Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
one of our home computers, (Dell desktop, xp media, IE 6.x) has a brower helper dll that is unidentified. I use spy sweeper to keep an eye on such things.
The file name is glmlfn.dll; spy sweeper shows the company name as unidentified.
A google search did not return any results.
the dll is located in windows/system32
IE 6.x tools/manage addons did not provide an useful information.

I did try to disable the addon from spy sweeper, and IE would not restart and threw and MFC library error... enabling the file again allowed IE to run correctly.

In addition to spy sweeper, the computer has the full McAffe suite of products, with current sweeps and definitions. Spy sweeper is run twice a day.

any thoughts, or advice would be appreciated.

thanks for your help

Brad A.
 

·
Banned
Joined
·
11,097 Posts
You could post a HijackThis log for a log Expert to look at.

Download Hijack This to your desktop open it and click on the Hijack.exe it will open and use the default path, check do you wish an Icon.......click on Icon and choose scan system and save a logfile usually in notepad.....copy and paste the logfile in your next post, using Ctrl+A to copy All and Ctrl+C to copy and Ctrl+V to paste.
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #4 ·
the following is the log file suggested: (thanks again for the support) The only program open was IE (besides highjackthis.exe)

Logfile of HijackThis v1.99.1
Scan saved at 8:39:57 AM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alicia\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {eea48140-c023-4b8e-89e4-c0e65683c2f5} - C:\WINDOWS\system32\glmlfn.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: glmlfn - glmlfn.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 

·
Retired Moderator
Joined
·
84,301 Posts
Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Don’t do anything with it yet!

Click here for info on how to boot to safe mode if you don't already know how.

Reboot into Safe Mode.

Double click WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

Reboot back to Normal Mode!

  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #6 ·
Thanks again for the suggestions, I do appreciate you taking the time, below is the WinPfind scan logfile results:

WARNING: not all files found by this scanner are bad. Consult with a
knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can
ignore it. Windows sometimes displays this message due to the high volume of
disk I/O. As long as the hard disk light is flashing, the program is still
working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/3/2007 10:30:54 AM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Alicia\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/10/2004 5:00:00 AM 41397
C:\WINDOWS\SYSTEM32\dfrg.msc ()
WSUD 8/10/2004 5:00:00 AM 1200128
C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/10/2004 5:00:00 AM 708096
C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/10/2004 5:00:00 AM 257024
C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/10/2004 5:00:00 AM 657920
C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/10/2004 5:00:00 AM 1309184
C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files
within the last 60 days...
1/3/2007 10:29:30 AM S 2048
C:\WINDOWS\bootstat.dat ()
12/20/2006 7:43:34 PM RHS 104
C:\WINDOWS\system32\BED152FC09.sys ()
1/1/2007 1:44:16 PM HS 6686
C:\WINDOWS\system32\KGyGaAvL.sys ()
12/7/2006 8:30:20 PM S 9057
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat
()
11/8/2006 12:24:16 AM S 11671
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat
()
11/18/2006 1:05:18 AM S 22261
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925454.cat
()
1/3/2007 10:29:38 AM H 16384
C:\WINDOWS\system32\config\default.LOG ()
1/3/2007 10:29:50 AM H 1024
C:\WINDOWS\system32\config\SAM.LOG ()
1/3/2007 10:29:30 AM H 16384
C:\WINDOWS\system32\config\SECURITY.LOG ()
1/3/2007 10:30:18 AM H 77824
C:\WINDOWS\system32\config\software.LOG ()
1/3/2007 10:29:36 AM H 978944
C:\WINDOWS\system32\config\system.LOG ()
11/14/2006 8:04:10 PM S 558
C:\WINDOWS\system32\config\systemprofile\Application
Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD ()
11/14/2006 8:04:10 PM S 146
C:\WINDOWS\system32\config\systemprofile\Application
Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD ()
1/3/2007 10:28:08 AM H 6
C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/10/2004 5:00:00 AM 68608
C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 549888
C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 110592
C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
10/25/2005 1:00:00 AM 1019904
C:\WINDOWS\SYSTEM32\CMDVDPak.cpl (Sonic Solutions)
8/10/2004 5:00:00 AM 135168
C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 80384
C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 155136
C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 358400
C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 129536
C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 380416
C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/10/2005 10:43:18 AM 73728
C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/10/2004 5:00:00 AM 68608
C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/19/2003 5:48:12 PM 61555
C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems)
8/10/2004 5:00:00 AM 187904
C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 618496
C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 35840
C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 25600
C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 257024
C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 36864
C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 32768
C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 114688
C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
11/18/2004 10:02:36 AM 77824
C:\WINDOWS\SYSTEM32\PRApplet.cpl (Intel(R) Corporation)
4/8/2006 3:30:14 PM 24576
C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)
11/16/2005 9:35:44 PM 159825
C:\WINDOWS\SYSTEM32\stac97.cpl (SigmaTel, Inc.)
8/10/2004 5:00:00 AM 298496
C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 28160
C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 94208
C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/10/2004 5:00:00 AM 148480
C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360
C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control -
CodeBase =
http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class -
CodeBase =
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.4.2_03 - CodeBase =
http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase =
http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/16/2005 4:43:08 AM HS 84 C:\Documents and
Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/16/2005 4:33:26 AM HS 62 C:\Documents and
Settings\All Users\Application Data\desktop.ini ()
1/1/2007 12:10:30 PM 6230 C:\Documents and
Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
8/16/2005 4:43:08 AM HS 84 C:\Documents and
Settings\Alicia\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
8/16/2005 4:33:26 AM HS 62 C:\Documents and
Settings\Alicia\Application Data\desktop.ini ()
11/13/2006 7:16:22 PM 3584 C:\Documents and
Settings\Alicia\Application Data\dvd.bmk ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>>Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.dell.com
\\Search Page -
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.dell.com
\\Default_Search_URL -
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://neopets.com/
\\Search Bar -
http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
\\Search Page -
http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
\\Default_Page_URL -
http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch -
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant -
http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook =
%SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>>BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects]
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper =
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems
Incorporated)
\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - McBrwHelper Class =
c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll (McAfee, Inc.)
\{3EC8255F-E043-4cae-8B3B-B191550C2A22} - McAfee Privacy Service Popup
Blocker = c:\program files\mcafee.com\mps\popupkiller.dll (McAfee, Inc.)
\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - McAfee AntiPhishing Filter =
c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess =
C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - CBrowserHelperObject Object =
c:\Program Files\BAE\BAE.dll (Dell Inc.)
\{eea48140-c023-4b8e-89e4-c0e65683c2f5} - =
C:\WINDOWS\system32\glmlfn.dll ()

