# [Resolved] iexplore has caused an error in User EXE.



## LarryCRNA (Dec 27, 2002)

Having a problem with IE while entering information in boxes I get the error message Iexplore has caused an error in USER EXEC. closing out takes me out of IE and I can usually return but on several occassions the computer has shut down and restarted on its own or I get a screen with numbers on the whole screen and cannot do anything but shut down. I have searched for info and have changed my logon settings to Windows logon and removed the PWL file. Things seemed to be fine for a couple of days but it has returned. I noticed that the PWL file I removed is back. Any Suggestions.
Running ME, IE 6 Service pack 1 with Road Runner Cable Modem. All has been well since switching to Cable about a year ago. I have Zone Alarm Fire Wall Pro and Norton Anti Virus. I have used previous thred info in keeping computer clean Ie. Tmp files etc. ME has been running well for me. Clean Install. 

Thanks


----------



## Aaron.W (May 9, 2003)

Open the Internet Properties control panel.

Go to the Content tab and click the AutoComplete button.

Click the Clear Forms button. 

Click OK to close the AutoComplete config and then click OK to close the Internet Properties control.

Close all IE windows and open it again.

If that doesn't help go back and clear the passwords too.

If that still didn't help, go to the Add/Remove Programs Control Panel, scroll to the IE6 item, open it and choose "Repair Internet Explorer".


----------



## LarryCRNA (Dec 27, 2002)

Thanks Aaron for your reply. I have followed all your instructions and reset all internet settings. I have adaware and use it regularly but downloaded spybot and found quite a few spy's that adaware had not picked up. However this has not solved the error problem as it occurred while entering a web address just before coming to this site. I had to restart in order to get the browser to work.


----------



## Rollin' Rog (Dec 9, 2000)

If you disable autocomplete, does the error still occur? (Internet Options > Advanced > Uncheck, 'use inline autocomplete')

And have you cleared the History cache as well?

Here's a method for doing a thorough DOS cleanup of the History cache, but you will need a WinME boot disk.

In WinME, you must first boot to an a:> prompt using the WinME boot disk (accept 'minimal boot', cd-rom support is not needed)

At the a:> prompt first enter:

*c:
cd windows*

Then follow these instructions (remove the boot disk before entering 'exit' or ctrl-alt-del):

At the c:\windows\> prompt enter each bold line:

*smartdrv
deltree tempor~1
deltree temp
deltree history
deltree locals~1\tempor~1
exit*

(you may get an error message on this last one (locals~1), just skip to "exit" if you do, it just means you don't have that directory)

Enter smartdrv first or the process will take a very long time. For each deltree, confirm by entering 'y' if the target directory is correct.


----------



## LarryCRNA (Dec 27, 2002)

Rollin Rog

Thanks for your reply. Is my Windows ME Start up disk that I made after installing ME the same as a windows boot disk. I was under the impression that in ME the dos function could not be entered from the start up disk?? I am still having the error described after performing all previous recommendations.

Thanks
Larry


----------



## Rollin' Rog (Dec 9, 2000)

Yes, if you use your WinME boot disk and get to the a:> prompt you should be able to follow my instructions from there for WinME.

But do I understand correctly that you get this error even with autocomplete disabled? If so, I think something else is going on there. It would be helpful to see a post of the HijackThis Scanlog:

http://www.tomcoyote.org/hjt/


----------



## LarryCRNA (Dec 27, 2002)

Rollin'Rog

Yes, I have disabled Auto Complete. I tried to download HJT but I don't have Win-zip. Will purchase within the next few days and get back to you with the results. 

Thanks for your help!!


----------



## Rollin' Rog (Dec 9, 2000)

WinME has it's own built in unzipper, isn't it working?

http://support.microsoft.com/default.aspx?scid=kb;en-us;268859

You can get the "evaluation" version of Winzip, it does not expire and you just have to click through a 'nag' page when opening things. It's a good program.

http://www.winzip.com/ddchomea.htm


----------



## LarryCRNA (Dec 27, 2002)

OK

Here is the HJT log. Hope this is helpful.

Logfile of HijackThis v1.94.0
Scan saved at 10:13:48 PM, on 6/23/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://keyword.netscape.com/keyword/%s
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.2\NHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCBG] C:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [Lavasoft Adwatch] C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-WATCH.EXE /min
O4 - HKCU\..\Run: [Adaware Bootup] C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-AWARE.EXE /Auto /Log "C:\PROGRAM FILES\LAVASOFT AD-AWARE\"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HotSync.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mpga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://www.expressit.com/Plugin/3DGreetings/PlayerX.CAB
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/WRActiveX/FileXfer.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shopintuit.com/Executables/IE/IDA.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/roadrunner/meninblackII/install.cab
O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/combat_medic/CMonline.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37600.6500694444
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe

Thanks


----------



## Rollin' Rog (Dec 9, 2000)

Well I don't see anything there to really point a finger at.

