Holy Crap! sorry...now what the heck is going on? Hey, we are now up to 211 posts with this one...what the heck, let's go for 300!
Administrator
Holy Crap! sorry...now what the heck is going on? Hey, we are now up to 211 posts with this one...what the heck, let's go for 300!
Senior Member
The drives are back again, at least.
Senior Member
Haha... what comes after "Senior Member"?
Senior Member
Internet's working again, too! I'm ashamed to admit what happened out of fear you'll think I don't know anything after all...
I have two ethernet cords behind my tower, one of which goes to the network, one of which goes to nothing. Guess which one I plugged in first :-X
But I've re-unplugged now, just in case.
Senior Member
So, it looks like we can discount the last lump of posts about the disk drives, and we can go back to the fact that WPFind is giving me the error. Reminder: The error says "Access violation at address 00402849 in module Winpfind.exe. Read of address 013BFFFF" and then the scanner hangs on the task "Scanning ShellExecuteHooks key"
Administrator
Try this...
ISeeYouXP
Run in normal mode.
Possible Error Messages
-- If your ISeeYouXP.txt log appear to be empty or semi-empty or if you get an error message similar to the below
when running ISeeYouXP.bat and you are running Windows XP or Windows 2000, follow the steps further down that relate
to your OS
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT.
The system file is not suitable for running MS-DOS and Microsoft Window applications.
To fix the above error message, choose the download below which is appropriate for your system
O For Windows XP Pro: download and run: XPproFix
O For Windows XP Home: download and run: XPHomeFix
O For Windows 2000: download and run: W2KFix
Then run ISeeYouXP.bat again and attach the log.
-- A possible second type of error message may occur as shown below! If you get either of these two messages,
perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem
16 bit MS-DOS Subsystem
drive:\program path
XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.
-or-
16 bit MS-DOS Subsystem
drive:\program path
SYSTEM\CurrentControlSet\Control\VirtualDeviceDriv ers. VDD. Virtual Device Driver format in the registry is invalid.
Choose 'Close' to terminate the application.
After attempting to fix the above errors, run ISeeYouXP.bat again and attach the log.
Administrator
Originally Posted by StckFigure
Old Timer's DiseaseHaha... what comes after "Senior Member"?
Senior Member
This'll take three posts, it looks like. I see lots of NOT FOUNDs, which is nice! I also see
**** PPTP Haxdoor FOUND by this tool! ****
CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport
I don't know what the second part is.
Beyond that, my untrained eye isn't really sure what I'm looking for anyway, so here's the whole thing!
************************************************** **********************************
ISeeYouXP v2.0 Beta6
ISeeYouXP v1.3.0-v2.0 Beta6 Copyright - ShadowPuterDude
ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan
------------------------------------------------------------------------------------
**** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! ****
**** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. ****
************************************************** **********************************
Windows OS is:
Microsoft Windows XP [Version 5.1.2600]
It's Thu May 17, 2007 05:05:33 PM
------------------------------------------------------------------------------------
ISeeYouXP installation folder and files
"C:\ISeeYouXP\"
change.log Apr 4 2007 3690 "change.log"
chodefix.bat Feb 21 2007 5214 "chodefix.bat"
egrep Dec 24 2004 35 "egrep"
fgrep Dec 24 2004 35 "fgrep"
fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat"
getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat"
grep.exe Dec 24 2004 160768 "grep.exe"
hideit.bat Mar 31 2007 1114 "HideIT.bat"
iseeyo~1.bat Apr 7 2007 177450 "ISeeYouXP.bat"
libico~1.dll Mar 16 2004 898048 "libiconv2.dll"
libintl3.dll Oct 9 2004 101888 "libintl3.dll"
locate.com Jan 14 2005 11254 "locate.com"
ltime.exe Oct 28 1986 13184 "ltime.exe"
msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat"
pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT"
pcre.dll Nov 14 2004 183313 "pcre.dll"
regedi~1.bat Mar 30 2007 650 "RegEditFix.bat"
showit.bat Mar 31 2007 1055 "ShowIT.bat"
swreg.exe Apr 5 2007 139776 "swreg.exe"
system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat"
taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat"
21 items found: 21 files, 0 directories.
Total of file sizes: 1,705,841 bytes 1.63 M
3 Dir(s) 56,363,982,848 bytes free
------------------------------------------------------------------------------------
System Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EDDIE
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\EDDIE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Ulead Systems\Mpeg;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=EDDIE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
------------------------------------------------------------------------------------
Showing any Pocket Killbox backup files
No matches found.
------------------------------------------------------------------------------------
SYSTEM.INI:
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[Windows]
load=
------------------------------------------------------------------------------------
WIN.INI:
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
[WAOL]
Installed=
AppPath=C:\Program Files\America Online 9.0
SharedPath=C:\Program Files\Common Files\AOLSHARE
[Status]
State=Running
[ActiveScan]
ID = {24D13F07-97AD-4E3D-BF12-277AEA90BD0E}
[netsock]
netapi.dll-VREKDD26FS-32b2=5505820
netapi.dll-IZALEN0-312e=5505820
[FISApp]
CLSID=462025A221786122ED8F30
[RAD Video Tools]
Path=C:\Documents and Settings\Owner\Desktop\2\Digital Book
BinkComp= /d650000 /m3.0 /l4 /p8
BinkMix=
SmackComp= /n250000 /m3.0 /l104 /v8
SmackMix=/l104
BinkPlay=
SmackPlay=
BinkConv= /n-1
X=100
Y=100
W=526
H=392
LastVersionCheckDate=2007-04-12
[FoxyTunesWMP]
MessageBoxAnswer=0
------------------------------------------------------------------------------------
LOG for Microsoft Windows Malicious Software Removal Tool:
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.25, February 2007
Started On Sat Feb 17 00:24:46 2007
Results Summary:
----------------
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 17 00:25:03 2007
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.27, March 2007
Started On Thu Mar 15 00:31:15 2007
Results Summary:
----------------
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 15 00:31:29 2007
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.28, April 2007
Started On Thu Apr 12 23:44:02 2007
Results Summary:
----------------
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 12 23:44:18 2007
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Mon May 14 03:17:42 2007
Results Summary:
----------------
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Mon May 14 03:18:56 2007
----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\advanced
Hidden REG_DWORD 2 (0x2)
SuperHidden REG_DWORD 1 (0x1)
ShowSuperHidden REG_DWORD 1 (0x1)
HideFileExt REG_DWORD 1 (0x1)
************************************************** **********************************
Examining Select Windows Registry Keys
------------------------------------------------------------------------------------
--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\internet settings\zonemap\domains
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\internet settings\zonemap\domains\msn.com
----------------------------------------------------------------------------
Current User ZoneMap ProtocolDefaults
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\internet settings\zonemap\protocoldefaults
<NO NAME> REG_SZ
http REG_DWORD 3 (0x3)
https REG_DWORD 3 (0x3)
ftp REG_DWORD 3 (0x3)
file REG_DWORD 3 (0x3)
@ivt REG_DWORD 1 (0x1)
shell REG_DWORD 0 (0x0)
----------------------------------------------------------------------------
Default URL Prefix Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url\DefaultPrefix
<NO NAME> REG_SZ http://
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url\Prefixes
ftp REG_SZ ftp://
gopher REG_SZ gopher://
home REG_SZ http://
mosaic REG_SZ http://
www REG_SZ http://
--------------------------------------------------------------------------
Startup Items Disabled via MSCONFIG:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
UleadBurningHelper REG_DWORD 2 (0x2)
svcWRSSSDK REG_DWORD 2 (0x2)
RoxWatch REG_DWORD 2 (0x2)
RoxUpnpServer REG_DWORD 2 (0x2)
RoxUPnPRenderer REG_DWORD 3 (0x3)
RoxMediaDB REG_DWORD 3 (0x3)
RoxLiveShare REG_DWORD 2 (0x2)
AOL TopSpeedMonitor REG_DWORD 2 (0x2)
AOL ACS REG_DWORD 2 (0x2)
AFSEGTGF Windows Service REG_DWORD 2 (0x2)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path REG_SZ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup REG_SZ C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item REG_SZ Adobe Reader Speed Launch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk
path REG_SZ C:\Documents and Settings\All Users\Start Menu\Programs\BigFix\BigFix.lnk
backup REG_SZ C:\WINDOWS\pss\BigFix.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\BigFix\BigFix.exe /atstartup
item REG_SZ BigFix
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk
path REG_SZ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup REG_SZ C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\VPNCLI~1\vpngui.exe "-user_logon"
item REG_SZ Cisco Systems VPN Client
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-link AirPlus G DWL-G120 Wireless USB.lnk
path REG_SZ C:\Documents and Settings\All Users\Start Menu\Programs\D-link AirPlus G DWL-G120 Wireless USB\D-link AirPlus G DWL-G120 Wireless USB.lnk
backup REG_SZ C:\WINDOWS\pss\D-link AirPlus G DWL-G120 Wireless USB.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\D-LINK~1\120UTIL.exe
item REG_SZ D-link AirPlus G DWL-G120 Wireless USB
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ
hkey REG_SZ HKLM
command REG_SZ
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ
hkey REG_SZ HKCU
command REG_SZ
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ AOL
hkey REG_SZ HKCU
command REG_SZ "C:\Program Files\America Online 9.0\AOL.EXE" -b
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ AOLSP Scheduler
hkey REG_SZ HKLM
command REG_SZ "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ atiptaxx
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ccApp
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ zHotkey
hkey REG_SZ HKLM
command REG_SZ zHotkey.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ cmd32
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\cmd32.exe internat.dll,LoadKeyboardProfile
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ehtray
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\ehome\ehtray.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer32
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ efsdfgxg
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\efsdfgxg.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ AOLSoftware
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Common Files\AOL\1123358120\ee\AOLSoftware.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ hpztsb07
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ hphmon04
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\hphmon04.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ hphupd04
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ cfgwiz
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ mcagent
hkey REG_SZ HKLM
command REG_SZ c:\PROGRA~1\mcafee.com\agent\mcagent.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ mcupdate
hkey REG_SZ HKLM
command REG_SZ C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ msmsgs
hkey REG_SZ HKCU
command REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ NeroCheck
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ PSDrvCheck
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ PlaxoHelper
hkey REG_SZ HKCU
command REG_SZ C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ qttask
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ RECGUARD
hkey REG_SZ HKLM
command REG_SZ %WINDIR%\SMINST\RECGUARD.EXE
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ Remind_XP
hkey REG_SZ HKLM
command REG_SZ %WINDIR%\Creator\Remind_XP.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ PDVDServ
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ DrgToDsc
hkey REG_SZ HKLM
command REG_SZ "C:\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ RoxWatchTray
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run
key REG_SZ SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item REG_SZ services
hkey REG_SZ HKCU
command REG_SZ C:\WINDOWS\inet20099\services.exe
inimapping REG_SZ 1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySheriff
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ SpySheriff
hkey REG_SZ HKCU
command REG_SZ C:\Program Files\SpySheriff\SpySheriff.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ UsrPrmpt
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StickIt
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ
hkey REG_SZ HKCU
command REG_SZ
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StickIt Note Launcher (Required to load StickIt notes on Windows startup)
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ StickItLauncher
hkey REG_SZ HKCU
command REG_SZ C:\Stickit\StickItLauncher.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ shwiconem
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Digital Media Reader\shwiconem.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunServer
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ sunserver
hkey REG_SZ HKLM
command REG_SZ C:\CounterSpy\Consumer\sunserver.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ UrlLstCk
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Norton Internet Security\UrlLstCk.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ winstall
hkey REG_SZ HKCU
command REG_SZ C:\winstall.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xp_system
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ services
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\inet20099\services.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ MssCli
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state
system.ini REG_DWORD 0 (0x0)
win.ini REG_DWORD 0 (0x0)
bootini REG_DWORD 0 (0x0)
services REG_DWORD 2 (0x2)
startup REG_DWORD 2 (0x2)
Senior Member
Reply With Quote
