Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP WITH MALWARE REMOVAL..not had any help yet! [RESOLVED]


  • This topic is locked This topic is locked

#1
shauninho

shauninho

    New Member

  • Member
  • Pip
  • 7 posts
PLS HELP, HAVE TRIED RUNNING SMITHFRAUD.EXE THEN AVG SCAN IN SAFEMODE, FOLLOWED ALL INSTRUCTIONS BUT THE PROBLEM IS STILL HAPPENING, MY HIJACK THIS LOG WILL FOLLOW BELOW...HOPE YOU CAN HELP ME, CHEERS

Edited by shauninho, 02 February 2008 - 06:14 PM.

  • 0

Advertisements


#2
shauninho

shauninho

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
HERE IS MY HIJACK THIS LOG AS PROMISED

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:39, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: DownloadMP3 - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\Shaun\Application Data\DownloadMP3[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlhome.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.co...houseplayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Freeloader Monthly Subscription Service - Unknown owner - C:\Program Files\Common Files\Freeloader Shared\Service\Freeloader Monthly Subscription Service File.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.railsim-b...M/NMBS-MS96.jpg

--
End of file - 8695 bytes



PANDA ACTIVE SCAN RESULTS
Incident Status Location

Possible Virus. Not disinfected C:\$CTJTMP\Wizard.exe

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\rvexreyh.default\cookies.txt[.doubleclick.net/]
Possible Virus. Not disinfected C:\Program Files\FaxTools\Install\Setup.exe
Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\Setup.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\system32\mi1.exe
Adware:Adware/SaveNow Not disinfected C:\WINDOWS\system32\mi2.exe



I AM STILL GETTING WEB PAGES OPENING WHEN I SURF..THE USUAL STUFF LIKE YOUR COMPUTER IS INFECTED SURELY THERE MUST BE A WAY TO SORT IT?!

Edited by shauninho, 02 February 2008 - 06:19 PM.

  • 0

#3
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hello shauninho and welcome to the G2G Malware forum. I don't see anything in the log. Can you give me some specifics on what the system is doing (or not doing) that would indicate any type of infection?

Cheers.

OT
  • 0

#4
shauninho

shauninho

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Oldtimer thanks for the response...the problem is, whenever I search the web either via IE7 or Firefox...about 50% of the time I go to a new website I get another window open with some company's ad. the new window is not a proper IE window as it does not open as a new window on IE7 and does not have the toolbars etc, however on the task bars at the bottom of the screen i see a new pop up which initially says "login.tracking..." and then reverts to the advertising company's name...I ran an AVG scan and it found 40 Adware cookies which I asked it to delete but it is stiall happening...do you need a screen dump or anything?

cheers
  • 0

#5
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi shauninho. Let's run a different scanner and see what we can find.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
  • 0

#6
shauninho

shauninho

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
thanks for the help OT,here is the log file

[code=auto:0]WinPFind35 logfile created on: 05/02/2008 21:03:32
WinPFind35U Version Beta42 Folder = C:\Documents and Settings\Shaun\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