>>>Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day =
%SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com =
C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band =
%SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band =
%SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band =
%SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band =
%SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band =
%SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan =
c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address =
%SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address =
%SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links =
%SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program
files\google\googletoolbar1.dll (Google Inc.)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar =
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8197
\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - 8193 =
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8195 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8196 = Windows Messenger

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = ()
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger =
C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>>Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension =
deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file
compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext =
C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess =
C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
\\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context
Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot
Software, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail =
C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program
Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved]

>>>Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} =
C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\{CFC7205E-2792-4378-9591-3879CC6C9022} - =
c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} =
C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
\{CFC7205E-2792-4378-9591-3879CC6C9022} - =
c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)

>>>Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>>Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
SigmatelSysTrayApp - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(ATI Technologies, Inc.)
DMXLauncher - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks,
Inc.)
MMTray - C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe (Musicmatch, Inc.)
ISUSPM Startup - C:\Program Files\Common
Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software
Corporation)
ISUSScheduler - C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe (InstallShield Software
Corporation)
VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
MCUpdateExe - c:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
MSKDetectorExe - C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe (McAfee, Inc.)
DLA - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe (McAfee Inc.)
MimBoot - C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe (Musicmatch, Inc.)
VirusScan Online - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee,
Inc.)
MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe (McAfee Security)
SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot
Software, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer,
Inc.)
Corel Photo Downloader - C:\Program Files\Corel\Corel Photo Album
6\MediaDetect.exe (Corel, Inc.)
MPSExe - c:\PROGRA~1\mcafee.com\mps\mscifapp.exe (McAfee, Inc.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer,
Inc.)
HP Component Manager - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
(Hewlett-Packard Company)
HPDJ Taskbar Utility -
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
HP Software Update - C:\Program Files\Hewlett-Packard\HP Software
Update\HPWuSchd2.exe (Hewlett-Packard Company)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DellSupport - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe ()
MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft
Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>>Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders\\Common Startup]
C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders\\Startup]
C:\Documents and Settings\Alicia\Start Menu\Programs\Startup\desktop.ini
()

>>>MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>>User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform]
\\SV1 -

>>>AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows\\AppInit_DLLs]

>>>Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File
Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>>Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} =
%SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} =
%SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} =
%SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} =
C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

>>>Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

>>>Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader =
%SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache
daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>>Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\glmlfn - glmlfn.dll = ()
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = (Webroot Software, Inc.)

>>>DNS Name Servers <<<
{56495BD0-C286-4E15-9EE0-15B1FDA1337B} - (Intel(R) PRO/100 VE Network
Connection)

>>>All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft
Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft
Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft
Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000002\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000003\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000004\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000005\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000006\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000007\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000008\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000009\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000010\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000011\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll
(Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll
(Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll
(Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll
(Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll
(Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll
(Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll
(Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll
(Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll
(Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll
(Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll
(Microsoft Corporation)
\000000000023\\PackedCatalogItem - CC:\WINDOWS\system32\mclsp.dll ()

>>>Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
(Hewlett-Packard Company)
\ipp - ()
\msdaipp - ()

>>>Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>>Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 

·
Retired Moderator
Joined
·
84,301 Posts
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\glmlfn.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top