program path & name:
"c:\windows\system32\drivers\ipnat.sys"
Enabled: [V]


Program:
"IPSEC driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IPSec
Program path & name:
"c:\windows\system32\drivers\ipsec.sys"
Enabled: [V]


Program:
"Infra-Red Bus Enumerator"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IRENUM
Program path & name:
"c:\windows\system32\drivers\irenum.sys"
Enabled: [V]


Program:
"PNP ISA Bus Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
isapnp
Program path & name:
"c:\windows\system32\drivers\isapnp.sys"
Enabled: [V]


Program:
"K56NT driver"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
K56
Program path & name:
"c:\windows\system32\drivers\hsf_k56k.sys"
Enabled: [V]


Program:
"Keyboard Class Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Kbdclass
Program path & name:
"c:\windows\system32\drivers\kbdclass.sys"
Enabled: [V]


Program:
"Kernel Mode Audio Mixer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
kmixer
Program path & name:
"c:\windows\system32\drivers\kmixer.sys"
Enabled: [V]


Program:
"Mouse Class Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Mouclass
Program path & name:
"c:\windows\system32\drivers\mouclass.sys"
Enabled: [V]


Program:
"HID Mouse Filter Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mouhid
Program path & name:
"c:\windows\system32\drivers\mouhid.sys"
Enabled: [V]


Program:
"MS KS Server"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MSKSSRV
Program path & name:
"c:\windows\system32\drivers\mskssrv.sys"
Enabled: [V]


Program:
"MS Proxy Clock"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MSPCLOCK
Program path & name:
"c:\windows\system32\drivers\mspclock.sys"
Enabled: [V]


Program:
"MS Proxy Quality Manager"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MSPQM
Program path & name:
"c:\windows\system32\drivers\mspqm.sys"
Enabled: [V]


Program:
"AV Engine"
Publisher:
"(Not verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NAVENG
Program path & name:
"c:\program files\common files\symantec shared\virusdefs\20020926.002\naveng.sys"
Enabled: [V]


Program:
"AV Engine"
Publisher:
"(Not verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NAVEX15
Program path & name:
"c:\program files\common files\symantec shared\virusdefs\20020926.002\navex15.sys"
Enabled: [V]


Program:
"Remote Access NDIS TAPI Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NdisTapi
Program path & name:
"c:\windows\system32\drivers\ndistapi.sys"
Enabled: [V]


Program:
"NDIS Usermode I/O Protocol"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Ndisuio
Program path & name:
"c:\windows\system32\drivers\ndisuio.sys"
Enabled: [V]


Program:
"Remote Access NDIS WAN Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NdisWan
Program path & name:
"c:\windows\system32\drivers\ndiswan.sys"
Enabled: [V]


Program:
"NetBios over Tcpip"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NetBT
Program path & name:
"c:\windows\system32\drivers\netbt.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
"c:\windows\system32\drivers\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
"c:\windows\system32\drivers\nwlnkfwd.sys"
Enabled: [V]


Program:
"OMCI Device Driver"
Publisher:
"(Not verified) Dell Computer Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
OMCI
Program path & name:
"c:\windows\system32\drivers\omci.sys"
Enabled: [V]


Program:
"Parallel Port Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Parport
Program path & name:
"c:\windows\system32\drivers\parport.sys"
Enabled: [V]


Program:
"NT Plug and Play PCI Enumerator"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PCI
Program path & name:
"c:\windows\system32\drivers\pci.sys"
Enabled: [V]


Program:
"WAN Miniport (PPTP)"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PptpMiniport
Program path & name:
"c:\windows\system32\drivers\raspptp.sys"
Enabled: [V]


Program:
"Processor Device Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Processor
Program path & name:
"c:\windows\system32\drivers\processr.sys"
Enabled: [V]


Program:
"QoS Packet Scheduler"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PSched
Program path & name:
"c:\windows\system32\drivers\psched.sys"
Enabled: [V]


Program:
"Direct Parallel Link Driver"
Publisher:
"(Not verified) Parallel Technologies Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Ptilink
Program path & name:
"c:\windows\system32\drivers\ptilink.sys"
Enabled: [V]


Program:
"Remote Access Auto Connection Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RasAcd
Program path & name:
"c:\windows\system32\drivers\rasacd.sys"
Enabled: [V]


Program:
"WAN Miniport (L2TP)"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Rasl2tp
Program path & name:
"c:\windows\system32\drivers\rasl2tp.sys"
Enabled: [V]


Program:
"Remote Access PPPOE Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RasPppoe
Program path & name:
"c:\windows\system32\drivers\raspppoe.sys"
Enabled: [V]


Program:
"Direct Parallel"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Raspti
Program path & name:
"c:\windows\system32\drivers\raspti.sys"
Enabled: [V]


Program:
"RDP Miniport"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RDPCDD
Program path & name:
"c:\windows\system32\drivers\rdpcdd.sys"
Enabled: [V]


Program:
"Redbook Audio Filter Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
redbook
Program path & name:
"c:\windows\system32\drivers\redbook.sys"
Enabled: [V]


Program:
"Rksample WDM driver"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Rksample
Program path & name:
"c:\windows\system32\drivers\hsf_samp.sys"
Enabled: [V]


Program:
"AutoProtect"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SAVRT
Program path & name:
"c:\windows\system32\drivers\savrt.sys"
Enabled: [V]


Program:
"SAVRTPEL"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SAVRTPEL
Program path & name:
"c:\windows\system32\drivers\savrtpel.sys"
Enabled: [V]


Program:
"SafeDisc driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Secdrv
Program path & name:
c:\windows\system32\drivers\secdrv.sys"
Enabled: [V]


Program:
"Serial Port Enumerator"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
serenum
Program path & name:
"c:\windows\system32\drivers\serenum.sys"
Enabled: [V]


Program:
"Serial Device Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Serial
Program path & name:
"c:\windows\system32\drivers\serial.sys"
Enabled: [V]


Program:
"SoundMAX Integrated Digital Audio "
Publisher:
"(Not verified) Analog Devices Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
smwdm
Program path & name:
"c:\windows\system32\drivers\smwdm.sys"
Enabled: [V]


Program:
"FaxNT driver"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SoftFax
Program path & name:
"c:\windows\system32\drivers\hsf_faxx.sys"
Enabled: [V]


Program:
"Microsoft Kernel Audio Splitter"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
splitter
Program path & name:
"c:\windows\system32\drivers\splitter.sys"
Enabled: [V]