503.52 Mb Total Physical Memory | 185.50 Mb Available Physical Memory | 36.84% Memory free
846.55 Mb Paging File | 590.25 Mb Available in Paging File | 69.72% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.23 Gb Total Space | 20.65 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-2C3NFA4CQP
Current User Name: Shaun
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
fws.exe -> %ProgramFiles%\Virgin Broadband\PCguard\fws.exe -> Radialpoint Inc. [Ver = 5.5.2.14234 | Size = 316920 bytes | Modified Date = 24/01/2007 18:53:22 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 14:09:16 | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 27/09/2004 22:40:38 | Attr = ]
dvpapi.exe -> %CommonProgramFiles%\Command Software\dvpapi.exe -> Authentium, Inc. [Ver = 4,94,107,129 | Size = 177688 bytes | Modified Date = 27/04/2007 18:07:52 | Attr = R ]
slserv.exe -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 07:56:56 | Attr = ]
uaservice7.exe -> %System32%\UAService7.exe -> [Ver = | Size = 126976 bytes | Modified Date = 29/09/2007 15:13:06 | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 21/06/2005 16:48:18 | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 21/06/2005 16:44:34 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 13/04/2006 19:25:30 | Attr = ]
broadbandadvisor.exe -> %ProgramFiles%\Virgin Broadband\advisor\Broadbandadvisor.exe -> Virgin Broadband [Ver = 1.5.10.14211 | Size = 2037240 bytes | Modified Date = 24/01/2007 14:12:48 | Attr = ]
rps.exe -> %ProgramFiles%\Virgin Broadband\PCguard\Rps.exe -> Virgin Broadband [Ver = 5.5.2.14234 | Size = 275960 bytes | Modified Date = 24/01/2007 18:53:48 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 03:22:56 | Attr = ]
nclaunch.exe -> %SystemRoot%\NCLAUNCH.EXe -> Northern Codeworks [Ver = 1, 0, 0, 1591 | Size = 40960 bytes | Modified Date = 29/08/2004 22:15:20 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 03/07/2007 16:31:21 | Attr = ]
broadbandadvisorcomhandler.exe -> %ProgramFiles%\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe -> Radialpoint Inc. [Ver = 1.5.10.14211 | Size = 286720 bytes | Modified Date = 24/01/2007 14:04:08 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 31/01/2008 12:38:16 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 14:09:16 | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 27/09/2004 22:40:38 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 07:56:48 | Attr = ]
(dvpapi) dvpapi [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Command Software\dvpapi.exe -> Authentium, Inc. [Ver = 4,94,107,129 | Size = 177688 bytes | Modified Date = 27/04/2007 18:07:52 | Attr = R ]
(Freeloader Monthly Subscription Service) Freeloader Monthly Subscription Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Freeloader Shared\Service\Freeloader Monthly Subscription Service File.exe -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 18/03/2007 12:37:51 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 02:24:18 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
(RP_FWS) PCguard Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Virgin Broadband\PCguard\fws.exe -> Radialpoint Inc. [Ver = 5.5.2.14234 | Size = 316920 bytes | Modified Date = 24/01/2007 18:53:22 | Attr = ]
(SLService) SmartLinkService [Win32_Own | Auto | Running] -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 07:56:56 | Attr = ]
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %System32%\UAService7.exe -> [Ver = | Size = 126976 bytes | Modified Date = 29/09/2007 15:13:06 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ALCXSENS.SYS -> Sensaura [Ver = 5.10.00.3513 | Size = 400384 bytes | Modified Date = 24/02/2004 09:08:52 | Attr = ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5630 | Size = 626977 bytes | Modified Date = 01/07/2004 12:49:00 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(CdaC15BA) CdaC15BA [Kernel | Auto | Running] -> %System32%\drivers\CdaC15BA.SYS -> Macrovision Europe Ltd [Ver = 3.17.000 | Size = 12464 bytes | Modified Date = 27/09/2004 22:40:34 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(CSS DVP) CSS DVP [Kernel | Auto | Running] -> %System32%\drivers\css-dvp.sys -> Authentium, Inc. [Ver = 4.94.107.426 | Size = 840352 bytes | Modified Date = 27/04/2007 17:49:12 | Attr = R ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(DCamUSBSQTECH) Dual-Mode DSC(2770) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SQCaptur.sys -> Service & Quality Technology. [Ver = 1.89.108.2 | Size = 30921 bytes | Modified Date = 10/01/2003 09:56:34 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 06:07:17 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 06:07:16 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 29/08/2002 12:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(Freedom) Freedom Miniport [Kernel | On_Demand | Running] -> %System32%\drivers\freedom.sys -> Zero-Knowledge Systems Inc. [Ver = 5.0.0.0 | Size = 33408 bytes | Modified Date = 24/09/2003 10:23:56 | Attr = ]
(FreeTdi) Radialpoint Filter (RPS-12798) [Kernel | Auto | Running] -> %System32%\drivers\FreeTdi.sys -> Radialpoint Inc. [Ver = 5.5.1.0 | Size = 54840 bytes | Modified Date = 11/01/2006 13:58:38 | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 14:44:04 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4342 | Size = 807998 bytes | Modified Date = 21/06/2005 17:12:34 | Attr = ]
(IdeBusDr) IdeBusDr [Kernel | Boot | Running] -> %System32%\drivers\IdeBusDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 13891 bytes | Modified Date = 14/10/2002 23:00:00 | Attr = ]
(IdeChnDr) Intel(R) Ultra ATA Controller [Kernel | Boot | Running] -> %System32%\drivers\IdeChnDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 101431 bytes | Modified Date = 14/10/2002 23:00:00 | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %System32%\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Modified Date = 04/08/2004 05:41:38 | Attr = ]
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 05:41:38 | Attr = ]
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %System32%\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Modified Date = 04/08/2004 05:41:40 | Attr = ]
(Parpaccsswd) Parpaccsswd [Kernel | Disabled | Stopped] -> %System32%\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Modified Date = 04/08/2004 05:29:29 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 29/08/2002 12:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.62a | Size = 20016 bytes | Modified Date = 19/05/2004 12:33:44 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RecAgent) RecAgent [Kernel | Boot | Running] -> %System32%\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Modified Date = 04/08/2004 06:41:40 | Attr = ]
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Rtlnic51.sys -> Realtek Semiconductor Corporation [Ver = 5.606.811.2003 built by: WinDDK | Size = 65280 bytes | Modified Date = 13/08/2003 13:27:22 | Attr = ]
(RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5.612.0413.2004 built by: WinDDK | Size = 70144 bytes | Modified Date = 13/04/2004 18:14:12 | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 04/08/2004 05:31:32 | Attr = ]
