Lost Explorer.exe - Page 2

Question

PhilliePhan 171 Central Scrutinizer

13 Years Ago

PhilliePhan here is the log...

Actually, that is the contents of my batch file :)

Open a command prompt with task manager and type: C:\ExWin\RunThis.bat and hit ENTER.
The tool should run and a log will pop up.

I'll be back Sunday evening EST.

Hang in there!

PP:)

gerbil 216 Industrious Poster

13 Years Ago

There ya go, Trampaw. Before you know it, you'll be out of your truck and spending your life in front of a computer. Those local chicks [chooks] might then give you a new handle... Anyway...
Just for information [for anyone], you can start IE and pass it a file to display with this command as an example: Go Start, Run, and paste in...
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -k "d:\downloads\look.zip"
Then, rclicking Look.bat and choosing Open will give the notepad log as result. Windows has an inbuilt unzip application.
To exit press Alt F4
Note... don't run that example, Trampaw, because you did not save Look.zip to the location I gave in that command. You would probably run something like...
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -k "%homepath%\my documents\downloads\look.zip"
...but I'm guessing...

Edited 13 Years Ago by gerbil because: n/a

PhilliePhan 171 Central Scrutinizer

13 Years Ago

OMG.... OMG... Whatever you guys had me do worked. I have my desktop back and no longer have to navigate with task manager....

Great!

You were missing C:\Windows\Explorer.exe, as shown in the first log.
Running ExWin restored it for you - just copied it from ServicePackFiles..... Simple as that.

Cheers :)
PP

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

TRAMPAW 0 Newbie Poster · Answer 1 · 2011-02-27T11:38:02+00:00

Sorry caperjack my friend... Wasn't trying to be an ass.

PhilliePhan here is the log...

<snip>

And I downloaded the look file to MyDocuments and I dont know the command prompt to find it. I am sorry. I am an old man :-) when I open it through task manager, I can't right click on it.

TRAMPAW 0 Newbie Poster · Answer 2 · 2011-02-27T12:12:08+00:00

OK... Finaly got the look file to work. I didnt have a unzip program. Now I do... LMAO
Here ya go...

Microsoft Windows XP [Version 5.1.2600]
Sun 02/27/2011 
01:02 AM



 Volume in drive C has no label.
 Volume Serial Number is D076-5EE7

 Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008  05:42 AM         1,033,728 explorer.exe
               1 File(s)      1,033,728 bytes

     Total Files Listed:
               1 File(s)      1,033,728 bytes
               0 Dir(s)  24,925,212,672 bytes free


