Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

protocol hijack can not remove HJThis


  • This topic is locked This topic is locked
15 replies to this topic

#1 snguyen2

snguyen2

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 05 January 2005 - 12:09 AM

Logfile of HijackThis v1.99.0
Scan saved at 12:00:52 AM, on 1/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\HijackThis.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TBPS] C:\Program Files\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_3c83.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\NetZero\qsacc\x1exec.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3F2C664D-FC52-45F9-B143-A9B0514F47F5} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B1A3EBB-49F6-4F8E-ACFB-F48EE99E6065}: NameServer = 64.136.28.120 64.136.20.120
O18 - Protocol hijack: file - FILE>{79PHCNMH-IHW9-H1MG-IT82H00MH0IHW{PHT}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PGPsdkService - PGP Corporation - C:\WINDOWS\System32\PGPsdkServ.exe

[B]

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:02:50 PM

Posted 05 January 2005 - 08:51 AM

You have a Look2Me infection. Your recycle bin is damaged and if you delete a file it will be gone forever.


Download Find It NT-2K-XP.zip.

Unzip the contents of Find It NT-2K-XP.zip to a folder, for example c:\findit

Navigate to the c:\findit folder and double-click on find.bat.
A command prompt will open and it will search your computer for malicious files. Let it finish. It could take 5 - 10 minutes.

Once it has finished a Notepad window will pop up with output.txt.
Copy the entire contents of output.txt into your next post.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 snguyen2

snguyen2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 06 January 2005 - 12:00 AM

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\Hien Nguyen.NGUYEN\Desktop\Find It NT-2K-XP\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C is el paso
Volume Serial Number is 9417-86EE

Directory of C:\WINDOWS\System32

01/05/2005 11:02 PM 222,452 f4j2le1o1h.dll
01/05/2005 10:20 PM 223,415 lvp8097ue.dll
12/25/2004 11:34 AM <DIR> dllcache
12/22/2004 12:11 AM 224,443 mxacm.dll
12/08/2004 10:39 AM 389,120 w?nlogon.exe
01/12/2003 11:36 PM <DIR> Microsoft
04/02/2002 05:41 AM 9,216 Thumbs.db
5 File(s) 1,068,646 bytes
2 Dir(s) 24,012,255,232 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is el paso
Volume Serial Number is 9417-86EE

Directory of C:\WINDOWS\System32

12/25/2004 11:34 AM <DIR> dllcache
12/08/2004 10:39 AM 389,120 w?nlogon.exe
04/30/2004 08:01 PM 2,615 fiz0
05/23/2002 08:58 PM 488 WindowsLogon.manifest
05/23/2002 08:58 PM 488 logonui.exe.manifest
05/23/2002 08:58 PM 749 cdplayer.exe.manifest
05/23/2002 08:58 PM 749 nwc.cpl.manifest
05/23/2002 08:58 PM 749 wuaucpl.cpl.manifest
05/23/2002 08:58 PM 749 sapi.cpl.manifest
05/23/2002 08:58 PM 749 ncpa.cpl.manifest
04/02/2002 05:41 AM 9,216 Thumbs.db
10 File(s) 405,672 bytes
1 Dir(s) 24,012,251,136 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C is el paso
Volume Serial Number is 9417-86EE

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C is el paso
Volume Serial Number is 9417-86EE

Directory of C:\WINDOWS\System32

10/31/2004 10:49 AM 355,944 PerfStringBackup.TMP
08/18/2001 02:00 PM 2,577 CONFIG.TMP
2 File(s) 358,521 bytes
0 Dir(s) 24,012,251,136 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CD1D33DE-FBA7-4307-8313-49E64AA85AAA}"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lvp8097ue.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
f4j2le~1.dll Wed 2005-01-05 23:02:16 ..S.R 222,452 217.24 K
lvp809~1.dll Wed 2005-01-05 22:20:04 ..S.R 223,415 218.18 K
mxacm.dll Wed 2004-12-22 0:11:46 ..S.R 224,443 219.18 K
wnlogo~1.exe Wed 2004-12-08 10:39:06 ..SHR 389,120 380.00 K

4 items found: 4 files, 0 directories.
Total of file sizes: 1,059,430 bytes 1.01 M

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\sfarkxt.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"vptray"="C:\\PROGRA~1\\NavNT\\vptray.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


 :thumbsup:

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:02:50 PM

Posted 06 January 2005 - 06:32 AM

Hi

Download KillBox here: KillBox. Unzip it to your desktop.

Disconnect from the internet.


Start Killbox and click on Tools --> Select Delete Temp Files. Click OK.


Select the Delete on reboot option.

Copy and paste the following file to the field labeled "Full path of file to delete"
C:\WINDOWS\System32\f4j2le1o1h.dll

Press the Delete button (the button that looks like a red circle with a white X in it).

A first dialog box will ask if you want to delete the file on reboot, press the YES button.

A second dialog box will ask you if you want to REBOOT now. Press the NO button.

Repeat steps above for these files:

C:\WINDOWS\System32\lvp8097ue.dll

C:\WINDOWS\System32\mxacm.dll



Copy and paste the following file to the field labeled "Full path of file to delete"
C:\WINDOWS\System32\Guard.tmp

Press the Delete button (the button that looks like a red circle with a white X in it).

A first dialog box will ask if you want to delete the file on reboot, press the YES button.

A second dialog box will ask you if you want to REBOOT now. Press the YES button.


Your computer will reboot.