(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Internet Explorer\SABProcEnum.sys -> File not found
(SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 05/06/2007 10:56:40 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Slntamr) Smart Link 56K Modem Driver [Kernel | On_Demand | Running] -> %System32%\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Modified Date = 04/08/2004 05:41:42 | Attr = ]
(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %System32%\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Modified Date = 04/08/2004 05:41:44 | Attr = ]
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %System32%\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Modified Date = 04/08/2004 05:41:46 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\sscdbus.sys -> MCCI [Ver = V4.24 | Size = 80272 bytes | Modified Date = 23/05/2005 06:27:00 | Attr = R ]
(sscdmdfl) SAMSUNG CDMA Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\sscdmdfl.sys -> MCCI [Ver = V4.24 | Size = 10864 bytes | Modified Date = 23/05/2005 06:27:00 | Attr = R ]
(sscdmdm) SAMSUNG CDMA Modem Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\sscdmdm.sys -> MCCI [Ver = V4.24 | Size = 137884 bytes | Modified Date = 23/05/2005 06:27:00 | Attr = R ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(usbcm) USB Cable Modem 351000 NDIS Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbcm.sys -> Microsystems Corp [Ver = 1.10.35.1000 | Size = 13335 bytes | Modified Date = 11/04/2002 14:21:38 | Attr = R ]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 6.5.722.000 | Size = 394872 bytes | Modified Date = 18/06/2006 16:54:58 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.14.10.3678 | Size = 120414 bytes | Modified Date = 23/09/2003 08:58:52 | Attr = ]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.14.10.3678 | Size = 96890 bytes | Modified Date = 23/09/2003 08:58:44 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 376912 bytes | Modified Date = 27/01/2003 17:16:58 | Attr = ]
Broadbandadvisor.exe -> %ProgramFiles%\Virgin Broadband\advisor\Broadbandadvisor.exe -> Virgin Broadband [Ver = 1.5.10.14211 | Size = 2037240 bytes | Modified Date = 24/01/2007 14:12:48 | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 21/06/2005 16:44:34 | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 21/06/2005 16:48:18 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 03:22:56 | Attr = ]
PCguard -> %ProgramFiles%\Virgin Broadband\PCguard\Rps.exe -> Virgin Broadband [Ver = 5.5.2.14234 | Size = 275960 bytes | Modified Date = 24/01/2007 18:53:48 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 10/01/2008 15:27:36 | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.29 | Size = 67584 bytes | Modified Date = 01/07/2004 16:23:32 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 13/04/2006 19:25:30 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
NCLaunch -> %SystemRoot%\NCLAUNCH.EXe -> Northern Codeworks [Ver = 1, 0, 0, 1591 | Size = 40960 bytes | Modified Date = 29/08/2004 22:15:20 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 03/07/2007 16:31:21 | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 30/03/2006 15:45:08 | Attr = R ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 21:05:26 | Attr = ]
%AllUsersStartup%\broadband medic.lnk -> %ProgramFiles%\ntl\broadband medic\bin\matcli.exe -> File not found
< Shaun Startup Folder > -> C:\Documents and Settings\Shaun\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 21/06/2005 16:44:12 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.msn.com/spbasic.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.virginmedia.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;localhost ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 03:16:42 | Attr = ]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Virgin Broadband\PCguard\pkR.dll [PopKill Class] -> Radialpoint Inc. [Ver = 5.5.2.14234 | Size = 49152 bytes | Modified Date = 24/01/2007 18:51:24 | Attr = ]
{56071E0D-C61B-11D3-B41C-00E02927A304} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Virgin Broadband\PCguard\FBHR.dll [ZKBho Class] -> Radialpoint Inc. [Ver = 5.5.2.14234 | Size = 135168 bytes | Modified Date = 24/01/2007 18:51:24 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 03/07/2007 16:31:21 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{D8073790-84C7-4602-BF77-C6ACBF1612E4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ]
{EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C}:Exec -> %UserAppData%\DownloadMP3[1].exe [DownloadMP3] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} [HKEY_LOCAL_MACHINE] -> %UserAppData%\DownloadMP3[1].exe [DownloadMP3] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{26A23255-D584-400B-85D3-9F78B785F847} -> () ->
{59366F90-AEF9-4001-8A73-D1D2FFC7CFD5} -> (USB Cable Modem 351000) ->
{69C00C86-B084-4447-ACEB-FE2819EE532C} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] ->
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}[HKEY_LOCAL_MACHINE] -> http://www.musicnotes.com/download/mnviewer.cab[Musicnotes Viewer] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] ->
{231B1C6E-F934-42A2-92B6-C2FEFEC24276}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\common\yucconfig.dll[Reg Error: Key does not exist or could not be opened.] ->
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{31435657-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www.truprint.co.uk/TruprintActivia.cab[Snapfish Activia] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://spaces.msn.com//PhotoUpload/MsnPUpld.cab[MSN Photo Upload Tool] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab[Windows Live Safety Center Base Module] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] ->
{62475759-9E84-458E-A1AB-5D2C442ADFDE}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe[Reg Error: Key does not exist or could not be opened.] ->
{74E4A24D-5224-4F05-8A41-99445E0FC22B}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/qadummy7/gamehouseplayer.cab[GameHouse Games Player] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[MessengerStatsClient Class] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] ->
{B9191F79-5613-4C76-AA2A-398534BB8999}[HKEY_LOCAL_MACHINE] -> http://download.yahoo.com/dl/installs/yab_af.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}[HKEY_LOCAL_MACHINE] -> http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab[IWinAmpActiveX Class] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 07:56:43 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 17:49:30 | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 07:56:43 | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 14:21:15 | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 04:37:50 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 772 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 07:56:44 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 07:56:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_M
  • 0