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="NC6220"
"DefaultUserName"="HP"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\
  00,00,00
"LogonType"=dword:00000001
"Background"="0 0 0"
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000000
"AltDefaultUserName"="HP"
"AltDefaultDomainName"="NC6220"
"ChangePasswordUseKerberos"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
@="Group Policy Environment"
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"ProcessGroupPolicyEx 0"=""
"EventSources"="(Group Policy Environment,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
@="Group Policy Local Users and Groups"
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
"EventSources"="(Group Policy Local Users and Groups,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
@="Group Policy Device Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
"EventSources"="(Group Policy Device Settings,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
  00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
  70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
@="Group Policy Network Options"
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
"EventSources"="(Group Policy Network Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,34,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
@="Group Policy Drive Maps"
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
"EventSources"="(Group Policy Drive Maps,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,35,00,00,00
"PerUserLocalSettings"=dword:00000001
"NoBackgroundPolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
@="Group Policy Folders"
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
"EventSources"="(Group Policy Folders,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,36,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
@="Group Policy Network Shares"
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
"EventSources"="(Group Policy Network Shares,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,37,00,00,00
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
@="Group Policy Files"
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
"EventSources"="(Group Policy Files,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,38,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
@="Group Policy Data Sources"
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
"EventSources"="(Group Policy Data Sources,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
@="Group Policy Ini Files"
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
"EventSources"="(Group Policy Ini Files,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@="Internet Explorer User Accelerators"
"DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
  00,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
@="Group Policy Services"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
"EventSources"="(Group Policy Services,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,31,00,00,00
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
@="Group Policy Folder Options"
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
"EventSources"="(Group Policy Folder Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,32,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
@="Group Policy Scheduled Tasks"
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
@="Group Policy Registry"
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
"EventSources"="(Group Policy Registry,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,34,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
  00,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@="802.3 Group Policy"
"DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\
  00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\
  2e,00,64,00,6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
@="Group Policy Printers"
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
"EventSources"="(Group Policy Printers,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,36,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
@="Group Policy Shortcuts"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
"EventSources"="(Group Policy Shortcuts,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,37,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
  00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
  00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
  74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
  00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
  6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
  00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@="Internet Explorer Machine Accelerators"
"DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
@="Group Policy Internet Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
"EventSources"="(Group Policy Internet Settings,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,38,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
@="Group Policy Start Menu Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
"EventSources"="(Group Policy Start Menu Settings,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,39,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
@="Group Policy Regional Options"
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
"EventSources"="(Group Policy Regional Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,30,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
@="Group Policy Power Options"
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
"EventSources"="(Group Policy Power Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,31,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
@="Group Policy Applications"
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
"EventSources"="(Group Policy Applications,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
  00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,35,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
"Asynchronous"=dword:00000001
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
  00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallEvent"="1.9.0040.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
@=""
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
  00,00,48,14,81,fb,5a,83,4a,44,ba,39,e5,92,52,30,76,86,04,00,00,00,04,00,00,\
  00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,35,11,48,d1,05,15,51,e9,\
  9c,a8,3a,80,93,da,e9,26,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,23,\
  63,40,cb,c4,94,01,1a,bb,87,54,6a,14,41,91,92,b8,01,00,00,a3,09,cf,1a,a2,90,\
  07,f6,49,db,b1,57,b3,2b,16,86,f4,62,29,1d,dc,86,6c,3b,66,7b,12,8d,51,00,c7,\
  6d,c4,c6,47,81,f1,a6,fe,80,b3,c8,35,51,91,45,38,c1,ee,81,14,f5,a4,7d,6e,5d,\
  4d,ef,84,43,ee,90,41,83,69,6b,1a,91,33,b0,3a,c7,34,a0,8e,d4,59,0b,fe,a5,ed,\
  69,c9,bb,e8,f9,2f,e8,19,ec,11,43,96,49,a7,b2,04,7b,46,81,1d,2f,89,3e,f0,b8,\
  7a,29,42,67,a8,73,c1,29,70,f5,cf,cd,1a,1e,cd,c0,cb,e5,60,92,4c,de,22,40,51,\
  88,72,c6,c5,de,92,70,f2,12,6f,4f,44,52,8c,52,6b,e2,e9,5f,d1,35,a8,74,4d,20,\
  83,9d,0d,3d,7d,2a,34,fd,a7,a4,f2,92,87,27,d5,05,64,ac,ed,cf,9c,45,dd,ed,27,\
  e7,09,2d,92,36,57,96,dd,74,62,3d,55,2d,f0,77,ac,66,0a,9d,16,7f,80,22,a0,59,\
  fd,7c,2e,8f,01,9b,fc,90,8a,ec,5b,8d,d4,45,9f,51,0d,d9,48,e7,ee,76,a7,c1,47,\
  81,dc,38,e8,6f,9e,20,6a,90,b4,29,ae,b8,f8,20,0b,ae,1b,e7,9d,dc,1e,1b,1c,36,\
  cc,8d,15,b4,47,c5,8e,bd,b5,8d,59,ca,a2,48,f6,e0,1f,94,fd,fa,0a,4d,1c,25,7c,\
  ed,e0,9b,8f,20,ae,cb,49,f2,c0,ca,81,3d,3e,6a,09,24,83,57,00,e4,92,f3,04,09,\
  e3,73,41,39,a2,5d,e0,4f,14,af,9c,32,0c,95,c4,aa,9c,99,de,07,9b,a4,3d,bd,36,\
  59,f3,02,1c,40,d4,6c,d0,68,a5,f6,95,0a,5b,9a,db,20,bf,23,f4,e6,ea,1a,b2,e4,\
  e3,0e,cf,ed,29,8e,1b,f8,d5,42,20,ce,f9,22,3a,8b,69,9d,4b,cc,50,de,41,0b,28,\
  11,7f,a7,4d,0c,80,e0,b5,12,06,f9,2e,b8,6f,ed,ae,76,e3,07,7f,4c,3d,f2,49,8d,\
  43,64,08,f2,31,f2,d6,97,72,a0,74,9e,75,b4,9f,81,26,43,5a,51,14,ff,01,ce,e3,\
  d2,d3,0a,91,4c,45,76,ca,43,14,00,00,00,17,e3,15,dc,fd,2a,11,b3,2c,a7,27,73,\
  db,42,35,b3,2d,07,39,71