Program:
"Plug and Play Software Device Enumerator"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
swenum
Program path & name:
"c:\windows\system32\drivers\swenum.sys"
Enabled: [V]


Program:
"Microsoft GS Wavetable Synthesizer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
swmidi
Program path & name:
"c:\windows\system32\drivers\swmidi.sys"
Enabled: [V]


Program:
"Symantec Event Library"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SymEvent
Program path & name:
"c:\program files\symantec\symevent.sys"
Enabled: [V]


Program:
"Redirector Filter"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMREDRV
Program path & name:
"c:\windows\system32\drivers\symredrv.sys"
Enabled: [V]


Program:
"Norton Internet Security Filter"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMTDI
Program path & name:
"c:\windows\system32\drivers\symtdi.sys"
Enabled: [V]


Program:
"System Audio WDM Filter"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sysaudio
Program path & name:
"c:\windows\system32\drivers\sysaudio.sys"
Enabled: [V]


Program:
"TCP/IP Protocol Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Tcpip
Program path & name:
"c:\windows\system32\drivers\tcpip.sys"
Enabled: [V]


Program:
"Terminal Server Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TermDD
Program path & name:
"c:\windows\system32\drivers\termdd.sys"
Enabled: [V]


Program:
"TonesNT driver"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Tones
Program path & name:
"c:\windows\system32\drivers\hsf_tone.sys"
Enabled: [V]


Program:
"Update Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Update
Program path & name:
"c:\windows\system32\drivers\update.sys"
Enabled: [V]


Program:
"EHCI eUSB Miniport Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
usbehci
Program path & name:
"c:\windows\system32\drivers\usbehci.sys"
Enabled: [V]


Program:
"Default Hub Driver for USB"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
usbhub
Program path & name:
"c:\windows\system32\drivers\usbhub.sys"
Enabled: [V]


Program:
"USB Mass Storage Class Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
USBSTOR
Program path & name:
"c:\windows\system32\drivers\usbstor.sys"
Enabled: [V]


Program:
"UHCI USB Miniport Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
usbuhci
Program path & name:
"c:\windows\system32\drivers\usbuhci.sys"
Enabled: [V]


Program:
"V124NT driver"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
V124
Program path & name:
"c:\windows\system32\drivers\hsf_v124.sys"
Enabled: [V]


Program:
"VGA/Super VGA Video Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VgaSave
Program path & name:
"c:\windows\system32\drivers\vga.sys"
Enabled: [V]


Program:
"Remote Access IP ARP Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Wanarp
Program path & name:
"c:\windows\system32\drivers\wanarp.sys"
Enabled: [V]


Program:
"MMSYSTEM Wave/Midi API mapper"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wdmaud
Program path & name:
"c:\windows\system32\drivers\wdmaud.sys"
Enabled: [V]


Program:
"Windows Logon UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
Entry name:
logonui.exe
Program path & name:
"c:\windows\system32\logonui.exe"
Enabled: [V]


Program:
"Crypto API32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
crypt32chain
Program path & name:
"c:\windows\system32\crypt32.dll"
Enabled: [V]


Program:
"Crypto Network Related API"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
cryptnet
Program path & name:
"c:\windows\system32\cryptnet.dll"
Enabled: [V]


Program:
"Offline Network Agent"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
cscdll
Program path & name:
"c:\windows\system32\cscdll.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
pmnkJbXn
Program path & name:
c:\windows\system32\pmnkjbxn.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
reset5e
Program path & name:
c:\windows\system32\reset5e.dll"
Enabled: [V]


Program:
"Common DLL to receive Winlogon notifications"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
ScCertProp
Program path & name:
"c:\windows\system32\wlnotify.dll"
Enabled: [V]


Program:
"Common DLL to receive Winlogon notifications"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
Schedule
Program path & name:
"c:\windows\system32\wlnotify.dll"
Enabled: [V]


Program:
"Secondary Logon Service Notification DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
sclgntfy
Program path & name:
"c:\windows\system32\sclgntfy.dll"
Enabled: [V]


Program:
"Common DLL to receive Winlogon notifications"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
SensLogn
Program path & name:
"c:\windows\system32\wlnotify.dll"
Enabled: [V]


Program:
"Common DLL to receive Winlogon notifications"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
termsrv
Program path & name:
"c:\windows\system32\wlnotify.dll"
Enabled: [V]


Program:
"Common DLL to receive Winlogon notifications"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
wlballoon
Program path & name:
"c:\windows\system32\wlnotify.dll"
Enabled: [V]


Program:
"Logon Screen Saver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKCU\Control Panel\Desktop\Scrnsave.exe
Entry name:
C:\WINDOWS\System32\logon.scr
Program path & name:
"c:\windows\system32\logon.scr"
Enabled: [V]


Program:
"Langage Monitor for Canon Bubble-Jet Printer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
BJ Language Monitor
Program path & name:
"c:\windows\system32\cnbjmon.dll"
Enabled: [V]


Program:
"Local Spooler DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
Local Port
Program path & name:
"c:\windows\system32\localspl.dll"
Enabled: [V]


Program:
"PJL Language monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
PJL Language Monitor
Program path & name:
"c:\windows\system32\pjlmon.dll"
Enabled: [V]


Program:
"Standard TCP/IP Port Monitor DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
Standard TCP/IP Port
Program path & name:
"c:\windows\system32\tcpmon.dll"
Enabled: [V]


Program:
"Standard Dynamic Printing Port Monitor DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
USB Monitor
Program path & name:
"c:\windows\system32\usbmon.dll"
Enabled: [V]


Program:
"DPA Client for 32 bit platforms"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProv iders\SecurityProviders
Entry name:
msapsspc.dll
Program path & name:
"c:\windows\system32\msapsspc.dll"
Enabled: [V]


Program:
"TLS / SSL Security Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProv iders\SecurityProviders
Entry name:
schannel.dll
Program path & name:
"c:\windows\system32\schannel.dll"
Enabled: [V]


Program:
"Digest SSPI Authentication Package"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProv iders\SecurityProviders
Entry name:
digest.dll
Program path & name:
"c:\windows\system32\digest.dll"
Enabled: [V]


Program:
"MSN Internet Access"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProv iders\SecurityProviders
Entry name:
msnsspc.dll
Program path & name:
"c:\windows\system32\msnsspc.dll"
Enabled: [V]


Program:
"Microsoft Authentication Package v1.0"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
msv1_0
Program path & name:
"c:\windows\system32\msv1_0.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\System32\nnnmmLed
Program path & name:
c:\windows\system32\nnnmmled.dll"
Enabled: [V]