#7
shauninho

shauninho

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
could not fit all on one page so here is rest of it!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 07:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 35971 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 07:56:42 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 07:56:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 12:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 07:56:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 10:59:52 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1483 | Size = 208941 bytes | Modified Date = 13/04/2006 19:25:39 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Links 2003 Demo\LinksMMIII.exe -> C:\Program Files\Microsoft Games\Links 2003 Demo\LinksMMIII.exe [C:\Program Files\Microsoft Games\Links 2003 Demo\LinksMMIII.exe:*:Enabled:Links 2003] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dplaysvr.exe -> C:\WINDOWS\system32\dplaysvr.exe [C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30208 bytes | Modified Date = 04/08/2004 07:56:48 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo! Games\Yahoo! Pin High Country Club Golf\Course1.exe -> C:\Program Files\Yahoo! Games\Yahoo! Pin High Country Club Golf\Course1.exe [C:\Program Files\Yahoo! Games\Yahoo! Pin High Country Club Golf\Course1.exe:*:Enabled:Skyworks Pin High Country Club Golf] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe -> C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe [C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe:*:Enabled:SCRABBLE ®] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\funkitron\SCRABBLE\Scrabble.exe -> C:\Program Files\funkitron\SCRABBLE\Scrabble.exe [C:\Program Files\funkitron\SCRABBLE\Scrabble.exe:*:Enabled:SCRABBLE ®] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Digital Fusion\Real Pool\Real Pool.exe -> C:\Program Files\Digital Fusion\Real Pool\Real Pool.exe [C:\Program Files\Digital Fusion\Real Pool\Real Pool.exe:*:Enabled:Projector Skeleton] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Media Player\wmplayer.exe -> C:\Program Files\Windows Media Player\wmplayer.exe [C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player] -> Microsoft Corporation [Ver = 10.00.00.3646 | Size = 73728 bytes | Modified Date = 11/08/2004 00:45:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Metacafe\Networking\MetacafeNetworking.exe -> C:\Program Files\Metacafe\Networking\MetacafeNetworking.exe [C:\Program Files\Metacafe\Networking\MetacafeNetworking.exe:*:Enabled:MetacafeNetworking] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skunk Studios\Gutterball 3D\gutterball3d.exe -> C:\Program Files\Skunk Studios\Gutterball 3D\gutterball3d.exe [C:\Program Files\Skunk Studios\Gutterball 3D\gutterball3d.exe:*:Disabled:Macromedia Projector] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe -> C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe [C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe:*:Enabled:Links 2003] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe -> C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe [C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe:*:Enabled:Feeding Frenzy] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nickelodeon\Hey Arnold!\HA.exe -> C:\Program Files\Nickelodeon\Hey Arnold!\HA.exe [C:\Program Files\Nickelodeon\Hey Arnold!\HA.exe:*:Enabled:Nickelodeon Game, powered by 3DGroove] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nick Jr\Dora's 3-D Driving Adventure\dorarace.exe -> C:\Program Files\Nick Jr\Dora's 3-D Driving Adventure\dorarace.exe [C:\Program Files\Nick Jr\Dora's 3-D Driving Adventure\dorarace.exe:*:Enabled:Nick Jr. game, powered by 3D Groove] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nick Jr\Dora's 3-D Pyramid Adventure\Pyramid.exe -> C:\Program Files\Nick Jr\Dora's 3-D Pyramid Adventure\Pyramid.exe [C:\Program Files\Nick Jr\Dora's 3-D Pyramid Adventure\Pyramid.exe:*:Enabled:Nickelodeon Game, powered by 3DGroove] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe -> C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe [C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe:*:Enabled:BookWorm] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Eidos Interactive\CM4\cm4.exe -> C:\Program Files\Eidos Interactive\CM4\cm4.exe [C:\Program Files\Eidos Interactive\CM4\cm4.exe:*:Enabled:cm4] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iWin.com\Puzzle Express\PuzzleExpress.exe -> C:\Program Files\iWin.com\Puzzle Express\PuzzleExpress.exe [C:\Program Files\iWin.com\Puzzle Express\PuzzleExpress.exe:*:Disabled:PuzzleExpress] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MumboJumbo\TwistyTracks\tt.exe -> C:\Program Files\MumboJumbo\TwistyTracks\tt.exe [C:\Program Files\MumboJumbo\TwistyTracks\tt.exe:*:Enabled:Twisty Tracks] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPAGER.EXE -> C:\Program Files\Yahoo!