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini]
"boot.description"="SYS:Microsoft\\Windows NT\\CurrentVersion\\WOW\\boot.description"
"drivers"="#SYS:Microsoft\\Windows NT\\CurrentVersion\\drivers"
"drivers32"="SYS:Microsoft\\Windows NT\\CurrentVersion\\Drivers32"
"keyboard"="SYS:Microsoft\\Windows NT\\CurrentVersion\\WOW\\keyboard"
"MCI"="SYS:Microsoft\\Windows NT\\CurrentVersion\\MCI"
"MCI32"="SYS:Microsoft\\Windows NT\\CurrentVersion\\MCI32"
"msacm.drv"="USR:Software\\Microsoft\\Multimedia\\Sound Mapper"
"NonWindowsApp"="SYS:Microsoft\\Windows NT\\CurrentVersion\\WOW\\NonWindowsApp"
"standard"="SYS:Microsoft\\Windows NT\\CurrentVersion\\WOW\\standard"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot]
@="SYS:Microsoft\\Windows NT\\CurrentVersion\\WOW\\boot"
"ScreenSaverActive"="USR:Control Panel\\Desktop"
"ScreenSaverIsSecure"="USR:Control Panel\\Desktop"
"SCRNSAVE.EXE"="USR:Control Panel\\Desktop"
"Shell"="SYS:Microsoft\\Windows NT\\CurrentVersion\\Winlogon"

TRAMPAW 0 Newbie Poster · Answer 3 · 2011-02-27T12:17:41+00:00

And here is the run this log...
PLEASE POST THIS LOG AND THEN REBOOT THE COMPUTER

Microsoft Windows XP [Version 5.1.2600]
Sun 02/27/2011
01:11 AM

### Current Winlogon Shell Value ###
Shell REG_SZ Explorer.exe

### Looking for nt.dll ###

!!!!File NOT Found!!!!

### Looking For C:\WINDOWS\system32\dll ###

!!!!File NOT Found!!!!

C:\WINDOWS\System32\winlogon.exe BUILTIN\Users:R
BUILTIN\Power Users:C
BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:42 AM 507,904 winlogon.exe
1 File(s) 507,904 bytes

Directory of C:\WINDOWS\system32

04/14/2008 05:42 AM 507,904 winlogon.exe
1 File(s) 507,904 bytes

Total Files Listed:
2 File(s) 1,015,808 bytes
0 Dir(s) 24,922,202,112 bytes free

ed0ef0a136dec83df69f04118870003e c:\windows\servicepackfiles\i386\winlogon.exe
ed0ef0a136dec83df69f04118870003e c:\windows\system32\winlogon.exe

0x00000000 Microsoft Windows Component Publisher C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

0x00000000 Microsoft Windows Component Publisher C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\explorer.exe BUILTIN\Users:R
BUILTIN\Power Users:C
BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
NC6220\HP:F

Directory of C:\WINDOWS

04/14/2008 05:42 AM 1,033,728 explorer.exe
1 File(s) 1,033,728 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:42 AM 1,033,728 explorer.exe
1 File(s) 1,033,728 bytes

Directory of C:\WINDOWS\system32\dllcache

04/14/2008 05:42 AM 1,033,728 explorer.exe
1 File(s) 1,033,728 bytes

Total Files Listed:
3 File(s) 3,101,184 bytes
0 Dir(s) 24,921,014,272 bytes free

12896823fb95bfb3dc9b46bcaedc9923 c:\windows\explorer.exe
12896823fb95bfb3dc9b46bcaedc9923 c:\windows\servicepackfiles\i386\explorer.exe
12896823fb95bfb3dc9b46bcaedc9923 c:\windows\system32\dllcache\explorer.exe

0x00000000 Microsoft Windows Component Publisher C:\WINDOWS\explorer.exe

0x00000000 Microsoft Windows Component Publisher C:\WINDOWS\ServicePackFiles\i386\explorer.exe

0x00000000 Microsoft Windows Component Publisher C:\WINDOWS\system32\dllcache\explorer.exe

### New Winlogon Shell Value ###
Shell REG_SZ Explorer.exe

TRAMPAW 0 Newbie Poster · Answer 4 · 2011-02-27T12:45:09+00:00

OMG.... OMG... Whatever you guys had me do worked. I have my desktop back and no longer have to navigate with task manager. I also have my desktop icons back. And I didnt lose a thing that I know of. I will let you all know if this is a complete fix when u can help me make sure I am not delusional here.

TRAMPAW 0 Newbie Poster · Answer 5 · 2011-03-02T10:43:27+00:00

Yup... I figured there was a program out there that could solve this mystery. Thanks for all the help out there. I have found explorer.exe and the other missing files. Big thumbs up!!!!

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 6 · 2011-03-02T11:20:20+00:00

PhilliePhan 171 Central Scrutinizer

13 Years Ago

Thanks for all the help out there....

You're welcome! :)

yashsaxena -1 Light Poster · Answer 7 · 2011-03-08T10:23:36+00:00

hey nice information by all users specially gerbil (thank u very much . . .)