Program:
"Windows Security Configuration Editor Client Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notifica tion Packages
Entry name:
scecli
Program path & name:
"c:\windows\system32\scecli.dll"
Enabled: [V]


Program:
"Kerberos Security Package"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
Entry name:
kerberos
Program path & name:
"c:\windows\system32\kerberos.dll"
Enabled: [V]


Program:
"Microsoft Authentication Package v1.0"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
Entry name:
msv1_0
Program path & name:
"c:\windows\system32\msv1_0.dll"
Enabled: [V]


Program:
"TLS / SSL Security Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
Entry name:
schannel
Program path & name:
"c:\windows\system32\schannel.dll"
Enabled: [V]


Program:
"Microsoft Digest Access"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
Entry name:
wdigest
Program path & name:
"c:\windows\system32\wdigest.dll"
Enabled: [V]


Program:
"Microsoft Terminal Services"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvi der\Order
Entry name:
RDPNP
Program path & name:
"c:\windows\system32\drprov.dll"
Enabled: [V]


Program:
"Microsoft Windows Network"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvi der\Order
Entry name:
LanmanWorkstation
Program path & name:
"c:\windows\system32\ntlanman.dll"
Enabled: [V]


Program:
"Web Client Network"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvi der\Order
Entry name:
WebClient
Program path & name:
"c:\windows\system32\davclnt.dll"
Enabled: [V]


Program:
"Microsoft Windows Sockets 2.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD Tcpip [TCP/IP]
Program path & name:
"c:\windows\system32\mswsock.dll"
Enabled: [V]


Program:
"Microsoft Windows Sockets 2.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD Tcpip [UDP/IP]
Program path & name:
"c:\windows\system32\mswsock.dll"
Enabled: [V]


Program:
"Microsoft Windows Sockets 2.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD Tcpip [RAW/IP]
Program path & name:
"c:\windows\system32\mswsock.dll"
Enabled: [V]


Program:
"Microsoft Windows Rsvp 1.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
RSVP UDP Service Provider
Program path & name:
"c:\windows\system32\rsvpsp.dll"
Enabled: [V]


Program:
"Microsoft Windows Rsvp 1.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
RSVP TCP Service Provider
Program path & name:
"c:\windows\system32\rsvpsp.dll"
Enabled: [V]


Program:
"Microsoft Windows Sockets 2.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E836A128-2A71-4E4A-A814-BDA18B42E36F}] SEQPACKET 0
Program path & name:
"c:\windows\system32\mswsock.dll"
Enabled: [V]


Program:
"Microsoft Windows Sockets 2.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E836A128-2A71-4E4A-A814-BDA18B42E36F}] DATAGRAM 0
Program path & name:
"c:\windows\system32\mswsock.dll"
Enabled: [V]


Program:
"Microsoft Windows Sockets 2.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD NetBIOS [\Device\NetBT_Tcpip_{059CFAFB-B48D-45DB-942E-91517ED08CF8}] SEQPACKET 1
Program path & name:
"c:\windows\system32\mswsock.dll"
Enabled: [V]


Program:
"Microsoft Windows Sockets 2.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD NetBIOS [\Device\NetBT_Tcpip_{059CFAFB-B48D-45DB-942E-91517ED08CF8}] DATAGRAM 1
Program path & name:
"c:\windows\system32\mswsock.dll"
Enabled: [V]


Program:
"Microsoft Windows Sockets 2.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B247FBEF-9CB1-4866-8180-DDE5CD5D5D0F}] SEQPACKET 2
Program path & name:
"c:\windows\system32\mswsock.dll"
Enabled: [V]


Program:
"Microsoft Windows Sockets 2.0 Service Provider"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B247FBEF-9CB1-4866-8180-DDE5CD5D5D0F}] DATAGRAM 2
Program path & name:
"c:\windows\system32\mswsock.dll"
Enabled: [V]


Program:
"RDP Clip Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
Entry name:
rdpclip
Program path & name:
"c:\windows\system32\rdpclip.exe"
Enabled: [V]


Program:
"Userinit Logon Application"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry name:
C:\WINDOWS\system32\userinit.exe
Program path & name:
"c:\windows\system32\userinit.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
prgchu.dll
Program path & name:
c:\windows\system32\prgchu.dll"
Enabled: [V]


Program:
"Advanced Windows 32 Base API"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
advapi32
Program path & name:
"c:\windows\system32\advapi32.dll"
Enabled: [V]


Program:
"Common Dialogs DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
comdlg32
Program path & name:
"c:\windows\system32\comdlg32.dll"
Enabled: [V]


Program:
"GDI Client DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
gdi32
Program path & name:
"c:\windows\system32\gdi32.dll"
Enabled: [V]


Program:
"Windows NT Image Helper"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
imagehlp
Program path & name:
"c:\windows\system32\imagehlp.dll"
Enabled: [V]


Program:
"Windows NT BASE API Client DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
kernel32
Program path & name:
"c:\windows\system32\kernel32.dll"
Enabled: [V]


Program:
"LZ Expand/Compress API DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
lz32
Program path & name:
"c:\windows\system32\lz32.dll"
Enabled: [V]


Program:
"Microsoft OLE for Windows"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
ole32
Program path & name:
"c:\windows\system32\ole32.dll"
Enabled: [V]


Program:
"Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
oleaut32
Program path & name:
"c:\windows\system32\oleaut32.dll"
Enabled: [V]


Program:
"Object Linking and Embedding Client Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
olecli32
Program path & name:
"c:\windows\system32\olecli32.dll"
Enabled: [V]


Program:
"Microsoft OLE for Windows"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
olecnv32
Program path & name:
"c:\windows\system32\olecnv32.dll"
Enabled: [V]


Program:
"Object Linking and Embedding Server Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
olesvr32
Program path & name:
"c:\windows\system32\olesvr32.dll"
Enabled: [V]


Program:
"Microsoft OLE for Windows"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
olethk32
Program path & name:
"c:\windows\system32\olethk32.dll"
Enabled: [V]


Program:
"Remote Procedure Call Runtime"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
rpcrt4
Program path & name:
"c:\windows\system32\rpcrt4.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
shell32
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
"Internet Shortcut Shell Extension DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
url
Program path & name:
"c:\windows\system32\url.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
urlmon
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Windows XP USER API Client DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
user32
Program path & name:
"c:\windows\system32\user32.dll"
Enabled: [V]


Program:
"Version Checking and File Installation Libraries"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
version
Program path & name:
"c:\windows\system32\version.dll"
Enabled: [V]