\Messenger\YPAGER.EXE [C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\yserver.exe -> C:\Program Files\Yahoo!\Messenger\yserver.exe [C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Super 1 Karting\Kart.exe -> C:\Program Files\Super 1 Karting\Kart.exe [C:\Program Files\Super 1 Karting\Kart.exe:*:Enabled:Kart] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\browser\ybrowser.exe -> C:\Program Files\Yahoo!\browser\ybrowser.exe [C:\Program Files\Yahoo!\browser\ybrowser.exe:*:Enabled:Yahoo! Browser] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sports Interactive\Football Manager 2005\fm2005.exe -> C:\Program Files\Sports Interactive\Football Manager 2005\fm2005.exe [C:\Program Files\Sports Interactive\Football Manager 2005\fm2005.exe:*:Enabled:Football Manager 2005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe -> C:\Program Files\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire] -> FrostWire Group [Ver = 1.0.0.2 | Size = 114688 bytes | Modified Date = 08/12/2006 10:10:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\IMApp.exe -> C:\Program Files\IncrediMail\bin\IMApp.exe [C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\IncMail.exe -> C:\Program Files\IncrediMail\bin\IncMail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\ImpCnt.exe -> C:\Program Files\IncrediMail\bin\ImpCnt.exe [C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 12:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Shaun\Shared\shauns music\PC Games - Half Life(2) full game\hl.exe -> C:\Documents and Settings\Shaun\Shared\shauns music\PC Games - Half Life(2) full game\hl.exe [C:\Documents and Settings\Shaun\Shared\shauns music\PC Games - Half Life(2) full game\hl.exe:*:Disabled:Half-Life Launcher] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TVAnts\Tvants.exe -> C:\Program Files\TVAnts\Tvants.exe [C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts] -> Zhejiang University [Ver = 1.0.0.59 | Size = 2179072 bytes | Modified Date = 23/12/2007 23:02:06 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\SopCast.exe -> C:\Program Files\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> www.sopcast.com [Ver = 2.0.4.1120 | Size = 1888256 bytes | Modified Date = 20/11/2007 06:57:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Shaun\Application Data\SopCast\adv\SopAdver.exe -> C:\Documents and Settings\Shaun\Application Data\SopCast\adv\SopAdver.exe [C:\Documents and Settings\Shaun\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> www.sopcast.com [Ver = 1, 1, 1, 0 | Size = 260944 bytes | Modified Date = 14/06/2007 20:08:34 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPStream\PPStream.exe -> C:\Program Files\PPStream\PPStream.exe [C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLive\PPLive.exe -> C:\Program Files\PPLive\PPLive.exe [C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TVUPlayer\TVUPlayer.exe -> C:\Program Files\TVUPlayer\TVUPlayer.exe [C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component] -> TVU Networks [Ver = 2.3.0.0 | Size = 495616 bytes | Modified Date = 17/11/2006 05:22:30 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Coolstreaming\coolstreaming.exe -> C:\Program Files\Coolstreaming\coolstreaming.exe [C:\Program Files\Coolstreaming\coolstreaming.exe:*:Enabled:coolstreaming] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPMate\ppmate.exe -> C:\Program Files\PPMate\ppmate.exe [C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPMate\ppmnet.exe -> C:\Program Files\PPMate\ppmnet.exe [C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Links 2003\LinksMod\LinksMMIII.exe -> C:\Program Files\Microsoft Games\Links 2003\LinksMod\LinksMMIII.exe [C:\Program Files\Microsoft Games\Links 2003\LinksMod\LinksMMIII.exe:*:Enabled:Links 2003] -> Microsoft Corporation [Ver = 2,10,02,041 | Size = 5197824 bytes | Modified Date = 08/02/2005 14:23:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe -> C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008] -> Sports Interactive [Ver = 8.0 | Size = 33574912 bytes | Modified Date = 17/10/2007 14:28:09 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 15/01/2008 03:22:48 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll [139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll [445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll [137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll [138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{59366F90-AEF9-4001-8A73-D1D2FFC7CFD5} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{69C00C86-B084-4447-ACEB-FE2819EE532C} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{B7FCC9EE-6250-4811-8AAE-56CA2E249C72} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 07:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 07:56:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 ->