Run again Find.bat, HijackThis, and post the logs please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 snguyen2

snguyen2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 06 January 2005 - 09:00 PM

Hi

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\Hien Nguyen.NGUYEN\Desktop\Find It NT-2K-XP\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C is el paso
Volume Serial Number is 9417-86EE

Directory of C:\WINDOWS\System32

12/25/2004 11:34 AM <DIR> dllcache
12/08/2004 10:39 AM 389,120 w?nlogon.exe
01/12/2003 11:36 PM <DIR> Microsoft
04/02/2002 05:41 AM 9,216 Thumbs.db
2 File(s) 398,336 bytes
2 Dir(s) 24,262,918,144 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is el paso
Volume Serial Number is 9417-86EE

Directory of C:\WINDOWS\System32

12/25/2004 11:34 AM <DIR> dllcache
12/08/2004 10:39 AM 389,120 w?nlogon.exe
04/30/2004 08:01 PM 2,615 fiz0
05/23/2002 08:58 PM 488 WindowsLogon.manifest
05/23/2002 08:58 PM 488 logonui.exe.manifest
05/23/2002 08:58 PM 749 cdplayer.exe.manifest
05/23/2002 08:58 PM 749 nwc.cpl.manifest
05/23/2002 08:58 PM 749 wuaucpl.cpl.manifest
05/23/2002 08:58 PM 749 sapi.cpl.manifest
05/23/2002 08:58 PM 749 ncpa.cpl.manifest
04/02/2002 05:41 AM 9,216 Thumbs.db
10 File(s) 405,672 bytes
1 Dir(s) 24,262,914,048 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C is el paso
Volume Serial Number is 9417-86EE

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C is el paso
Volume Serial Number is 9417-86EE

Directory of C:\WINDOWS\System32

10/31/2004 10:49 AM 355,944 PerfStringBackup.TMP
08/18/2001 02:00 PM 2,577 CONFIG.TMP
2 File(s) 358,521 bytes
0 Dir(s) 24,262,914,048 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lvp8097ue.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
wnlogo~1.exe Wed 2004-12-08 10:39:06 ..SHR 389,120 380.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 389,120 bytes 380.00 K

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\sfarkxt.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"vptray"="C:\\PROGRA~1\\NavNT\\vptray.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


 :flowers: :thumbsup:

#6 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:02:50 PM

Posted 07 January 2005 - 05:46 AM

Hi

Copy the contents of the Quote Box below to Notepad.
Click File menu -> Save and name the file as unhide.reg
Change the Save as Type to All Files
Save this file on the desktop.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"SearchSystemDirs"=dword:00000001
"SearchHidden"=dword:00000001
"IncludeSubFolders"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"ShowSuperHidden"=dword:00000001


Double-click on the unhide.reg file you saved on your desktop, and when it prompts to merge say Yes.

REBOOT your machine.

Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows


Delete the bad w?nlogon.exe
You will find two files with the same name in the C:\WINDOWS\System32\ folder: winlogon.exe. One is bad and one is legitimate. You must delete the bad file. Right click on each file and select Properties. In the General tab the legitimate file has this Description: Windows NT Logon Application. Do not delete this file. Delete the bad file.
The bad file has this description: winlogon.exe and the size: 389,120 bytes. The bad file will not appear alphabetically.


Repair the Recycle bin
Start Killbox.exe

Select the Delete on reboot option.

Copy and paste the line below in the field labeled "Full path of file to delete"
c:\recycler

Then press the button that looks like a red circle with a white X in it.
When it asks if you would like to Reboot now, press the YES button.

Your computer will reboot. Check if the recycle bin is OK. Create an empty TXT file and delete it. Please report back.


Delete registry entry

Copy the contents of the Quote Box below to Notepad.
Click File menu -> Save and name the file as fix.reg
Change the Save as Type to All Files
Save this file on the desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]


Double-click on the fix.reg file on your desktop, and when it prompts to merge say Yes, and this will repair some registry entries.


Restore Policy
Download VX2Finder from this link:
http://www.downloads.subratam.org/VX2Finder.exe
Run Vx2Finder and click on the Restore Policy button.

Run HijackThis!, press Scan, and put a check mark next to all these:

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch


Close all other windows and browsers, and press the Fix Checked button.

Please uninstall from Add\Remove Programs:
Viewpoint Manager

REBOOT your machine and post a new hojackthis log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#7 snguyen2

snguyen2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 08 January 2005 - 02:44 PM

the recycler bin work ok. But now, i can not acceess start bar. when i move the mouse on the start bar the cursor turns into a clok and when I shut down the system using the task manager. explorer.exe windows appear and ask me to end the explorer.exe. it seems to me that some thing are running at the start bar and can not connect to netzero anymore.

Please help.
here my new hijack.

Logfile of HijackThis v1.99.0
Scan saved at 12:00:52 AM, on 1/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\HijackThis.exe

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TBPS] C:\Program Files\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_3c83.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\NetZero\qsacc\x1exec.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3F2C664D-FC52-45F9-B143-A9B0514F47F5} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B1A3EBB-49F6-4F8E-ACFB-F48EE99E6065}: NameServer = 64.136.28.120 64.136.20.120
O18 - Protocol hijack: file - FILE>{79PHCNMH-IHW9-H1MG-IT82H00MH0IHW{PHT}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PGPsdkService - PGP Corporation - C:\WINDOWS\System32\PGPsdkServ.exe

[B]

#8 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:02:50 PM

Posted 08 January 2005 - 07:03 PM

Hi

Go to Start -> Run -> Type regedit and press Enter.

Navigate to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved <-- this key

Right-click the key (in the left pane) and select Export. Export the key as HUH.REG on your Desktop.

Right-click HUH.REG on your Desktop and rename it HUH.TXT.