The closest MS article to the error, and it has been reported to apply to user.exe as well, is this one:

http://support.microsoft.com/?kbid=221085

Obviously that is what we have been looking at, so it is doubly puzzling to see you report that the error can occur with Autocomplete disabled. I hope I'm not being out of place to ask that you confirm that it is indeed disabled, by reviewing the steps in the article.

However, let's try this. From Start>RUN, enter *regedit*

With IE closed, navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\*TypedURLs*

The key may be absent after deleting history. That's as it should be. Or the right pane may be empty, except perhaps for the default. You can right click on *TypedUrls* if present and delete it. Restarting IE and entering an address will recreate it.

If that doesn't help, I'm going to suggest two other things -- one is to proceed with the DOS deletion steps I gave -- and if that offers no resolution, to try a "clean boot".

Clean boot directions here:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q267288

A third possible avenue, is to try a registry repair. In WinME this is accomplished by going to Start > Run and entering:

scanreg /fix

note the space after scanreg. A restart will be needed to complete the operation.


----------



## LarryCRNA (Dec 27, 2002)

Rollin' Rog

Went to Regedit found the Hkey but could not find TYPEDURLS. There was a folder named "AboutURLS." This did have 8 or nine entries on the right. Is this the same?? I did not delete as of yet. Also did registry repair, and rechecked autocomplete to make sure nothing was checked and it wasn't. I have recleared everything including History. There are 3 of us regularly on the internet so I should know soon whether these steps have worked. If not I will try the DOS cleanup and then CLEAN BOOT.


----------



## Rollin' Rog (Dec 9, 2000)

Hold da' phone, and My Apologies for being taken in by this, I hadn't seen it before and assumed (you know the old saying) it was related to NAV -- Norton Antivirus:

O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.2\NHELPER.DLL

Look for NavHelper in Add/Remove programs and remove from there. If absent, check and "fix" with HijackThis, and that should be the end of it.

http://www.doxdesk.com/parasite/NavExcel.html


----------



## LarryCRNA (Dec 27, 2002)

Rollin' Rog

Thanks. Found the bleepin parasite and removed it form Add/Remove. Will let you know what develops. 

Thanks for your help.

Larry


----------



## Rollin' Rog (Dec 9, 2000)

Great, it sure looks like the culprit, but I'll wait for your confirmation before marking this resolved.


----------



## LarryCRNA (Dec 27, 2002)

Rollin' Rog

It appears that the problem has been fixed. No complaints from my family and it has not occurred with me. This site, and you techs are great. My donation will follow.

Thanks


----------



## Rollin' Rog (Dec 9, 2000)

Good to hear Larry, you're most welcome -- and Tech Guy will appreciate the help here as well, so thanks for the support!


----------



## ablasen57 (Nov 11, 2003)

Thanks to Rollin' Rog for the tip on Navhelper. I haven't seen the problem since I removed that.


----------



## Baller (Nov 28, 2003)

Hy there,
I am having the same problems but do not have navhelper under add/remove programs. Can you help me?


----------



## Baller (Nov 28, 2003)

i also would like to know where is hijackthis


----------



## Baller (Nov 28, 2003)

Logfile of HijackThis v1.97.7
Scan saved at 5:31:21 PM, on 11/28/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.EXE
C:\PROGRAM FILES\RVP\BPC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
C:\WINDOWS\TVTMD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\MSBB.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\WEATHERCAST\WEATHER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE
C:\PROGRAM FILES\SPYBLAST\SPYBLAST.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3ISYAZE6\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3ISYAZE6\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50039
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netins.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50039
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50039
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\kt2lawvu.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_2_0.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\MPZ300.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINDOWS\SYSTEM\NETPAL.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1211.DLL
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_2_0.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O11 - Options group: [CommonName] CommonName
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002060602/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37625.4264699074
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_2_0.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?rand=20034613
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {E2B2B5A1-B48C-4886-A318-723916A01024} (SBFullInst Control) - http://www.spyblast.com/download/SBFullWU.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/SS4J8106/screen.cab
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} (SBFullInst Control) - http://www.spyblast.com/download/SBFull.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = netins.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = netins.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 167.142.225.3,167.142.225.1


----------