[Files/Folders - Created Within 30 days]
143e76203d22bc31b4c73ee162 -> %SystemDrive%\143e76203d22bc31b4c73ee162 -> [Folder | Created Date = 18/01/2008 23:05:46 | Attr = ]
8ed0bc05c56da4acbe3c84c682c8a4 -> %SystemDrive%\8ed0bc05c56da4acbe3c84c682c8a4 -> [Folder | Created Date = 18/01/2008 23:05:16 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 528052224 bytes | Created Date = 31/01/2008 21:12:57 | Attr = HS]
HiJackThis.exe -> %SystemDrive%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 31/01/2008 22:02:59 | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\HiJackThis.exe:Zone.Identifier
SDTHOOK.SYS -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 02/02/2008 22:39:09 | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 28/01/2008 19:21:14 | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 28/01/2008 19:21:55 | Attr = ]
defensewall_serv.exe -> %System32%\defensewall_serv.exe -> SoftSphere Technologies [Ver = 2, 0, 8, 0 | Size = 86016 bytes | Created Date = 18/01/2008 22:21:43 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 28/01/2008 19:21:18 | Attr = ]
igfxres.dll -> %System32%\igfxres.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 163840 bytes | Created Date = 11/01/2008 18:52:30 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 28/01/2008 19:21:17 | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Created Date = 10/01/2008 15:27:44 | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Created Date = 10/01/2008 15:27:46 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 28/01/2008 19:21:18 | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 28/01/2008 19:21:55 | Attr = ]
ActiveSkin.ini -> %SystemRoot%\ActiveSkin.ini -> [Ver = | Size = 375 bytes | Created Date = 18/01/2008 22:21:43 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 02/02/2008 19:13:28 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 31/01/2008 20:13:59 | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
[Files Created - Additional Folder Scans - Non-Microsoft Only]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 02/02/2008 19:38:37 | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 02/02/2008 19:38:13 | Attr = ]
kwikfit.doc -> %UserDocuments%\kwikfit.doc -> [Ver = | Size = 25088 bytes | Created Date = 14/01/2008 22:54:08 | Attr = ]
PRINCESS PARTY.ppt -> %UserDocuments%\PRINCESS PARTY.ppt -> [Ver = | Size = 19456 bytes | Created Date = 07/01/2008 16:07:29 | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 1804 bytes | Created Date = 02/02/2008 19:12:48 | Attr = ]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1612 bytes | Created Date = 02/02/2008 19:09:57 | Attr = ]
Worms Armageddon.lnk -> %AllUsersDesktop%\Worms Armageddon.lnk -> [Ver = | Size = 467 bytes | Created Date = 18/01/2008 21:33:13 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 05/02/2008 20:59:50 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478495 bytes | Created Date = 05/02/2008 20:58:58 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
broadband medic.lnk -> %AllUsersStartup%\broadband medic.lnk -> [Ver = | Size = 1783 bytes | Created Date = 31/01/2008 20:07:23 | Attr = ]