Open HUH.TXT and post the content here please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#9 snguyen2

snguyen2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 09 January 2005 - 07:44 PM

HI
here my approved hug.txt


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Class Name: <NO CLASS>
Last Write Time: 2005/01/07 - 21:39
Value 0
Name: {00022613-0000-0000-C000-000000000046}
Type: REG_SZ
Data: Multimedia File Property Sheet

Value 1
Name: {176d6597-26d3-11d1-b350-080036a75b03}
Type: REG_SZ
Data: ICM Scanner Management

Value 2
Name: {1F2E5C40-9550-11CE-99D2-00AA006E086C}
Type: REG_SZ
Data: NTFS Security Page

Value 3
Name: {3EA48300-8CF6-101B-84FB-666CCB9BCD32}
Type: REG_SZ
Data: OLE Docfile Property Page

Value 4
Name: {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
Type: REG_SZ
Data: Shell extensions for sharing

Value 5
Name: {41E300E0-78B6-11ce-849B-444553540000}
Type: REG_SZ
Data: PlusPack CPL Extension

Value 6
Name: {42071712-76d4-11d1-8b24-00a0c9068ff3}
Type: REG_SZ
Data: Display Adapter CPL Extension

Value 7
Name: {42071713-76d4-11d1-8b24-00a0c9068ff3}
Type: REG_SZ
Data: Display Monitor CPL Extension

Value 8
Name: {42071714-76d4-11d1-8b24-00a0c9068ff3}
Type: REG_SZ
Data: Display Panning CPL Extension

Value 9
Name: {4E40F770-369C-11d0-8922-00A024AB2DBB}
Type: REG_SZ
Data: DS Security Page

Value 10
Name: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Type: REG_SZ
Data: Compatibility Page

Value 11
Name: {56117100-C0CD-101B-81E2-00AA004AE837}
Type: REG_SZ
Data: Shell Scrap DataHandler

Value 12
Name: {59099400-57FF-11CE-BD94-0020AF85B590}
Type: REG_SZ
Data: Disk Copy Extension

Value 13
Name: {59be4990-f85c-11ce-aff7-00aa003ca9f6}
Type: REG_SZ
Data: Shell extensions for Microsoft Windows Network objects

Value 14
Name: {5DB2625A-54DF-11D0-B6C4-0800091AA605}
Type: REG_SZ
Data: ICM Monitor Management

Value 15
Name: {675F097E-4C4D-11D0-B6C1-0800091AA605}
Type: REG_SZ
Data: ICM Printer Management

Value 16
Name: {764BF0E1-F219-11ce-972D-00AA00A14F56}
Type: REG_SZ
Data: Shell extensions for file compression

Value 17
Name: {77597368-7b15-11d0-a0c2-080036af3f03}
Type: REG_SZ
Data: Web Printer Shell Extension

Value 18
Name: {7988B573-EC89-11cf-9C00-00AA00A14F56}
Type: REG_SZ
Data: Disk Quota UI

Value 19
Name: {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
Type: REG_SZ
Data: Encryption Context Menu

Value 20
Name: {85BBD920-42A0-1069-A2E4-08002B30309D}
Type: REG_SZ
Data: Briefcase

Value 21
Name: {88895560-9AA2-1069-930E-00AA0030EBC8}
Type: REG_SZ
Data: HyperTerminal Icon Ext

Value 22
Name: {BD84B380-8CA2-1069-AB1D-08000948F534}
Type: REG_SZ
Data: Fonts

Value 23
Name: {DBCE2480-C732-101B-BE72-BA78E9AD5B27}
Type: REG_SZ
Data: ICC Profile

Value 24
Name: {F37C5810-4D3F-11d0-B4BF-00AA00BBB723}
Type: REG_SZ
Data: Printers Security Page

Value 25
Name: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Type: REG_SZ
Data: Shell extensions for sharing

Value 26
Name: {f92e8c40-3d33-11d2-b1aa-080036a75b03}
Type: REG_SZ
Data: Display TroubleShoot CPL Extension

Value 27
Name: {7444C717-39BF-11D1-8CD9-00C04FC29D45}
Type: REG_SZ
Data: Crypto PKO Extension

Value 28
Name: {7444C719-39BF-11D1-8CD9-00C04FC29D45}
Type: REG_SZ
Data: Crypto Sign Extension

Value 29
Name: {7007ACC7-3202-11D1-AAD2-00805FC1270E}
Type: REG_SZ
Data: Network Connections

Value 30
Name: {992CFFA0-F557-101A-88EC-00DD010CCC48}
Type: REG_SZ
Data: Network Connections

Value 31
Name: {E211B736-43FD-11D1-9EFB-0000F8757FCD}
Type: REG_SZ
Data: Scanners & Cameras

Value 32
Name: {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}
Type: REG_SZ
Data: Scanners & Cameras

Value 33
Name: {905667aa-acd6-11d2-8080-00805f6596d2}
Type: REG_SZ
Data: Scanners & Cameras

Value 34
Name: {3F953603-1008-4f6e-A73A-04AAC7A992F1}
Type: REG_SZ
Data: Scanners & Cameras

Value 35
Name: {83bbcbf3-b28a-4919-a5aa-73027445d672}
Type: REG_SZ
Data: Scanners & Cameras

Value 36
Name: {F0152790-D56E-4445-850E-4F3117DB740C}
Type: REG_SZ
Data: Remote Sessions CPL Extension

Value 37
Name: {60254CA5-953B-11CF-8C96-00AA00B8708C}
Type: REG_SZ
Data: Shell extensions for Windows Script Host

Value 38
Name: {2206CDB2-19C1-11D1-89E0-00C04FD7A829}
Type: REG_SZ
Data: Microsoft Data Link

Value 39
Name: {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}
Type: REG_SZ
Data: Tasks Folder Icon Handler

Value 40
Name: {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}
Type: REG_SZ
Data: Tasks Folder Shell Extension

Value 41
Name: {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Type: REG_SZ
Data: Scheduled Tasks

Value 42
Name: {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Type: REG_SZ
Data: Taskbar and Start Menu

Value 43
Name: {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}
Type: REG_SZ
Data: Search

Value 44
Name: {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}
Type: REG_SZ
Data: Help and Support

Value 45
Name: {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}
Type: REG_SZ
Data: Help and Support

Value 46
Name: {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
Type: REG_SZ
Data: Run...