Program:
"Internet Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
wininet
Program path & name:
"c:\windows\system32\wininet.dll"
Enabled: [V]


Program:
"Win32 LDAP API DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
wldap32
Program path & name:
"c:\windows\system32\wldap32.dll"
Enabled: [V]


Program:
"Windows Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Entry name:
Explorer.exe
Program path & name:
"c:\windows\explorer.exe"
Enabled: [V]


Program:
"Microsoft® Works Marketing Feature"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
WorksFUD
Program path & name:
"c:\program files\microsoft works\wkfud.exe"
Enabled: [V]


Program:
"Microsoft® Works PortFolio"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Portfolio
Program path & name:
"c:\program files\microsoft works\wkssb.exe"
Enabled: [V]


Program:
"Microsoft® Works Update Detection"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Update Detection
Program path & name:
"c:\program files\common files\microsoft shared\works shared\wkufind.exe"
Enabled: [V]


Program:
"Norton AntiVirus Information Wizard"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NAV CfgWiz
Program path & name:
"c:\program files\norton antivirus\cfgwiz.exe"
Enabled: [V]


Program:
"Common Client CC App"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ccApp
Program path & name:
"c:\program files\common files\symantec shared\ccapp.exe"
Enabled: [V]


Program:
"Common Client Registry Integrity Verifier"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ccRegVfy
Program path & name:
"c:\program files\common files\symantec shared\ccregvfy.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Computer Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]


Program:
"RealNetworks Scheduler"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TkBellExe
Program path & name:
"c:\program files\common files\real\update_ob\realsched.exe"
Enabled: [V]

matrix54
18-10-08, 19:02
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
webHancer Agent
Program path & name:
c:\program files\webhancer\programs\whagent.exe"
Enabled: [V]


Program:
"Run a DLL as an App"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
micpqjaahegg
Program path & name:
"c:\windows\system32\rundll32.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
BMe76ea4fd
Program path & name:
c:\windows\system32\fodnmmgy.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
Class Install Handler
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
deflate
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
gzip
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
lzdhtml
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
text/webviewhtml
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
about
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
cdl
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Microsoft SharePoint Portal Server Object Model"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
cdo
Program path & name:
"c:\program files\common files\microsoft shared\web folders\pkmcdo.dll"
Enabled: [V]


Program:
"ActiveX control for streaming video"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
dvd
Program path & name:
"c:\windows\system32\msvidctl.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
file
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ftp
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
gopher
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
http
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
https
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
its
Program path & name:
"c:\windows\system32\itss.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
javascript
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
local
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
mailto
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"Microsoft Internet Messaging API"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
mhtml
Program path & name:
"c:\windows\system32\inetcomm.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
mk
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-its
Program path & name:
"c:\windows\system32\itss.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
res
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
sysimage
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"ActiveX control for streaming video"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
tv
Program path & name:
"c:\windows\system32\msvidctl.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
vbscript
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"Windows Media Player 2 ActiveX Control"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
vnd.ms.radio
Program path & name:
"c:\windows\system32\msdxm.ocx"
Enabled: [V]


Program:
"WIA Scripting Layer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
wia
Program path & name:
"c:\windows\system32\wiascr.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
"Microsoft Windows Media Player Setup Utility"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Microsoft Windows Media Player
Program path & name:
"c:\windows\inf\unregmp2.exe"
Enabled: [V]


Program:
"Windows NT User Data Migration Tool"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Internet Explorer
Program path & name:
"c:\windows\system32\shmgrate.exe"
Enabled: [V]


Program:
"Microsoft Internet Explorer Customization DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Browser Customizations
Program path & name:
"c:\windows\system32\iedkcs32.dll"
Enabled: [V]


Program:
"Windows NT User Data Migration Tool"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Outlook Express
Program path & name:
"c:\windows\system32\shmgrate.exe"
Enabled: [V]


Program:
"ADVPACK"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Microsoft Windows Media Player 6.4
Program path & name:
"c:\windows\system32\advpack.dll"
Enabled: [V]


Program:
"Microsoft(C) Register Server"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Themes Setup
Program path & name:
"c:\windows\system32\regsvr32.exe"
Enabled: [V]


Program:
"Outlook Express Setup Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Microsoft Outlook Express 6
Program path & name:
"c:\program files\outlook express\setup50.exe"
Enabled: [V]


Program:
"ADVPACK"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
NetMeeting 3.01
Program path & name:
"c:\windows\system32\advpack.dll"
Enabled: [V]


Program:
"ADVPACK"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Windows Messenger
Program path & name:
"c:\windows\system32\advpack.dll"
Enabled: [V]


Program:
"ADVPACK"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Microsoft Windows Media Player 8
Program path & name:
"c:\windows\system32\advpack.dll"
Enabled: [V]


Program:
"Outlook Express Setup Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Address Book 6
Program path & name:
"c:\program files\outlook express\setup50.exe"
Enabled: [V]


Program:
"Microsoft(C) Register Server"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Windows Desktop Update
Program path & name:
"c:\windows\system32\regsvr32.exe"
Enabled: [V]


Program:
"IE 5.0 Per-User Install Utility"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Internet Explorer 6
Program path & name:
"c:\windows\system32\ie4uinit.exe"
Enabled: [V]


Program:
"HotSync® Manager Application"
Publisher:
"(Not verified) Palm Computing Inc. a 3Com Company"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
HotSync Manager.lnk
Program path & name:
"c:\palm\hotsync.exe"
Enabled: [V]


Program:
"Microsoft® Works Calendar Reminder Service"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Microsoft Works Calendar Reminders.lnk
Program path & name:
"c:\program files\common files\microsoft shared\works shared\wkcalrem.exe"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
Entry name:
Browseui preloader
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
Entry name:
Component Categories cache daemon
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
Entry name:
COM+ Service
Program path & name:
c:\windows\system32\winload.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
PostBootReminder
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
CDBurn
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
WebCheck
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Systray shell service object"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
SysTray
Program path & name:
"c:\windows\system32\stobject.dll"
Enabled: [V]


Program:
"Messenger"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
MSMSGS
Program path & name:
"c:\program files\messenger\msmsgs.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
e45d9761
Program path & name:
c:\documents and settings\guest\local settings\temp\nterosiq.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
BMe76ea4fd
Program path & name:
c:\documents and settings\guest\local settings\temp\oquxbufu.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{04B0B1DA-1FA6-4755-B724-62EB4FECC049}
Program path & name:
c:\windows\system32\xvnfvemd.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{05C4D22C-299B-4408-8C98-1826F8F54181}
Program path & name:
File not found: C:\Documents and Settings\Michael Clancy\Local Settings\Temporary Internet Files\Content.IE5\05YNGX6F\silent.dll[1].bak"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{096163B5-1FA6-4755-B724-62EB4FECC049}
Program path & name:
c:\windows\system32\xvnfvemd.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
BHO Class
Program path & name:
c:\program files\webtools\webtools.dll"
Enabled: [V]


Program:
"RealPlayer Download and Record Plugin for Internet Explorer"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
RealPlayer Download and Record Plugin for Internet Explorer
Program path & name:
"c:\program files\real\realplayer\rpbrowserrecordplugin.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Helper Class
Program path & name:
c:\program files\bchanger\bchanger.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{44700389-7B73-4B15-9E59-8AA255AAE06E}
Program path & name:
c:\windows\system32\nnnmmled.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{48859868-06A5-7329-D848-2DC00324849A}
Program path & name:
c:\windows\system32\xkgnnuvn.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
OIN Analytics
Program path & name:
c:\program files\oinanalytics\oinanalytics2.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
innbanner browser enhancer
Program path & name:
c:\windows\system32\sjnjsyhcpgtihd.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{8E34BB1C-2983-0154-FB4F-0DA2E5C94E96}
Program path & name:
c:\windows\system32\budkar.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\4.1.805.4472\sw g.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
WhIeHelperObj Class
Program path & name:
c:\program files\webhancer\programs\whiehlpr.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{cc4cce24-d75e-457a-a797-652958db2506}
Program path & name:
c:\windows\system32\prgchu.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{D7336D32-62F7-43B5-8B8C-3963C72CA498}
Program path & name:
c:\windows\system32\pmnkjbxn.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
shell32.dll
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
pmnkjbxn.dll
Program path & name:
c:\windows\system32\pmnkjbxn.dll"
Enabled: [V]


Program:
"Control Panel Drivers Applet"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Multimedia File Property Sheet
Program path & name:
"c:\windows\system32\mmsys.cpl"
Enabled: [V]


Program:
"Microsoft Color Matching System User Interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ICM Scanner Management
Program path & name:
"c:\windows\system32\icmui.dll"
Enabled: [V]


Program:
"Security Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NTFS Security Page
Program path & name:
"c:\windows\system32\rshx32.dll"
Enabled: [V]


Program:
"OLE DocFile Property Page"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
OLE Docfile Property Page
Program path & name:
"c:\windows\system32\docprop.dll"
Enabled: [V]


Program:
"Shell extensions for sharing"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell extensions for sharing
Program path & name:
"c:\windows\system32\ntshrui.dll"
Enabled: [V]


Program:
"Windows Theme API"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
PlusPack CPL Extension
Program path & name:
"c:\windows\system32\themeui.dll"
Enabled: [V]


Program:
"Advanced display adapter properties"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Adapter CPL Extension
Program path & name:
"c:\windows\system32\deskadp.dll"
Enabled: [V]


Program:
"Advanced display monitor properties"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Monitor CPL Extension
Program path & name:
"c:\windows\system32\deskmon.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"Directory Service Security UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DS Security Page
Program path & name:
"c:\windows\system32\dssec.dll"
Enabled: [V]


Program:
"Compatibility Tab Shell Extension DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Compatibility Page
Program path & name:
"c:\windows\system32\slayerxp.dll"
Enabled: [V]


Program:
"Shell scrap object handler"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Scrap DataHandler
Program path & name:
"c:\windows\system32\shscrap.dll"
Enabled: [V]


Program:
"Windows DiskCopy"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Disk Copy Extension
Program path & name:
"c:\windows\system32\diskcopy.dll"
Enabled: [V]


Program:
"Network object shell UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell extensions for Microsoft Windows Network objects
Program path & name:
"c:\windows\system32\ntlanui2.dll"
Enabled: [V]


Program:
"Microsoft Color Matching System User Interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ICM Monitor Management
Program path & name:
"c:\windows\system32\icmui.dll"
Enabled: [V]


Program:
"Microsoft Color Matching System User Interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ICM Printer Management
Program path & name:
"c:\windows\system32\icmui.dll"
Enabled: [V]


Program:
"Print UI DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Printer Shell Extension
Program path & name:
"c:\windows\system32\printui.dll"
Enabled: [V]


Program:
"Windows Shell Disk Quota UI DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Disk Quota UI
Program path & name:
"c:\windows\system32\dskquoui.dll"
Enabled: [V]


Program:
"Windows Briefcase"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Briefcase
Program path & name:
"c:\windows\system32\syncui.dll"
Enabled: [V]


Program:
"HyperTerminal Applet Library"
Publisher:
"(Not verified) Hilgraeve Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
HyperTerminal Icon Ext
Program path & name:
"c:\windows\system32\hticons.dll"
Enabled: [V]


Program:
"Windows Font Folder"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Fonts
Program path & name:
"c:\windows\system32\fontext.dll"
Enabled: [V]


Program:
"Microsoft Color Matching System User Interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ICC Profile
Program path & name:
"c:\windows\system32\icmui.dll"
Enabled: [V]


Program:
"Security Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Printers Security Page
Program path & name:
"c:\windows\system32\rshx32.dll"
Enabled: [V]


Program:
"Shell extensions for sharing"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell extensions for sharing
Program path & name:
"c:\windows\system32\ntshrui.dll"
Enabled: [V]


Program:
"Advanced display performance properties"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display TroubleShoot CPL Extension
Program path & name:
"c:\windows\system32\deskperf.dll"
Enabled: [V]


Program:
"Crypto Shell Extensions"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Crypto PKO Extension
Program path & name:
"c:\windows\system32\cryptext.dll"
Enabled: [V]


Program:
"Crypto Shell Extensions"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Crypto Sign Extension
Program path & name:
"c:\windows\system32\cryptext.dll"
Enabled: [V]


Program:
"Network Connections Shell"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Network Connections
Program path & name:
"c:\windows\system32\netshell.dll"
Enabled: [V]


Program:
"Network Connections Shell"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Network Connections
Program path & name:
"c:\windows\system32\netshell.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Remote Sessions CPL Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Remote Sessions CPL Extension
Program path & name:
"c:\windows\system32\remotepg.dll"
Enabled: [V]


Program:
"Microsoft (r) Shell Extension for Windows Script Host"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell extensions for Windows Script Host
Program path & name:
"c:\windows\system32\wshext.dll"
Enabled: [V]


Program:
"Microsoft Data Access - OLE DB Core Services"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Data Link
Program path & name:
"c:\program files\common files\system\ole db\oledb32.dll"
Enabled: [V]


Program:
"Task Scheduler interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Tasks Folder Icon Handler
Program path & name:
"c:\windows\system32\mstask.dll"
Enabled: [V]


Program:
"Task Scheduler interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Tasks Folder Shell Extension
Program path & name:
"c:\windows\system32\mstask.dll"
Enabled: [V]


Program:
"Task Scheduler interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scheduled Tasks
Program path & name:
"c:\windows\system32\mstask.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Taskbar and Start Menu
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Search
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Help and Support
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Help and Support
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Run...
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Internet
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
E-mail
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Fonts
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Administrative Tools
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Media File Property Extractor Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Audio Media Properties Handler
Program path & name:
"c:\windows\system32\shmedia.dll"
Enabled: [V]


Program:
"Media File Property Extractor Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Video Media Properties Handler
Program path & name:
"c:\windows\system32\shmedia.dll"
Enabled: [V]


Program:
"Media File Property Extractor Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Wav Properties Handler
Program path & name:
"c:\windows\system32\shmedia.dll"
Enabled: [V]


Program:
"Media File Property Extractor Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Avi Properties Handler
Program path & name:
"c:\windows\system32\shmedia.dll"
Enabled: [V]


Program:
"Media File Property Extractor Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Midi Properties Handler
Program path & name:
"c:\windows\system32\shmedia.dll"
Enabled: [V]


Program:
"Media File Property Extractor Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Video Thumbnail Extractor
Program path & name:
"c:\windows\system32\shmedia.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Internet Toolbar
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Download Status
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Augmented Shell Folder
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Augmented Shell Folder 2
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
BandProxy
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft BrowserBand
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Search Band
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Media Band
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
In-pane search
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Search
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Registry Tree Options Utility
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
&Address
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Address EditBox
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft AutoComplete
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
TridentImageExtractor
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
MRU AutoComplete List
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Custom MRU AutoCompleted List
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Accessible
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Track Popup Bar
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Address Bar Parser
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft History AutoComplete List
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Shell Folder AutoComplete List
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Multiple AutoComplete List Container
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Band Site Menu
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell DeskBarApp
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell DeskBar
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Rebar BandSite
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
User Assist
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Global Folder Settings
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Favorites Band
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Automation Inproc Service
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell DocObject Viewer
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Browser Architecture
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
InternetShortcut
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Url History Service
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
History
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Temporary Internet Files
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Temporary Internet Files
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Url Search Hook
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE4 Suite Splash Screen
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
CDF Extension Copy Hook
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ISFBand OC
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Search Assistant OC
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
The Internet
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Internet Name Space
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Explorer Band
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Send Mail"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Sendmail service
Program path & name:
"c:\windows\system32\sendmail.dll"
Enabled: [V]


Program:
"Send Mail"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Sendmail service
Program path & name:
"c:\windows\system32\sendmail.dll"
Enabled: [V]


Program:
"Object Control Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ActiveX Cache Folder
Program path & name:
"c:\windows\system32\occache.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheck
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Subscription Mgr
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Subscription Folder
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheckWebCrawler
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheckChannelAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
TrayAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Code Download Agent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ConnectionAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
PostAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheck SyncMgr Handler
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Shell Application Manager"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Application Manager
Program path & name:
"c:\windows\system32\appwiz.cpl"
Enabled: [V]


Program:
"Shell Application Manager"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Installed Apps Enumerator
Program path & name:
"c:\windows\system32\appwiz.cpl"
Enabled: [V]


Program:
"Shell Application Manager"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Darwin App Publisher
Program path & name:
"c:\windows\system32\appwiz.cpl"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Image Verbs
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Image Data Factory
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
GDI+ file thumbnail extractor
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Summary Info Thumbnail handler (DOCFILES)
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
HTML Thumbnail Extractor
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Image Property Handler
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Map Network Drives/Network Places Wizard"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Publishing Wizard
Program path & name:
"c:\windows\system32\netplwiz.dll"
Enabled: [V]


Program:
"Map Network Drives/Network Places Wizard"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Print Ordering via the Web
Program path & name:
"c:\windows\system32\netplwiz.dll"
Enabled: [V]


Program:
"Map Network Drives/Network Places Wizard"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Publishing Wizard Object
Program path & name:
"c:\windows\system32\netplwiz.dll"
Enabled: [V]


Program:
"Map Network Drives/Network Places Wizard"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Get a Passport Wizard
Program path & name:
"c:\windows\system32\netplwiz.dll"
Enabled: [V]


Program:
"Map Network Drives/Network Places Wizard"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
User Accounts
Program path & name:
"c:\windows\system32\netplwiz.dll"
Enabled: [V]


Program:
"Compressed (zipped) Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Compressed (zipped) Folder
Program path & name:
"c:\windows\system32\zipfldr.dll"
Enabled: [V]


Program:
"Compressed (zipped) Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Compressed (zipped) Folder Right Drag Handler
Program path & name:
"c:\windows\system32\zipfldr.dll"
Enabled: [V]


Program:
"Compressed (zipped) Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Compressed (zipped) Folder SendTo Target
Program path & name:
"c:\windows\system32\zipfldr.dll"
Enabled: [V]


Program:
"Channel Definition File Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Channel File
Program path & name:
"c:\windows\system32\cdfview.dll"
Enabled: [V]


Program:
"Channel Definition File Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Channel Shortcut
Program path & name:
"c:\windows\system32\cdfview.dll"
Enabled: [V]


Program:
"Channel Definition File Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Channel Handler Object
Program path & name:
"c:\windows\system32\cdfview.dll"
Enabled: [V]


Program:
"Channel Definition File Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Channel Menu
Program path & name:
"c:\windows\system32\cdfview.dll"
Enabled: [V]


Program:
"Channel Definition File Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Channel Properties
Program path & name:
"c:\windows\system32\cdfview.dll"
Enabled: [V]


Program:
"Microsoft Internet Explorer FTP Folder Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
FTP Folders Webview
Program path & name:
"c:\windows\system32\msieftp.dll"
Enabled: [V]


Program:
"Microsoft DocProp Shell Ext"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft DocProp Shell Ext
Program path & name:
"c:\windows\system32\docprop2.dll"
Enabled: [V]


Program:
"Microsoft DocProp Shell Ext"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft DocProp Inplace Edit Box Control
Program path & name:
"c:\windows\system32\docprop2.dll"
Enabled: [V]


Program:
"Microsoft DocProp Shell Ext"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft DocProp Inplace ML Edit Box Control
Program path & name:
"c:\windows\system32\docprop2.dll"
Enabled: [V]


Program:
"Microsoft DocProp Shell Ext"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft DocProp Inplace Droplist Combo Control
Program path & name:
"c:\windows\system32\docprop2.dll"
Enabled: [V]


Program:
"Microsoft DocProp Shell Ext"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft DocProp Inplace Calendar Control
Program path & name:
"c:\windows\system32\docprop2.dll"
Enabled: [V]


Program:
"Microsoft DocProp Shell Ext"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft DocProp Inplace Time Control
Program path & name:
"c:\windows\system32\docprop2.dll"
Enabled: [V]


Program:
"Directory Service Find"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Directory Query UI
Program path & name:
"c:\windows\system32\dsquery.dll"
Enabled: [V]


Program:
"Directory Service Find"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell properties for a DS object
Program path & name:
"c:\windows\system32\dsquery.dll"
Enabled: [V]


Program:
"Directory Service Find"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Directory Object Find
Program path & name:
"c:\windows\system32\dsquery.dll"
Enabled: [V]


Program:
"Directory Service Find"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Directory Start/Search Find
Program path & name:
"c:\windows\system32\dsquery.dll"
Enabled: [V]


Program:
"Directory Service Common UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Directory Property UI
Program path & name:
"c:\windows\system32\dsuiext.dll"
Enabled: [V]


Program:
"Directory Service Common UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Directory Context Menu Verbs
Program path & name:
"c:\windows\system32\dsuiext.dll"
Enabled: [V]


Program:
"My Documents Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
MyDocs Copy Hook
Program path & name:
"c:\windows\system32\mydocs.dll"
Enabled: [V]


Program:
"My Documents Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
MyDocs Drop Target
Program path & name:
"c:\windows\system32\mydocs.dll"
Enabled: [V]


Program:
"My Documents Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
MyDocs Properties
Program path & name:
"c:\windows\system32\mydocs.dll"
Enabled: [V]


Program:
"Client Side Caching UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Offline Files Menu
Program path & name:
"c:\windows\system32\cscui.dll"
Enabled: [V]


Program:
"Client Side Caching UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Offline Files Folder Options
Program path & name:
"c:\windows\system32\cscui.dll"
Enabled: [V]


Program:
"Client Side Caching UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Offline Files Folder
Program path & name:
"c:\windows\system32\cscui.dll"
Enabled: [V]


Program:
"Microsoft Agent Property Sheet Handler"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Agent Character Property Sheet Handler
Program path & name:
"c:\windows\msagent\agentpsh.dll"
Enabled: [V]


Program:
"Distributed File System shell extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DfsShell
Program path & name:
"c:\windows\system32\dfsshlex.dll"
Enabled: [V]


Program:
"Photo Printing Wizard"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
%DESC_PublishDropTarget%
Program path & name:
"c:\windows\system32\photowiz.dll"
Enabled: [V]


Program:
"MMC Shell Extension DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
MMC Icon Handler
Program path & name:
"c:\windows\system32\mmcshext.dll"
Enabled: [V]


Program:
"Cabinet File Viewer Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
.CAB file viewer
Program path & name:
"c:\windows\system32\cabview.dll"
Enabled: [V]


Program:
"Find People"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
For &People...
Program path & name:
"c:\program files\outlook express\wabfind.dll"
Enabled: [V]


Program:
"Windows Media Player Launcher"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Windows Media Player Play as Playlist Context Menu Handler
Program path & name:
"c:\windows\system32\wmpshell.dll"
Enabled: [V]


Program:
"Windows Media Player Launcher"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Windows Media Player Burn Audio CD Context Menu Handler
Program path & name:
"c:\windows\system32\wmpshell.dll"
Enabled: [V]


Program:
"Windows Media Player Launcher"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Windows Media Player Add to Playlist Context Menu Handler
Program path & name:
"c:\windows\system32\wmpshell.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Fusion Cache
Program path & name:
File not found: C:\WINDOWS\system32\mscoree.dll"
Enabled: [V]


Program:
"Microsoft Web Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Folders
Program path & name:
"c:\program files\common files\microsoft shared\web folders\msonsext.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Computer Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
"RealPlayer Shell Extensions"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Extensions for RealOne Player
Program path & name:
"c:\program files\real\realplayer\rpshell.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
{24F14F01-7B1C-11d1-838f-0000F80461CF}
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
{24F14F02-7B1C-11d1-838f-0000F80461CF}
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
"Windows Shell Common Dll"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
{66742402-F9B9-11D1-A202-0000F81FEDEE}
Program path & name:
"c:\windows\system32\shell32.dll"
Enabled: [V]


Program:
"Shell Doc Object and Control Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
shdocvw.dll
Program path & name:
"c:\windows\system32\shdocvw.dll"
Enabled: [V]


Program:
"Windows Media Player 2 ActiveX Control"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
msdxm.ocx
Program path & name:
"c:\windows\system32\msdxm.ocx"
Enabled: [V]


Program:
"Norton AntiVirusNAVShellExt Module"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
Norton AntiVirus
Program path & name:
"c:\program files\norton antivirus\navshext.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar1.dll
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
enabled
Publisher:
""
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
@shdoclc.dll
Program path & name:
"c:\windows\web\related.htm"
Enabled: [ ]

[/code]

spikejones
18-10-08, 20:40
WOW... you have WAY to many autorun entries.

LaraCroft90
18-10-08, 20:54
Oh my god! :yik: So many autoruns!

matrix54
18-10-08, 23:07
how do I solve my problem?

spikejones
19-10-08, 02:00
go ahead and download autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) and wait for esconder to come along and tell you what programs to kill.

have you run full system anti-virus and spyware scans yet?
if so, is that list from before or after you did those scans?

EscondeR
19-10-08, 09:10
Apologies for this False Positive :)

But your PC is badly infected with trojans and malware.
So...
1. Download Autoruns (http://technet.microsoft.com/ru-ru/sysinternals/bb963902(en-us).aspx).
2. Boot in Safe Mode.
3. Run Autoruns, let it scan your entries, then kill those (right click and select Delete):


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
webHancer Agent
Program path & name:
c:\program files\webhancer\programs\whagent.exe"
Enabled: [V] - MALWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
BMe76ea4fd
Program path & name:
c:\windows\system32\fodnmmgy.dll"
Enabled: [V] - TROJAN!


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
Entry name:
Browseui preloader
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V] - MALWARE!


Program:
"Shell Browser UI Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
Entry name:
Component Categories cache daemon
Program path & name:
"c:\windows\system32\browseui.dll"
Enabled: [V] - MALWARE!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
Entry name:
COM+ Service
Program path & name:
c:\windows\system32\winload.dll"
Enabled: [V] - MALWARE!



Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
e45d9761
Program path & name:
c:\documents and settings\guest\local settings\temp\nterosiq.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
BMe76ea4fd
Program path & name:
c:\documents and settings\guest\local settings\temp\oquxbufu.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{04B0B1DA-1FA6-4755-B724-62EB4FECC049}
Program path & name:
c:\windows\system32\xvnfvemd.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{05C4D22C-299B-4408-8C98-1826F8F54181}
Program path & name:
File not found: C:\Documents and Settings\Michael Clancy\Local Settings\Temporary Internet Files\Content.IE5\05YNGX6F\silent.dll[1].bak"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{096163B5-1FA6-4755-B724-62EB4FECC049}
Program path & name:
c:\windows\system32\xvnfvemd.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
BHO Class
Program path & name:
c:\program files\webtools\webtools.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Helper Class
Program path & name:
c:\program files\bchanger\bchanger.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{44700389-7B73-4B15-9E59-8AA255AAE06E}
Program path & name:
c:\windows\system32\nnnmmled.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{48859868-06A5-7329-D848-2DC00324849A}
Program path & name:
c:\windows\system32\xkgnnuvn.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
OIN Analytics
Program path & name:
c:\program files\oinanalytics\oinanalytics2.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
innbanner browser enhancer
Program path & name:
c:\windows\system32\sjnjsyhcpgtihd.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{8E34BB1C-2983-0154-FB4F-0DA2E5C94E96}
Program path & name:
c:\windows\system32\budkar.dll"
Enabled: [V] - TROJAN!


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V] - TROJAN!


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\4.1.805.4472\sw g.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
WhIeHelperObj Class
Program path & name:
c:\program files\webhancer\programs\whiehlpr.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{cc4cce24-d75e-457a-a797-652958db2506}
Program path & name:
c:\windows\system32\prgchu.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{D7336D32-62F7-43B5-8B8C-3963C72CA498}
Program path & name:
c:\windows\system32\pmnkjbxn.dll"
Enabled: [V] - TROJAN!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
pmnkjbxn.dll
Program path & name:
c:\windows\system32\pmnkjbxn.dll"
Enabled: [V] - TROJAN!


Program:
"Task Scheduler interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Tasks Folder Icon Handler
Program path & name:
"c:\windows\system32\mstask.dll"
Enabled: [V]


Program:
"Task Scheduler interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Tasks Folder Shell Extension
Program path & name:
"c:\windows\system32\mstask.dll"
Enabled: [V]


Program:
"Task Scheduler interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scheduled Tasks
Program path & name:
"c:\windows\system32\mstask.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
cmdService
Program path & name:
c:\windows\twljagflbcbdbgfuy3k\command.exe"
Enabled: [V] - TROJAN!


Program:
"gusvc"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
gusvc
Program path & name:
"c:\program files\google\common\google updater\googleupdaterservice.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Network Monitor
Program path & name:
c:\program files\network monitor\netmon.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
pmnkJbXn
Program path & name:
c:\windows\system32\pmnkjbxn.dll"
Enabled: [V] - TROJAN!

!!!
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
reset5e
Program path & name:
c:\windows\system32\reset5e.dll"
Enabled: [V]
!!!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\System32\nnnmmLed
Program path & name:
c:\windows\system32\nnnmmled.dll"
Enabled: [V] - TROJAN!


Program:
"Microsoft® Works Marketing Feature"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
WorksFUD
Program path & name:
"c:\program files\microsoft works\wkfud.exe"
Enabled: [V]


Program:
"Microsoft® Works PortFolio"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Portfolio
Program path & name:
"c:\program files\microsoft works\wkssb.exe"
Enabled: [V]


Program:
"Microsoft® Works Update Detection"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Update Detection
Program path & name:
"c:\program files\common files\microsoft shared\works shared\wkufind.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar1.dll
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
enabled
Publisher:
""
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
@shdoclc.dll
Program path & name:
"c:\windows\web\related.htm"
Enabled: [ ]

matrix54
19-10-08, 16:10
i did but i don't know what to delete. its just entry, after entry. THEY ALL LOOK THE SAME :eek:

spikejones
19-10-08, 19:03
easiest way to search for the entries is to use the search/find feature and search for the entry name (where one is present) or the file name (which is the last part of the path name).

matrix54
19-10-08, 19:22
i did a search on:
Malware
Trojan
virus
infect

and got nothing back:(

spikejones
19-10-08, 19:28
no.. those words in bold were added in by EscondeR for identification purposes. search for the filename which will have a .extension. :vlol:

for example:

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
webHancer Agent
Program path & name:
c:\program files\webhancer\programs\whagent.exe"
Enabled: [V] - MALWARE!


you would search for either:
webHancer Agent

OR

whagent.exe

EscondeR
19-10-08, 19:34
^ Exactly :)

matrix54
19-10-08, 19:50
only the ones in bold?

spikejones
19-10-08, 20:36
following the example that i posted, you should search for and delete all entries in the list that was posted by EscondeR.

matrix54
19-10-08, 20:53
i did them all. now what?

(btw-for some i want in safe mode)

spikejones
19-10-08, 20:56
reboot the machine in normal mode and check performance. report back if there are anymore issues

matrix54
19-10-08, 20:57
check my performance how. with the desktop>properties thing?

spikejones
19-10-08, 20:59
is the problem solved?

matrix54
19-10-08, 21:07
how do i check my perf?

spikejones
19-10-08, 23:24
you check to see if the problem is solved by seeing if you still get those script errors that you were talking about. I dont mean check to see how fast your machine runs;)

matrix54
19-10-08, 23:35
i do get them. i did search them all, and double checked. nothing.

EscondeR
20-10-08, 04:54
:tmb:

matrix54
20-10-08, 11:44
but i still get script error. very few though...

EscondeR
20-10-08, 12:00
1. Can you post a screenshot of one of those messages?

2. Connect to Internet and run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) once more (this way it'll update signatures and provide less entries) and post the report again to check (copy/paste the whole text into one post).