[Files/Folders - Modified Within 30 days]
143e76203d22bc31b4c73ee162 -> %SystemDrive%\143e76203d22bc31b4c73ee162 -> [Folder | Modified Date = 18/01/2008 23:05:47 | Attr = ]
2317fec072b0c0bae74cc7db -> %SystemDrive%\2317fec072b0c0bae74cc7db -> [Folder | Modified Date = 02/02/2008 22:37:30 | Attr = ]
8ed0bc05c56da4acbe3c84c682c8a4 -> %SystemDrive%\8ed0bc05c56da4acbe3c84c682c8a4 -> [Folder | Modified Date = 18/01/2008 23:05:16 | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 31/01/2008 21:12:02 | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 05/02/2008 20:40:02 | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 15/11/2087 03:19:47 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 528052224 bytes | Modified Date = 05/02/2008 20:36:35 | Attr = HS]
HiJackThis.exe -> %SystemDrive%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 31/01/2008 22:03:02 | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\HiJackThis.exe:Zone.Identifier
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 02/02/2008 19:38:13 | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 05/02/2008 20:38:13 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 02/02/2008 23:54:28 | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 02/02/2008 23:54:40 | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 05/02/2008 00:07:48 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 02/02/2008 23:55:22 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 08/01/2008 20:41:55 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 03/02/2008 00:21:23 | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 15/11/2087 00:11:59 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 02/02/2008 22:30:27 | Attr = ]
KMVIDC32.DLL -> %System32%\KMVIDC32.DLL -> [Ver = | Size = 47104 bytes | Modified Date = 14/01/2008 19:21:42 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 02/02/2008 22:30:27 | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 10/01/2008 15:27:44 | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 10/01/2008 15:27:46 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 02/02/2008 22:30:27 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 03/02/2008 00:05:50 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 05/02/2008 20:37:29 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 08/01/2008 20:38:59 | Attr = H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
ActiveSkin.ini -> %SystemRoot%\ActiveSkin.ini -> [Ver = | Size = 375 bytes | Modified Date = 18/01/2008 22:21:43 | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 02/02/2008 23:27:38 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 05/02/2008 20:36:40 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 05/02/2008 00:07:50 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 18/01/2008 21:33:42 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 08/01/2008 20:41:44 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 31/01/2008 21:40:13 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 05/02/2008 20:40:02 | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 14/01/2008 19:16:58 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 05/02/2008 21:01:14 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 31/01/2008 20:07:23 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 02/02/2008 19:13:28 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 05/02/2008 20:38:00 | Attr = H ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 02/02/2008 23:54:27 | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 243 bytes | Modified Date = 31/01/2008 21:12:02 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 05/02/2008 20:39:47 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 05/02/2008 20:56:02 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 2082 bytes | Modified Date = 31/01/2008 21:12:02 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 02/02/2008 18:59:06 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 05/02/2008 20:36:49 | Attr = H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1304 bytes | Modified Date = 30/01/2004 22:50:15 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5480 bytes | Modified Date = 05/02/2008 20:38:06 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5480 bytes | Modified Date = 05/02/2008 20:38:06 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8552 bytes | Modified Date = 30/01/2004 09:50:26 | Attr = ]
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 1804 bytes | Modified Date = 10/03/2005 16:57:02 | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 24/12/2003 21:14:15 | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 02/02/2008 19:38:37 | Attr = ]
FrostWire -> %UserAppData%\FrostWire -> [Folder | Modified Date = 01/02/2008 22:20:06 | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 02/02/2008 19:38:13 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 106496 bytes | Modified Date = 19/01/2008 20:36:27 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4843734 bytes | Modified Date = 05/02/2008 00:12:33 | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 19/01/2008 03:48:08 | Attr = ]
CLARE -> %UserDocuments%\CLARE -> [Folder | Modified Date = 24/01/2008 21:55:44 | Attr = R ]
kwikfit.doc -> %UserDocuments%\kwikfit.doc -> [Ver = | Size = 25088 bytes | Modified Date = 14/01/2008 22:54:08 | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 14/01/2008 19:17:10 | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 14/01/2008 19:45:10 | Attr = R ]
PRINCESS PARTY.ppt -> %UserDocuments%\PRINCESS PARTY.ppt -> [Ver = | Size = 19456 bytes | Modified Date = 07/01/2008 16:07:30 | Attr = ]
Shaun -> %UserDocuments%\Shaun -> [Folder | Modified Date = 31/01/2008 21:05:51 | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 1804 bytes | Modified Date = 02/02/2008 19:12:48 | Attr = ]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1612 bytes | Modified Date = 02/02/2008 19:09:57 | Attr = ]
Worms Armageddon.lnk -> %AllUsersDesktop%\Worms Armageddon.lnk -> [Ver = | Size = 467 bytes | Modified Date = 18/01/2008 21:33:13 | Attr = ]
More Great Games.lnk -> %UserDesktop%\More Great Games.lnk -> [Ver = | Size = 1585 bytes | Modified Date = 02/02/2008 12:07:17 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 05/02/2008 20:59:50 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478495 bytes | Modified Date = 05/02/2008 20:59:01 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Command Software -> %CommonProgramFiles%\Command Software -> [Folder | Modified Date = 02/02/2008 22:58:46 | Attr = ]
PestPatrol -> %CommonProgramFiles%\PestPatrol -> [Folder | Modified Date = 05/02/2008 20:40:00 | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 02/02/2008 22:21:46 | Attr = ]