Value 47
Name: {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}
Type: REG_SZ
Data: Internet

Value 48
Name: {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}
Type: REG_SZ
Data: E-mail

Value 49
Name: {D20EA4E1-3957-11d2-A40B-0C5020524152}
Type: REG_SZ
Data: Fonts

Value 50
Name: {D20EA4E1-3957-11d2-A40B-0C5020524153}
Type: REG_SZ
Data: Administrative Tools

Value 51
Name: {875CB1A1-0F29-45de-A1AE-CFB4950D0B78}
Type: REG_SZ
Data: Audio Media Properties Handler

Value 52
Name: {40C3D757-D6E4-4b49-BB41-0E5BBEA28817}
Type: REG_SZ
Data: Video Media Properties Handler

Value 53
Name: {E4B29F9D-D390-480b-92FD-7DDB47101D71}
Type: REG_SZ
Data: Wav Properties Handler

Value 54
Name: {87D62D94-71B3-4b9a-9489-5FE6850DC73E}
Type: REG_SZ
Data: Avi Properties Handler

Value 55
Name: {A6FD9E45-6E44-43f9-8644-08598F5A74D9}
Type: REG_SZ
Data: Midi Properties Handler

Value 56
Name: {c5a40261-cd64-4ccf-84cb-c394da41d590}
Type: REG_SZ
Data: Video Thumbnail Extractor

Value 57
Name: {5E6AB780-7743-11CF-A12B-00AA004AE837}
Type: REG_SZ
Data: Microsoft Internet Toolbar

Value 58
Name: {22BF0C20-6DA7-11D0-B373-00A0C9034938}
Type: REG_SZ
Data: Download Status

Value 59
Name: {91EA3F8B-C99B-11d0-9815-00C04FD91972}
Type: REG_SZ
Data: Augmented Shell Folder

Value 60
Name: {6413BA2C-B461-11d1-A18A-080036B11A03}
Type: REG_SZ
Data: Augmented Shell Folder 2

Value 61
Name: {F61FFEC1-754F-11d0-80CA-00AA005B4383}
Type: REG_SZ
Data: BandProxy

Value 62
Name: {7BA4C742-9E81-11CF-99D3-00AA004AE837}
Type: REG_SZ
Data: Microsoft BrowserBand

Value 63
Name: {30D02401-6A81-11d0-8274-00C04FD5AE38}
Type: REG_SZ
Data: Search Band

Value 64
Name: {32683183-48a0-441b-a342-7c2a440a9478}
Type: REG_SZ
Data: Media Band

Value 65
Name: {169A0691-8DF9-11d1-A1C4-00C04FD75D13}
Type: REG_SZ
Data: In-pane search

Value 66
Name: {07798131-AF23-11d1-9111-00A0C98BA67D}
Type: REG_SZ
Data: Web Search

Value 67
Name: {AF4F6510-F982-11d0-8595-00AA004CD6D8}
Type: REG_SZ
Data: Registry Tree Options Utility

Value 68
Name: {01E04581-4EEE-11d0-BFE9-00AA005B4383}
Type: REG_SZ
Data: &Address

Value 69
Name: {A08C11D2-A228-11d0-825B-00AA005B4383}
Type: REG_SZ
Data: Address EditBox

Value 70
Name: {00BB2763-6A77-11D0-A535-00C04FD7D062}
Type: REG_SZ
Data: Microsoft AutoComplete

Value 71
Name: {7376D660-C583-11d0-A3A5-00C04FD706EC}
Type: REG_SZ
Data: TridentImageExtractor

Value 72
Name: {6756A641-DE71-11d0-831B-00AA005B4383}
Type: REG_SZ
Data: MRU AutoComplete List

Value 73
Name: {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}
Type: REG_SZ
Data: Custom MRU AutoCompleted List

Value 74
Name: {7e653215-fa25-46bd-a339-34a2790f3cb7}
Type: REG_SZ
Data: Accessible

Value 75
Name: {acf35015-526e-4230-9596-becbe19f0ac9}
Type: REG_SZ
Data: Track Popup Bar

Value 76
Name: {E0E11A09-5CB8-4B6C-8332-E00720A168F2}
Type: REG_SZ
Data: Address Bar Parser

Value 77
Name: {00BB2764-6A77-11D0-A535-00C04FD7D062}
Type: REG_SZ
Data: Microsoft History AutoComplete List

Value 78
Name: {03C036F1-A186-11D0-824A-00AA005B4383}
Type: REG_SZ
Data: Microsoft Shell Folder AutoComplete List

Value 79
Name: {00BB2765-6A77-11D0-A535-00C04FD7D062}
Type: REG_SZ
Data: Microsoft Multiple AutoComplete List Container

Value 80
Name: {ECD4FC4E-521C-11D0-B792-00A0C90312E1}
Type: REG_SZ
Data: Shell Band Site Menu

Value 81
Name: {3CCF8A41-5C85-11d0-9796-00AA00B90ADF}
Type: REG_SZ
Data: Shell DeskBarApp

Value 82
Name: {ECD4FC4C-521C-11D0-B792-00A0C90312E1}
Type: REG_SZ
Data: Shell DeskBar

Value 83
Name: {ECD4FC4D-521C-11D0-B792-00A0C90312E1}
Type: REG_SZ
Data: Shell Rebar BandSite

Value 84
Name: {DD313E04-FEFF-11d1-8ECD-0000F87A470C}
Type: REG_SZ
Data: User Assist

Value 85
Name: {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
Type: REG_SZ
Data: Global Folder Settings

Value 86
Name: {EFA24E61-B078-11d0-89E4-00C04FC9E26E}
Type: REG_SZ
Data: Favorites Band

Value 87
Name: {0A89A860-D7B1-11CE-8350-444553540000}
Type: REG_SZ
Data: Shell Automation Inproc Service

Value 88
Name: {E7E4BC40-E76A-11CE-A9BB-00AA004AE837}
Type: REG_SZ
Data: Shell DocObject Viewer

Value 89
Name: {A5E46E3A-8849-11D1-9D8C-00C04FC99D61}
Type: REG_SZ
Data: Microsoft Browser Architecture

Value 90
Name: {FBF23B40-E3F0-101B-8488-00AA003E56F8}
Type: REG_SZ
Data: InternetShortcut

Value 91
Name: {3C374A40-BAE4-11CF-BF7D-00AA006946EE}
Type: REG_SZ
Data: Microsoft Url History Service

Value 92
Name: {FF393560-C2A7-11CF-BFF4-444553540000}
Type: REG_SZ
Data: History

Value 93
Name: {7BD29E00-76C1-11CF-9DD0-00A0C9034933}
Type: REG_SZ
Data: Temporary Internet Files

Value 94
Name: {7BD29E01-76C1-11CF-9DD0-00A0C9034933}
Type: REG_SZ
Data: Temporary Internet Files

Value 95
Name: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
Type: REG_SZ
Data: Microsoft Url Search Hook

Value 96
Name: {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}
Type: REG_SZ
Data: IE4 Suite Splash Screen

Value 97
Name: {67EA19A0-CCEF-11d0-8024-00C04FD75D13}
Type: REG_SZ
Data: CDF Extension Copy Hook

Value 98
Name: {131A6951-7F78-11D0-A979-00C04FD705A2}
Type: REG_SZ
Data: ISFBand OC

Value 99
Name: {9461b922-3c5a-11d2-bf8b-00c04fb93661}
Type: REG_SZ
Data: Search Assistant OC

Value 100
Name: {3DC7A020-0ACD-11CF-A9BB-00AA004AE837}
Type: REG_SZ
Data: The Internet

Value 101
Name: {871C5380-42A0-1069-A2EA-08002B30309D}
Type: REG_SZ
Data: Internet Name Space

Value 102
Name: {EFA24E64-B078-11d0-89E4-00C04FC9E26E}
Type: REG_SZ
Data: Explorer Band

Value 103
Name: {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}
Type: REG_SZ
Data: Sendmail service

Value 104
Name: {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}
Type: REG_SZ
Data: Sendmail service

Value 105
Name: {88C6C381-2E85-11D0-94DE-444553540000}
Type: REG_SZ
Data: ActiveX Cache Folder

Value 106
Name: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Type: REG_SZ
Data: WebCheck

Value 107
Name: {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}
Type: REG_SZ
Data: Subscription Mgr

Value 108
Name: {F5175861-2688-11d0-9C5E-00AA00A45957}
Type: REG_SZ
Data: Subscription Folder

Value 109
Name: {08165EA0-E946-11CF-9C87-00AA005127ED}
Type: REG_SZ
Data: WebCheckWebCrawler

Value 110
Name: {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}
Type: REG_SZ
Data: WebCheckChannelAgent

Value 111
Name: {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}
Type: REG_SZ
Data: TrayAgent

Value 112
Name: {7D559C10-9FE9-11d0-93F7-00AA0059CE02}
Type: REG_SZ
Data: Code Download Agent

Value 113
Name: {E6CC6978-6B6E-11D0-BECA-00C04FD940BE}
Type: REG_SZ
Data: ConnectionAgent

Value 114
Name: {D8BD2030-6FC9-11D0-864F-00AA006809D9}
Type: REG_SZ
Data: PostAgent

Value 115
Name: {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}
Type: REG_SZ
Data: WebCheck SyncMgr Handler

Value 116
Name: {352EC2B7-8B9A-11D1-B8AE-006008059382}
Type: REG_SZ
Data: Shell Application Manager

Value 117
Name: {0B124F8F-91F0-11D1-B8B5-006008059382}
Type: REG_SZ
Data: Installed Apps Enumerator

Value 118
Name: {CFCCC7A0-A282-11D1-9082-006008059382}
Type: REG_SZ
Data: Darwin App Publisher

Value 119
Name: {e84fda7c-1d6a-45f6-b725-cb260c236066}
Type: REG_SZ
Data: Shell Image Verbs

Value 120
Name: {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}
Type: REG_SZ
Data: Shell Image Data Factory

Value 121
Name: {3F30C968-480A-4C6C-862D-EFC0897BB84B}
Type: REG_SZ
Data: GDI+ file thumbnail extractor

Value 122
Name: {9DBD2C50-62AD-11d0-B806-00C04FD706EC}
Type: REG_SZ
Data: Summary Info Thumbnail handler (DOCFILES)

Value 123
Name: {EAB841A0-9550-11cf-8C16-00805F1408F3}
Type: REG_SZ
Data: HTML Thumbnail Extractor

Value 124
Name: {eb9b1153-3b57-4e68-959a-a3266bc3d7fe}
Type: REG_SZ
Data: Shell Image Property Handler

Value 125
Name: {CC6EEFFB-43F6-46c5-9619-51D571967F7D}
Type: REG_SZ
Data: Web Publishing Wizard

Value 126
Name: {add36aa8-751a-4579-a266-d66f5202ccbb}
Type: REG_SZ
Data: Print Ordering via the Web

Value 127
Name: {6b33163c-76a5-4b6c-bf21-45de9cd503a1}
Type: REG_SZ
Data: Shell Publishing Wizard Object

Value 128
Name: {58f1f272-9240-4f51-b6d4-fd63d1618591}
Type: REG_SZ
Data: Get a Passport Wizard

Value 129
Name: {7A9D77BD-5403-11d2-8785-2E0420524153}
Type: REG_SZ
Data: User Accounts

Value 130
Name: {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}
Type: REG_SZ
Data: Compressed (zipped) Folder

Value 131
Name: {BD472F60-27FA-11cf-B8B4-444553540000}
Type: REG_SZ
Data: Compressed (zipped) Folder Right Drag Handler

Value 132
Name: {888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
Type: REG_SZ
Data: Compressed (zipped) Folder SendTo Target

Value 133
Name: {63da6ec0-2e98-11cf-8d82-444553540000}
Type: REG_SZ
Data: FTP Folders Webview

Value 134
Name: {883373C3-BF89-11D1-BE35-080036B11A03}
Type: REG_SZ
Data: Microsoft DocProp Shell Ext

Value 135
Name: {A9CF0EAE-901A-4739-A481-E35B73E47F6D}
Type: REG_SZ
Data: Microsoft DocProp Inplace Edit Box Control

Value 136
Name: {8EE97210-FD1F-4B19-91DA-67914005F020}
Type: REG_SZ
Data: Microsoft DocProp Inplace ML Edit Box Control

Value 137
Name: {0EEA25CC-4362-4A12-850B-86EE61B0D3EB}
Type: REG_SZ
Data: Microsoft DocProp Inplace Droplist Combo Control

Value 138
Name: {6A205B57-2567-4A2C-B881-F787FAB579A3}
Type: REG_SZ
Data: Microsoft DocProp Inplace Calendar Control

Value 139
Name: {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}
Type: REG_SZ
Data: Microsoft DocProp Inplace Time Control

Value 140
Name: {8A23E65E-31C2-11d0-891C-00A024AB2DBB}
Type: REG_SZ
Data: Directory Query UI

Value 141
Name: {9E51E0D0-6E0F-11d2-9601-00C04FA31A86}
Type: REG_SZ
Data: Shell properties for a DS object

Value 142
Name: {163FDC20-2ABC-11d0-88F0-00A024AB2DBB}
Type: REG_SZ
Data: Directory Object Find

Value 143
Name: {F020E586-5264-11d1-A532-0000F8757D7E}
Type: REG_SZ
Data: Directory Start/Search Find

Value 144
Name: {0D45D530-764B-11d0-A1CA-00AA00C16E65}
Type: REG_SZ
Data: Directory Property UI

Value 145
Name: {62AE1F9A-126A-11D0-A14B-0800361B1103}
Type: REG_SZ
Data: Directory Context Menu Verbs

Value 146
Name: {ECF03A33-103D-11d2-854D-006008059367}
Type: REG_SZ
Data: MyDocs Copy Hook

Value 147
Name: {ECF03A32-103D-11d2-854D-006008059367}
Type: REG_SZ
Data: MyDocs Drop Target

Value 148
Name: {4a7ded0a-ad25-11d0-98a8-0800361b1103}
Type: REG_SZ
Data: MyDocs Properties

Value 149
Name: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Type: REG_SZ
Data: Offline Files Menu

Value 150
Name: {10CFC467-4392-11d2-8DB4-00C04FA31A66}
Type: REG_SZ
Data: Offline Files Folder Options

Value 151
Name: {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}
Type: REG_SZ
Data: Offline Files Folder

Value 152
Name: {143A62C8-C33B-11D1-84FE-00C04FA34A14}
Type: REG_SZ
Data: Microsoft Agent Character Property Sheet Handler

Value 153
Name: {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}
Type: REG_SZ
Data: DfsShell

Value 154
Name: {60fd46de-f830-4894-a628-6fa81bc0190d}
Type: REG_SZ
Data: %DESC_PublishDropTarget%

Value 155
Name: {7A80E4A8-8005-11D2-BCF8-00C04F72C717}
Type: REG_SZ
Data: MMC Icon Handler

Value 156
Name: {0CD7A5C0-9F37-11CE-AE65-08002B2E1262}
Type: REG_SZ
Data: .CAB file viewer

Value 157
Name: {32714800-2E5F-11d0-8B85-00AA0044F941}
Type: REG_SZ
Data: For &People...

Value 158
Name: {8DD448E6-C188-4aed-AF92-44956194EB1F}
Type: REG_SZ
Data: Windows Media Player Play as Playlist Context Menu Handler

Value 159
Name: {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}
Type: REG_SZ
Data: Windows Media Player Burn Audio CD Context Menu Handler

Value 160
Name: {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}
Type: REG_SZ
Data: Windows Media Player Add to Playlist Context Menu Handler

Value 161
Name: {0006F045-0000-0000-C000-000000000046}
Type: REG_SZ
Data: Microsoft Outlook Custom Icon Handler

Value 162
Name: {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Type: REG_SZ
Data: Shell Extensions for RealOne Enterprise Desktop

Value 163
Name: {969223C0-26AA-11D0-90EE-444553540000}
Type: REG_SZ
Data: Shell Extension

Value 164
Name: {F8B14440-3785-11D1-B363-5C6F08C10000}
Type: REG_SZ
Data: PGPdisk Shell Extension

Value 165
Name: {20082881-FC36-4E47-9A7A-644C95FF749F}
Type: REG_SZ
Data: IntelliPoint Wireless Control Panel Property Page

Value 166
Name: {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}
Type: REG_SZ
Data: IntelliPoint Wheel Control Panel Property Page

Value 167
Name: {653DCCC2-13DB-45B2-A389-427885776CFE}
Type: REG_SZ
Data: IntelliPoint Activities Control Panel Property Page

Value 168
Name: {124597D8-850A-41AE-849C-017A4FA99CA2}
Type: REG_SZ
Data: IntelliPoint Buttons Control Panel Property Page

Value 169
Name: {5F327514-6C5E-4d60-8F16-D07FA08A78ED}
Type: REG_SZ
Data: Auto Update Property Sheet Extension

Value 170
Name: {BDA77241-42F6-11d0-85E2-00AA001FE28C}
Type: REG_SZ
Data: LDVP Shell Extensions

Value 171
Name: {C5D72D21-9A33-433A-A4D7-88AADB1735FC}
Type: REG_SZ
Data:

Value 172
Name: {6B63555F-400D-4D17-BC73-71FA0A937E27}
Type: REG_SZ
Data:

Value 173
Name: {70E871C7-DC34-4292-87C9-9CD3326A2653}
Type: REG_SZ
Data:

Value 174
Name: {62DE474E-5277-44DC-BA6F-DEB60D86A563}
Type: REG_SZ
Data:

Value 175
Name: {D5D8EF44-E97C-4F55-A2C3-8C4381FC2620}
Type: REG_SZ
Data:

Value 176
Name: {ADF42C1D-DB3B-4110-9D14-CD71F5756443}
Type: REG_SZ
Data:

Value 177
Name: {EB25E489-9BBB-45D5-A1EB-F07DAB79385D}
Type: REG_SZ
Data:

Value 178
Name: {0D779B8E-3174-47E8-937E-8AADD8BA2327}
Type: REG_SZ
Data:

Value 179
Name: {5CC02454-322A-4063-88A7-DD4372C0254D}
Type: REG_SZ
Data:

Value 180
Name: {AD857FCF-E5F5-4523-A164-D096B3738BD0}
Type: REG_SZ
Data:

Value 181
Name: {7E4B0918-9A15-4A37-86A3-47817B5ABD7C}
Type: REG_SZ
Data:

Value 182
Name: {EBF688DE-AE84-4DC5-9B89-26F6B6D294B8}
Type: REG_SZ
Data:

Value 183
Name: {6357D36E-9C2A-43C2-A426-568E137CA7AC}
Type: REG_SZ
Data:

Value 184
Name: {A3D26580-6424-45C7-8A88-95FFD22DCE29}
Type: REG_SZ
Data:

Value 185
Name: {F19ECB69-CCFA-4BF5-AAB8-A41FDFC530FB}
Type: REG_SZ
Data:

Value 186
Name: {1EEE2A93-A41F-4100-99B8-7B5FD1216CA2}
Type: REG_SZ
Data:

Value 187
Name: {E6C3EF1C-192E-4152-AAFA-EC7412C584DF}
Type: REG_SZ
Data:

Value 188
Name: {B22E2063-FBCF-440C-9F89-77F419116D8E}
Type: REG_SZ
Data:

Value 189
Name: {916E1476-3F13-455F-ABCE-AD6E47783E9D}
Type: REG_SZ
Data:

Value 190
Name: {0D769E9F-5F51-438F-A866-AD7516BEF96C}
Type: REG_SZ
Data:

Value 191
Name: {6825BE42-381B-4443-8A98-44ED5BE46CA8}
Type: REG_SZ
Data:

Value 192
Name: {D2633E4D-8E74-4C8E-A67C-7396E84A9B2C}
Type: REG_SZ
Data:

Value 193
Name: {464E39F3-EE33-4112-AB8B-E23287855CA1}
Type: REG_SZ
Data:

Value 194
Name: {C266BB3F-35E2-49A5-A08D-B2C2884A2B98}
Type: REG_SZ
Data:

Value 195
Name: {C8B35439-BE82-414E-9F73-E3624A31475B}
Type: REG_SZ
Data:

Value 196
Name: {A4DAC4A5-0DD7-4AEE-A3F0-72AE6F6A3720}
Type: REG_SZ
Data:

Value 197
Name: {B4963599-AE5D-4F37-B412-CAE5D855A9F4}
Type: REG_SZ
Data:

Value 198
Name: {50605F6D-6E86-46E2-A14C-B9D2FFF09147}
Type: REG_SZ
Data:

Value 199
Name: {DD4B2F0A-617F-4A24-845F-C632C90591A3}
Type: REG_SZ
Data:

Value 200
Name: {45F5085F-8A6B-4D00-A21B-D99035957255}
Type: REG_SZ
Data:

Value 201
Name: {D3FD62A3-3928-42A7-A646-DAAF86747069}
Type: REG_SZ
Data:

Value 202
Name: {65E4B0A0-73AB-464D-80A8-1F2512DCECFF}
Type: REG_SZ
Data:

Value 203
Name: {086FA743-D643-4B1B-91C2-FFAEDEB8F31F}
Type: REG_SZ
Data:

Value 204
Name: {CCDFFE18-856B-4915-9975-B9EF2CE125F8}
Type: REG_SZ
Data:

Value 205
Name: {e57ce731-33e8-4c51-8354-bb4de9d215d1}
Type: REG_SZ
Data: Universal Plug and Play Devices

Value 206
Name: {f39a0dc0-9cc8-11d0-a599-00c04fd64433}
Type: REG_SZ
Data: Channel File

Value 207
Name: {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}
Type: REG_SZ
Data: Channel Shortcut

Value 208
Name: {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
Type: REG_SZ
Data: Channel Handler Object

Value 209
Name: {f3da0dc0-9cc8-11d0-a599-00c04fd64437}
Type: REG_SZ
Data: Channel Menu

Value 210
Name: {f3ea0dc0-9cc8-11d0-a599-00c04fd64438}
Type: REG_SZ
Data: Channel Properties

#10 snguyen2

snguyen2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 09 January 2005 - 09:26 PM

Hi
the last post i export directly from regedit.

here the correct pst hug.txt

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}"="Compressed (zipped) Folder"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Enterprise Desktop"
"{20082881-FC36-4E47-9A7A-644C95FF749F}"="IntelliPoint Wireless Control Panel Property Page"
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}"="IntelliPoint Wheel Control Panel Property Page"
"{653DCCC2-13DB-45B2-A389-427885776CFE}"="IntelliPoint Activities Control Panel Property Page"
"{124597D8-850A-41AE-849C-017A4FA99CA2}"="IntelliPoint Buttons Control Panel Property Page"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{C5D72D21-9A33-433A-A4D7-88AADB1735FC}"=""
"{6B63555F-400D-4D17-BC73-71FA0A937E27}"=""
"{70E871C7-DC34-4292-87C9-9CD3326A2653}"=""
"{62DE474E-5277-44DC-BA6F-DEB60D86A563}"=""
"{D5D8EF44-E97C-4F55-A2C3-8C4381FC2620}"=""
"{ADF42C1D-DB3B-4110-9D14-CD71F5756443}"=""
"{EB25E489-9BBB-45D5-A1EB-F07DAB79385D}"=""
"{0D779B8E-3174-47E8-937E-8AADD8BA2327}"=""
"{5CC02454-322A-4063-88A7-DD4372C0254D}"=""
"{AD857FCF-E5F5-4523-A164-D096B3738BD0}"=""
"{7E4B0918-9A15-4A37-86A3-47817B5ABD7C}"=""
"{EBF688DE-AE84-4DC5-9B89-26F6B6D294B8}"=""
"{6357D36E-9C2A-43C2-A426-568E137CA7AC}"=""
"{A3D26580-6424-45C7-8A88-95FFD22DCE29}"=""
"{F19ECB69-CCFA-4BF5-AAB8-A41FDFC530FB}"=""
"{1EEE2A93-A41F-4100-99B8-7B5FD1216CA2}"=""
"{E6C3EF1C-192E-4152-AAFA-EC7412C584DF}"=""
"{B22E2063-FBCF-440C-9F89-77F419116D8E}"=""
"{916E1476-3F13-455F-ABCE-AD6E47783E9D}"=""
"{0D769E9F-5F51-438F-A866-AD7516BEF96C}"=""
"{6825BE42-381B-4443-8A98-44ED5BE46CA8}"=""
"{D2633E4D-8E74-4C8E-A67C-7396E84A9B2C}"=""
"{464E39F3-EE33-4112-AB8B-E23287855CA1}"=""
"{C266BB3F-35E2-49A5-A08D-B2C2884A2B98}"=""
"{C8B35439-BE82-414E-9F73-E3624A31475B}"=""
"{A4DAC4A5-0DD7-4AEE-A3F0-72AE6F6A3720}"=""
"{B4963599-AE5D-4F37-B412-CAE5D855A9F4}"=""
"{50605F6D-6E86-46E2-A14C-B9D2FFF09147}"=""
"{DD4B2F0A-617F-4A24-845F-C632C90591A3}"=""
"{45F5085F-8A6B-4D00-A21B-D99035957255}"=""
"{D3FD62A3-3928-42A7-A646-DAAF86747069}"=""
"{65E4B0A0-73AB-464D-80A8-1F2512DCECFF}"=""
"{086FA743-D643-4B1B-91C2-FFAEDEB8F31F}"=""
"{CCDFFE18-856B-4915-9975-B9EF2CE125F8}"=""
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universal Plug and Play Devices"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

thank you

#11 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:02:50 PM

Posted 11 January 2005 - 10:55 AM

Hi

I think the easiest way to "solve" this problem is to create a new account.

Please create a new account:

Go to Start --> Control Panel --> User Accounts --> click Create a new account

Follow the instructions on the screen.

Log off and log on using the new account. Do you have the problem here ?

Edited by cryo, 11 January 2005 - 10:56 AM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#12 snguyen2

snguyen2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 11 January 2005 - 02:33 PM

I found the problem. one of service host start automatic to discover the home device. I make it automatic only. everything is fine. i can access start button now.

However, nerzero is still has a problem about a protocol.



Thank you very much for you help.

#13 snguyen2

snguyen2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 11 January 2005 - 02:35 PM

I will create another account for check my netzero.



Thank you very much for you help.

#14 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:02:50 PM

Posted 11 January 2005 - 02:37 PM

However, nerzero is still has a problem about a protocol.

Maybe you must reinstall the software.


Glad to hear that your problem with the Start Menu is solved :thumbsup:.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#15 snguyen2

snguyen2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 18 January 2005 - 07:12 PM

thank you very much.


Everything working fine


:thumbsup: :flowers: :trumpet:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users