< End of report >
[/code]
  • 0

#8
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi shauninho. I don't see any signs of malware inthe WPF35 log either. If you find that it happens consistently with the same site it could be the site that is doing that. There are a few sites I go to that either popup ads or direct me to an ad when I initially go to the home page. It's the site's way of generating revenue.

There are a number of registry entires that point to nothing and should be cleaned out as a matter of housekeeping. Let's do that while you are here.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
YN -> (Freeloader Monthly Subscription  Service) Freeloader Monthly Subscription  Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Freeloader Shared\Service\Freeloader Monthly Subscription  Service File.exe
[Driver Services - Non-Microsoft Only]
YN -> (SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Internet Explorer\SABProcEnum.sys
[Registry - Non-Microsoft Only]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{D8073790-84C7-4602-BF77-C6ACBF1612E4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C}:Exec -> %UserAppData%\DownloadMP3[1].exe [DownloadMP3]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} [HKEY_LOCAL_MACHINE] -> %UserAppData%\DownloadMP3[1].exe [DownloadMP3]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Links 2003 Demo\LinksMMIII.exe -> C:\Program Files\Microsoft Games\Links 2003 Demo\LinksMMIII.exe [C:\Program Files\Microsoft Games\Links 2003 Demo\LinksMMIII.exe:*:Enabled:Links 2003]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo! Games\Yahoo! Pin High Country Club Golf\Course1.exe -> C:\Program Files\Yahoo! Games\Yahoo! Pin High Country Club Golf\Course1.exe [C:\Program Files\Yahoo! Games\Yahoo! Pin High Country Club Golf\Course1.exe:*:Enabled:Skyworks Pin High Country Club Golf]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe -> C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe [C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe:*:Enabled:SCRABBLE ®]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\funkitron\SCRABBLE\Scrabble.exe -> C:\Program Files\funkitron\SCRABBLE\Scrabble.exe [C:\Program Files\funkitron\SCRABBLE\Scrabble.exe:*:Enabled:SCRABBLE ®]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Digital Fusion\Real Pool\Real Pool.exe -> C:\Program Files\Digital Fusion\Real Pool\Real Pool.exe [C:\Program Files\Digital Fusion\Real Pool\Real Pool.exe:*:Enabled:Projector Skeleton]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Metacafe\Networking\MetacafeNetworking.exe -> C:\Program Files\Metacafe\Networking\MetacafeNetworking.exe [C:\Program Files\Metacafe\Networking\MetacafeNetworking.exe:*:Enabled:MetacafeNetworking]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skunk Studios\Gutterball 3D\gutterball3d.exe -> C:\Program Files\Skunk Studios\Gutterball 3D\gutterball3d.exe [C:\Program Files\Skunk Studios\Gutterball 3D\gutterball3d.exe:*:Disabled:Macromedia Projector]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe -> C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe [C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe:*:Enabled:Links 2003]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe -> C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe [C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe:*:Enabled:Feeding Frenzy]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nickelodeon\Hey Arnold!\HA.exe -> C:\Program Files\Nickelodeon\Hey Arnold!\HA.exe [C:\Program Files\Nickelodeon\Hey Arnold!\HA.exe:*:Enabled:Nickelodeon Game, powered by 3DGroove]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nick Jr\Dora's 3-D Driving Adventure\dorarace.exe -> C:\Program Files\Nick Jr\Dora's 3-D Driving Adventure\dorarace.exe [C:\Program Files\Nick Jr\Dora's 3-D Driving Adventure\dorarace.exe:*:Enabled:Nick Jr. game, powered by 3D Groove]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nick Jr\Dora's 3-D Pyramid Adventure\Pyramid.exe -> C:\Program Files\Nick Jr\Dora's 3-D Pyramid Adventure\Pyramid.exe [C:\Program Files\Nick Jr\Dora's 3-D Pyramid Adventure\Pyramid.exe:*:Enabled:Nickelodeon Game, powered by 3DGroove]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe -> C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe [C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe:*:Enabled:BookWorm]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Eidos Interactive\CM4\cm4.exe -> C:\Program Files\Eidos Interactive\CM4\cm4.exe [C:\Program Files\Eidos Interactive\CM4\cm4.exe:*:Enabled:cm4]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iWin.com\Puzzle Express\PuzzleExpress.exe -> C:\Program Files\iWin.com\Puzzle Express\PuzzleExpress.exe [C:\Program Files\iWin.com\Puzzle Express\PuzzleExpress.exe:*:Disabled:PuzzleExpress]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MumboJumbo\TwistyTracks\tt.exe -> C:\Program Files\MumboJumbo\TwistyTracks\tt.exe [C:\Program Files\MumboJumbo\TwistyTracks\tt.exe:*:Enabled:Twisty Tracks]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPAGER.EXE -> C:\Program Files\Yahoo!\Messenger\YPAGER.EXE [C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\yserver.exe -> C:\Program Files\Yahoo!\Messenger\yserver.exe [C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Super 1 Karting\Kart.exe -> C:\Program Files\Super 1 Karting\Kart.exe [C:\Program Files\Super 1 Karting\Kart.exe:*:Enabled:Kart]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\browser\ybrowser.exe -> C:\Program Files\Yahoo!\browser\ybrowser.exe [C:\Program Files\Yahoo!\browser\ybrowser.exe:*:Enabled:Yahoo! Browser]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sports Interactive\Football Manager 2005\fm2005.exe -> C:\Program Files\Sports Interactive\Football Manager 2005\fm2005.exe [C:\Program Files\Sports Interactive\Football Manager 2005\fm2005.exe:*:Enabled:Football Manager 2005]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\IMApp.exe -> C:\Program Files\IncrediMail\bin\IMApp.exe [C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\IncMail.exe -> C:\Program Files\IncrediMail\bin\IncMail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\ImpCnt.exe -> C:\Program Files\IncrediMail\bin\ImpCnt.exe [C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Shaun\Shared\shauns music\PC Games - Half Life(2) full game\hl.exe -> C:\Documents and Settings\Shaun\Shared\shauns music\PC Games - Half Life(2) full game\hl.exe [C:\Documents and Settings\Shaun\Shared\shauns music\PC Games - Half Life(2) full game\hl.exe:*:Disabled:Half-Life Launcher]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPStream\PPStream.exe -> C:\Program Files\PPStream\PPStream.exe [C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLive\PPLive.exe -> C:\Program Files\PPLive\PPLive.exe [C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Coolstreaming\coolstreaming.exe -> C:\Program Files\Coolstreaming\coolstreaming.exe [C:\Program Files\Coolstreaming\coolstreaming.exe:*:Enabled:coolstreaming]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPMate\ppmate.exe -> C:\Program Files\PPMate\ppmate.exe [C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPMate\ppmnet.exe -> C:\Program Files\PPMate\ppmnet.exe [C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate]
[Files/Folders - Modified Within 30 days]
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot. If the finished message pops up, click the Ok button and Notepad will open with a log of actions taken during the fix. Otherwise, if the reboot message pops up, reboot.

If you did nto have to reboot, post the informaiton from Notepad back here. If you did need to reboot, open teh WinPFind35u folder and post the most current .log file in that folder.

I will review the information when it comes in.

Cheers.

OT
  • 0

#9
shauninho

shauninho

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OT, for some reason the problem has gone away...my wife ran combofix whilst I was out at work as a friend of hers recommended it and now the pop ups have vanished...think it is sorted..thank you for your assistance it is really appreciated...
  • 0

#10
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi shauninho, glad to hear it. In that case, I will close this topic. If you have any new malware related issues in the future please start a new topic.

Cheers and Happy Computing!

OT
  • 0

#11
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP