C:\WINDOWS\Resources\Themes\Royale.theme →
< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 149 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools → 0 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ → →
< HOSTS File > →
→ Hosts file not found →
< Internet Explorer Settings > →
HKLM: Default_Page_URL → http://go.microsoft.com/fwlink/?LinkId=69157 →
HKLM: Main\Default_Search_URL → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Page → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKLM: Start Page → http://go.microsoft.com/fwlink/?LinkId=69157 →
HKCU: ProxyEnable → 0 →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] → Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 11:28:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] → Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] → %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [Reg Data - Value does not exist] → McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 16:41:24 | Attr = ]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] → %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.2.7.dll [BitComet Helper] → BitComet [Ver = 20070207 | Size = 158272 bytes | Modified Date = 08/02/2007 06:04:02 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] → %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll → Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] → %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 02/03/2007 09:17:20 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] → %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll [Google Toolbar Notifier BHO] → Google Inc. [Ver = 2, 0, 301, 3558 | Size = 324536 bytes | Modified Date = 30/03/2007 20:54:44 | Attr = ]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] → %ProgramFiles%\Free Download Manager\iefdmcks.dll [FDMIECookiesBHO Class] → [Ver = | Size = 81920 bytes | Modified Date = 20/08/2006 19:55:00 | Attr = ]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] → %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] → SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 22/02/2005 13:50:34 | Attr = ]
{FBF2401B-7447-4727-BE5D-C19B2075CA84} [HKLM] → %ProgramFiles%\CallingID\Toolbar\CallingIDIE.dll [CallingID BHO] → CallingID Ltd. [Ver = 1.6.0.28 | Size = 276160 bytes | Modified Date = 04/05/2007 14:39:10 | Attr = ]
< Internet Explorer ToolBars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] → %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [McAfee SiteAdvisor] → McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 16:41:24 | Attr = ]
{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} [HKLM] → %ProgramFiles%\CallingID\Toolbar\CallingIDIE.dll [CallingID] → CallingID Ltd. [Ver = 1.6.0.28 | Size = 276160 bytes | Modified Date = 04/05/2007 14:39:10 | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] → %ProgramFiles%\Google\googletoolbar2.dll [&Google] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 02/03/2007 09:17:20 | Attr = R ]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] → %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] → SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 22/02/2005 13:50:34 | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] → Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 11:28:40 | Attr = ]
< Internet Explorer Extensions [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] → %ProgramFiles%\Java\jre1.5.0_04\bin\npjpi150_04.dll [MenuText: Sun Java Console] → Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 03/06/2005 04:09:54 | Attr = ]
{08E730A4-FB02-45BD-A900-01E4AD8016F6} → http:\www.skybroadband.com [ButtonText: Sky] → File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] → Reg Data - Key not found [MenuText: Reg Data - Value does not exist] → File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] → Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] → File not found
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters
{0B3F1897-8C71-4451-8BD7-0A2F1C3263C2} → (1394 Net Adapter) →
{0D9B2F1C-41CA-4A6D-95FD-252F78F9664C} → 192.168.0.1,195.40.1.36 (Intel(R) PRO/100 VE Network Connection) →
{4EEAAF6F-75B8-42A6-B72D-51DE395314DC} → () →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
siteadvisor → %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll → McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 16:41:24 | Attr = ]
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units
{166B1BCA-3F9C-11CF-8075-444553540000} → Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab →
{17492023-C23A-453E-A040-C7C580BBF700} → Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab →
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} → YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll →
{4E62C4DE-627D-4604-B157-4B7D6B09F02E} → AccountTracking Profile Manager Class - CodeBase = https://moneymanager.egg.com/Pinsafe/accounttracking.cab →
{5ED80217-570B-4DA9-BF44-BE107C0EC166} → Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab →
{5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} → McUpdatePortalFactory Class - CodeBase = http://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab →
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} → MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150904764953 →
{7F8C8173-AD80-4807-AA75-5672F22B4582} → ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37960.cab →
{8AD9C840-044E-11D1-B3E9-00805F499D93} → Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab →
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} → Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab →
{D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} → Logout Class - CodeBase = http://www.gamengame.com/KALogoutComponent.cab →
{E862C832-3A5F-4CEB-BFAA-167B22010A71} → InfosFinder2.InfosFinder - CodeBase = http://support.packardbell.com/files/activex/InfosFinder2.CAB →
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} → McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4965/mcfscan.cab →
[Registry - Additional Scans - Non-Microsoft Only]
< ActiveX StubPath [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} → →
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} → rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub →
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} → %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll →
{407408d4-94ed-4d86-ab69-a7f649d112ee} → %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf →
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} → “%ProgramFiles%\Outlook Express\setup50.exe” /APP:OE /CALLER:WINNT /user /install →
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} → rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT →
{5945c046-1e7d-11d1-bc44-00c04fd912be} → rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser →
{6BF52A52-394A-11d3-B153-00C04F79FAA6} → rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub →
{7790769C-0471-11d2-AF11-00C04FA35D02} → “%ProgramFiles%\Outlook Express\setup50.exe” /APP:WAB /CALLER:WINNT /user /install →
{89820200-ECBD-11cf-8B85-00AA005B4340} → regsvr32.exe /s /n /i:U shell32.dll →
{89820200-ECBD-11cf-8B85-00AA005B4383} → C:\WINDOWS\system32\ie4uinit.exe -BaseSettings →
{89B4C1CD-B018-4511-B0A1-5476DBF70820} → C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install →
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} → C:\WINDOWS\system32\ieudinit.exe
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} → C:\WINDOWS\inf\unregmp2.exe /ShowWMP →
{26923b43-4d38-484f-9b9e-de460746276c} → C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig →
{60B49E34-C7CC-11D0-8953-00A0C90347FF} → RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP →
{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS → RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP →
{881dd1c5-3dcf-431b-b061-f3f88e8be88a} → %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE →
KB910393 → rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall →
< Approved Shell Extensions [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] → Reg Data - Key not found [Autoplay for SlideShow] → File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] → Reg Data - Key not found [Taskbar and Start Menu] → File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] → %System32%\nvshell.dll [Desktop Explorer] → [Ver = | Size = 466944 bytes | Modified Date = 11/08/2006 21:43:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] → %System32%\nvshell.dll [Desktop Explorer Menu] → [Ver = | Size = 466944 bytes | Modified Date = 11/08/2006 21:43:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] → %System32%\nvshell.dll [nView Desktop Context Menu] → [Ver = | Size = 466944 bytes | Modified Date = 11/08/2006 21:43:00 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509050} [HKLM] → %System32%\ShellExt\GMailFS.dll [GMail Drive] → Bjarke Viksoe [Ver = 1, 0, 0, 11 | Size = 292352 bytes | Modified Date = 13/03/2007 00:44:04 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509052} [HKLM] → %System32%\ShellExt\GMailFS.dll [GMailFS Property Sheet] → Bjarke Viksoe [Ver = 1, 0, 0, 11 | Size = 292352 bytes | Modified Date = 13/03/2007 00:44:04 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509054} [HKLM] → %System32%\ShellExt\GMailFS.dll [GMailFS Drop Handler] → Bjarke Viksoe [Ver = 1, 0, 0, 11 | Size = 292352 bytes | Modified Date = 13/03/2007 00:44:04 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509056} [HKLM] → %System32%\ShellExt\GMailFS.dll [GMailFS Context Menu] → Bjarke Viksoe [Ver = 1, 0, 0, 11 | Size = 292352 bytes | Modified Date = 13/03/2007 00:44:04 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] → Reg Data - Key not found [Display Panning CPL Extension] → File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] → Reg Data - Key not found [Shell extensions for file compression] → File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] → Reg Data - Key not found [User Accounts] → File not found
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] → %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] → Nero AG [Ver = 2, 0, 0, 7 | Size = 1802240 bytes | Modified Date = 03/09/2005 13:58:22 | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] → Reg Data - Key not found [Encryption Context Menu] → File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] → %System32%\hticons.dll [HyperTerminal Icon Ext] → Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 10/08/2004 14:00:00 | Attr = ]
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} [HKLM] → %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.65 Context Menu Shell Extension] → e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 26/06/2006 02:06:50 | Attr = ]
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} [HKLM] → %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.65 Property Sheet Shell Extension] → e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 26/06/2006 02:06:50 | Attr = ]
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} [HKLM] → %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.65 DragDrop Shell Extension] → e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 26/06/2006 02:06:50 | Attr = ]
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} [HKLM] → %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.65 Context Menu Shell Extension] → e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 26/06/2006 02:06:50 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] → %ProgramFiles%\PowerISO\PowerISOShell.dll [PowerISO] → PowerISO Computing, Inc. [Ver = 2, 6, 1, 1 | Size = 167936 bytes | Modified Date = 16/10/2005 02:16:12 | Attr = ]
{9F5B4B4B-415C-4E20-84A3-7DD47F62EFB7} [HKLM] → %ProgramFiles%\Remote Control Pro\rcpshellext.dll [RcpShellExt extension] → Alchemy Lab [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 28/04/2006 08:52:36 | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] → %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] → GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 23/05/2007 23:02:22 | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] → %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Find Extension] → GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 23/05/2007 23:02:22 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] → %System32%\nvcpl.dll [NvCpl DesktopContext Class] → NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 11/08/2006 21:43:02 | Attr = ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] → %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] → Nero AG [Ver = 2, 0, 0, 7 | Size = 1802240 bytes | Modified Date = 03/09/2005 13:58:22 | Attr = ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] → %SystemDrive%\APPS\RecordNow\shlext.dll [RecordNow! SendToExt] → [Ver = 7.0.0.0 | Size = 73728 bytes | Modified Date = 19/11/2004 08:01:00 | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] → %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] → RealNetworks, Inc. [Ver = 1.0.1.2488 | Size = 54848 bytes | Modified Date = 16/03/2007 17:53:34 | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] → %System32%\nvcpl.dll [Play on my TV helper] → NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 11/08/2006 21:43:02 | Attr = ]
< BotCheck > →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultLaunchPermission →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MachineLaunchRestriction →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MachineAccessRestriction →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\EnableDCOM → Y →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{A50398B8-9075-4FBF-A7A1-456BF21937AD} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{AD65A69D-3831-40D7-9629-9B0B50A93843} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{0040D221-54A1-11D1-9DE0-006097042D69} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\System.EnterpriseServices.Thunk.dll → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirstRunDisabled → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. → →
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages → msv1_0; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Bounds →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages → kerberos;msv1_0;schannel;wdigest; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ImpersonatePrivilegeUpgradeToolHasRun → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaPid → 888 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SecureBoot → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbaseobjects → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\crashonauditfail → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\disabledomaincreds → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\everyoneincludesanonymous → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fullprivilegeauditing →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\limitblankpassworduse → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\nodefaultadminowner → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\nolmhash → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymoussam → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages → scecli; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ProviderOrder → Windows NT Access Provider; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ProviderPath → %SystemRoot%\system32\ntmarta.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\Pattern → ä^`ªÛ”0芅éyÛä±8196dd68
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\GrafBlumGroup → ešÀ°Äž¬" →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\Lookup → 2žX6÷ →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\Auth132 → IISSUBA →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ntlmminclientsec → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ntlmminserversec → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\SkewMatrix → ïY|DWu¾iñOcœæ →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\SSOURL → http://www.passport.com →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\Time → X|Àê!xÆ →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Name → Digest →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Comment → Digest SSPI Authentication Package →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Capabilities → 16464 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\RpcId → 65535 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Version → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\TokenSize → 65535 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Time →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Type → 49 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Name → DPA →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Comment → DPA Security Package →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Capabilities → 55 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\RpcId → 17 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Version → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\TokenSize → 768 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Time →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Type → 49 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Name → MSN →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Comment → MSN Security Package →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Capabilities → 55 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\RpcId → 18 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Version → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\TokenSize → 768 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Time →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Type → 49 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DependOnService → Netman;WinMgmt; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Description → Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DisplayName → Windows Firewall/Internet Connection Sharing (ICS) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ImagePath → %SystemRoot%\system32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch → 8259 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ServiceDll → %SystemRoot%\System32\ipnathlp.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\SharedAutoDial → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%windir%\system32\sessmgr.exe → %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\Program Files\AOL 9.0\waol.exe → C:\Program Files\AOL 9.0\waol.exe::Enabled:AOL 9.0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%windir%\Network Diagnostic\xpnetdiag.exe → %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\msnmsgr.exe → C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\livecall.exe → C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\139:TCP → 139:TCP::Enabled:@xpsp2res.dll,-22004 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\445:TCP → 445:TCP::Enabled:@xpsp2res.dll,-22005 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\137:UDP → 137:UDP::Enabled:@xpsp2res.dll,-22001 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\138:UDP → 138:UDP::Enabled:@xpsp2res.dll,-22002 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\1900:UDP → 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\2869:TCP → 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%windir%\system32\sessmgr.exe → %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\StubInstaller.exe → D:\StubInstaller.exe::Enabled:LimeWire swarmed installer →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\LimeWire\LimeWire.exe → C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\AOL 9.0\aol.exe → C:\Program Files\AOL 9.0\aol.exe::Disabled:AOL →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe → C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe::Disabled:PANDORA →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe → C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe::Disabled:SPLINTER CELL PANDORA →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Mozilla Firefox\firefox.exe → C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Mozilla Firefox →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\PC Tools AntiVirus\PCTAV.exe → C:\Program Files\PC Tools AntiVirus\PCTAV.exe::Enabled:PCTAV Module →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Outlook Express\msimn.exe → C:\Program Files\Outlook Express\msimn.exe::Enabled:Outlook Express →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\AOL 9.0\waol.exe → C:\Program Files\AOL 9.0\waol.exe::Disabled:AOL 9.0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MotoBlade\MotoBlade.exe → C:\Program Files\MotoBlade\MotoBlade.exe::Disabled:MotoBlade →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG Free\avgemc.exe → C:\Program Files\Grisoft\AVG Free\avgemc.exe::Disabled:avgemc.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG Free\avginet.exe → C:\Program Files\Grisoft\AVG Free\avginet.exe::Disabled:avginet.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\games\firefly\stronghold2\Stronghold2.exe → D:\games\firefly\stronghold2\Stronghold2.exe::Disabled:Stronghold 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\games\Firefly Studios\Stronghold 2\Stronghold2.exe → D:\games\Firefly Studios\Stronghold 2\Stronghold2.exe::Disabled:Stronghold 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\TVUPlayer\TVUPlayer.exe → C:\Program Files\TVUPlayer\TVUPlayer.exe::Enabled:TVU Player Component →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\UltraVNC\winvnc.exe → C:\Program Files\UltraVNC\winvnc.exe::Enabled:VNC server for Win32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%windir%\Network Diagnostic\xpnetdiag.exe → %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
Files\Remote Control Pro\RCPServer.exe → C:\Program Files\Remote Control Pro\RCPServer.exe::Enabled:Remote Control Pro →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Messenger\msmsgs.exe → C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Google\Google Talk\googletalk.exe → C:\Program Files\Google\Google Talk\googletalk.exe::Enabled:Google Talk →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\APPS\skype\phone\Skype.exe → C:\APPS\skype\phone\Skype.exe::Enabled:Skype →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\kdx\KHost.exe → C:\WINDOWS\kdx\KHost.exe::Enabled:Delivery Manager →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\KService\KService.exe → C:\Program Files\KService\KService.exe::Enabled:Delivery Manager Service →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\BearFlix\bearflix.exe → C:\Program Files\BearFlix\bearflix.exe::Enabled:BearFlix →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\msnmsgr.exe → C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\livecall.exe → C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\Documents and Settings\Jamie\Desktop\utorrent.exe → D:\Documents and Settings\Jamie\Desktop\utorrent.exe::Enabled:µTorrent →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Morpheus\Morpheus.exe → C:\Program Files\Morpheus\Morpheus.exe::Enabled:Morpheus →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\Documents and Settings\Jamie\Desktop\downloads\downloadp2p\utorrent.exe → D:\Documents and Settings\Jamie\Desktop\downloads\downloadp2p\utorrent.exe::Enabled:µTorrent →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\uTorrent\utorrent.exe → C:\Program Files\uTorrent\utorrent.exe::Enabled:µTorrent →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\games\Firefly Studios\Stronghold Legends\StrongholdLegends.exe → D:\games\Firefly Studios\Stronghold Legends\StrongholdLegends.exe::Enabled:Stronghold Legends →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG7\avginet.exe → C:\Program Files\Grisoft\AVG7\avginet.exe::Enabled:avginet.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG7\avgamsvr.exe → C:\Program Files\Grisoft\AVG7\avgamsvr.exe::Enabled:avgamsvr.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG7\avgcc.exe → C:\Program Files\Grisoft\AVG7\avgcc.exe::Enabled:avgcc.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG7\avgemc.exe → C:\Program Files\Grisoft\AVG7\avgemc.exe::Enabled:avgemc.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\2869:TCP → 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\139:TCP → 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\445:TCP → 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\137:UDP → 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\138:UDP → 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8859:TCP → 8859:TCP::Enabled:BitComet 8859 TCP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8859:UDP → 8859:UDP::Enabled:BitComet 8859 UDP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\17430:TCP → 17430:TCP::Enabled:BitComet 17430 TCP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\17430:UDP → 17430:UDP::Enabled:BitComet 17430 UDP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\1900:UDP → 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\46422:TCP → 46422:TCP::Enabled:BitComet 46422 TCP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\46422:UDP → 46422:UDP::Enabled:BitComet 46422 UDP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ServiceUpgrade → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\All → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\0 → Root\LEGACY_SHAREDACCESS\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\NextInstance → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ImagePath → %systemroot%\system32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\DisplayName → Automatic Updates →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Description → Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ServiceDll → C:\WINDOWS\system32\wuauserv.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\Security →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\0 → Root\LEGACY_WUAUSERV\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\NextInstance → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Description → Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\DependOnService → RPCSS; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\DisplayName → Remote Registry →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ImagePath → %SystemRoot%\system32\svchost.exe -k LocalService →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ObjectName → NT AUTHORITY\LocalService →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Group → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Start → 4 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\FailureActions →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ServiceDll → %SystemRoot%\system32\regsvc.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\Security →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\0 → Root\LEGACY_REMOTEREGISTRY\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\NextInstance → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Type → 16 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Start → 4 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ImagePath → C:\WINDOWS\system32\tlntsvr.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\DisplayName → Telnet →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\DependOnService → RPCSS;TCPIP;NTLMSSP; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Description → Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\Security →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable → 0 →
< ControlSets > →
HKEY_LOCAL_MACHINE\SYSTEM\Select\ → →
HKEY_LOCAL_MACHINE\SYSTEM\Select\Current → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\Select\Default → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\Select\Failed → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\Select\LastKnownGood → 3 →
< Disabled MSConfig Services [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Avg7Alrt → →
Avg7UpdSvc → →
AVGEMS → →
CmdAgent → →
< Disabled MSConfig Folder Items[HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk → Reg Data - Value does not exist → File not found
D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk → Reg Data - Value does not exist → File not found
D:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk → %System32%\WTablet\TabUserW.exe → Wacom Technology, Corp. [Ver = 4.84-6 | Size = 106496 bytes | Modified Date = 10/01/2005 12:03:28 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
SpeedTouch USB Diagnostics → Reg Data - Value does not exist → File not found
Ulead Photo Express Calendar Checker → %ProgramFiles%\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe → Ulead Systems, Inc. [Ver = 5,0,0,0 | Size = 69632 bytes | Modified Date = 12/01/2004 20:40:24 | Attr = ]
< Security Settings > →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirstRunDisabled → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ImagePath → %SystemRoot%\system32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DisplayName → Background Intelligent Transfer Service →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnService → RpcSs; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Description → Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\FailureActions →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ServiceDll → C:\WINDOWS\system32\qmgr.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\Security →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\0 → Root\LEGACY_BITS\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\NextInstance → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DependOnService → Netman;WinMgmt; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Description → Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DisplayName → Windows Firewall/Internet Connection Sharing (ICS) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ImagePath → %SystemRoot%\system32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch → 8259 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ServiceDll → %SystemRoot%\System32\ipnathlp.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\SharedAutoDial → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%windir%\system32\sessmgr.exe → %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\Program Files\AOL 9.0\waol.exe → C:\Program Files\AOL 9.0\waol.exe::Enabled:AOL 9.0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%windir%\Network Diagnostic\xpnetdiag.exe → %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\msnmsgr.exe → C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\livecall.exe → C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\139:TCP → 139:TCP::Enabled:@xpsp2res.dll,-22004 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\445:TCP → 445:TCP::Enabled:@xpsp2res.dll,-22005 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\137:UDP → 137:UDP::Enabled:@xpsp2res.dll,-22001 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\138:UDP → 138:UDP::Enabled:@xpsp2res.dll,-22002 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\1900:UDP → 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\2869:TCP → 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%windir%\system32\sessmgr.exe → %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\StubInstaller.exe → D:\StubInstaller.exe::Enabled:LimeWire swarmed installer →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\LimeWire\LimeWire.exe → C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\AOL 9.0\aol.exe → C:\Program Files\AOL 9.0\aol.exe::Disabled:AOL →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe → C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe::Disabled:PANDORA →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe → C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe::Disabled:SPLINTER CELL PANDORA →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Mozilla Firefox\firefox.exe → C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Mozilla Firefox →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\PC Tools AntiVirus\PCTAV.exe → C:\Program Files\PC Tools AntiVirus\PCTAV.exe::Enabled:PCTAV Module →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Outlook Express\msimn.exe → C:\Program Files\Outlook Express\msimn.exe::Enabled:Outlook Express →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\AOL 9.0\waol.exe → C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MotoBlade\MotoBlade.exe → C:\Program Files\MotoBlade\MotoBlade.exe::Disabled:MotoBlade →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG Free\avgemc.exe → C:\Program Files\Grisoft\AVG Free\avgemc.exe::Disabled:avgemc.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG Free\avginet.exe → C:\Program Files\Grisoft\AVG Free\avginet.exe::Disabled:avginet.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\games\firefly\stronghold2\Stronghold2.exe → D:\games\firefly\stronghold2\Stronghold2.exe::Disabled:Stronghold 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\games\Firefly Studios\Stronghold 2\Stronghold2.exe → D:\games\Firefly Studios\Stronghold 2\Stronghold2.exe::Disabled:Stronghold 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\TVUPlayer\TVUPlayer.exe → C:\Program Files\TVUPlayer\TVUPlayer.exe::Enabled:TVU Player Component →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\UltraVNC\winvnc.exe → C:\Program Files\UltraVNC\winvnc.exe::Enabled:VNC server for Win32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%windir%\Network Diagnostic\xpnetdiag.exe → %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Remote Control Pro\RCPServer.exe → C:\Program Files\Remote Control Pro\RCPServer.exe::Enabled:Remote Control Pro →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Messenger\msmsgs.exe → C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Google\Google Talk\googletalk.exe → C:\Program Files\Google\Google Talk\googletalk.exe::Enabled:Google Talk →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\APPS\skype\phone\Skype.exe → C:\APPS\skype\phone\Skype.exe::Enabled:Skype →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\kdx\KHost.exe → C:\WINDOWS\kdx\KHost.exe::Enabled:Delivery Manager →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\KService\KService.exe → C:\Program Files\KService\KService.exe::Enabled:Delivery Manager Service →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\BearFlix\bearflix.exe → C:\Program Files\BearFlix\bearflix.exe::Enabled:BearFlix →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\msnmsgr.exe → C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\MSN Messenger\livecall.exe → C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\Documents and Settings\Jamie\Desktop\utorrent.exe → D:\Documents and Settings\Jamie\Desktop\utorrent.exe::Enabled:µTorrent →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Morpheus\Morpheus.exe → C:\Program Files\Morpheus\Morpheus.exe::Enabled:Morpheus →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\Documents and Settings\Jamie\Desktop\downloads\downloadp2p\utorrent.exe → D:\Documents and Settings\Jamie\Desktop\downloads\downloadp2p\utorrent.exe::Enabled:µTorrent →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\uTorrent\utorrent.exe → C:\Program Files\uTorrent\utorrent.exe::Enabled:µTorrent →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\D:\games\Firefly Studios\Stronghold Legends\StrongholdLegends.exe → D:\games\Firefly Studios\Stronghold Legends\StrongholdLegends.exe::Enabled:Stronghold Legends →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG7\avginet.exe → C:\Program Files\Grisoft\AVG7\avginet.exe::Enabled:avginet.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG7\avgamsvr.exe → C:\Program Files\Grisoft\AVG7\avgamsvr.exe::Enabled:avgamsvr.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG7\avgcc.exe → C:\Program Files\Grisoft\AVG7\avgcc.exe::Enabled:avgcc.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Grisoft\AVG7\avgemc.exe → C:\Program Files\Grisoft\AVG7\avgemc.exe::Enabled:avgemc.exe →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\2869:TCP → 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\139:TCP → 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\445:TCP → 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\137:UDP → 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\138:UDP → 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8859:TCP → 8859:TCP::Enabled:BitComet 8859 TCP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8859:UDP → 8859:UDP::Enabled:BitComet 8859 UDP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\17430:TCP → 17430:TCP::Enabled:BitComet 17430 TCP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\17430:UDP → 17430:UDP::Enabled:BitComet 17430 UDP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\1900:UDP → 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\46422:TCP → 46422:TCP::Enabled:BitComet 46422 TCP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\46422:UDP → 46422:UDP::Enabled:BitComet 46422 UDP →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ServiceUpgrade → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\All → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\0 → Root\LEGACY_SHAREDACCESS\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\NextInstance → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ → →
[Files/Folders - Created Within 30 days]
hiberfil.sys → %SystemDrive%\hiberfil.sys → [Ver = | Size = 2147012608 bytes | Created Date = 01/01/1601 | Attr = HS]
VundoFix Backups → %SystemDrive%\VundoFix Backups → [Folder | Created Date = 23/05/2007 18:53:25 | Attr = ]
$NtUninstallKB927891$ → %SystemRoot%$NtUninstallKB927891$ → [Folder | Created Date = 22/05/2007 21:03:42 | Attr = H ]
$NtUninstallKB930916$ → %SystemRoot%$NtUninstallKB930916$ → [Folder | Created Date = 09/05/2007 08:47:56 | Attr = H ]
bw700.ini → %SystemRoot%\bw700.ini → [Ver = | Size = 13547 bytes | Created Date = 10/05/2007 07:20:10 | Attr = ]
BW7Dir.ini → %SystemRoot%\BW7Dir.ini → [Ver = | Size = 767 bytes | Created Date = 10/05/2007 07:32:56 | Attr = ]
LEXSTAT.INI → %SystemRoot%\LEXSTAT.INI → [Ver = | Size = 91 bytes | Created Date = 06/05/2007 17:33:15 | Attr = ]
QTFont.for → %SystemRoot%\QTFont.for → [Ver = | Size = 1409 bytes | Created Date = 16/05/2007 17:36:13 | Attr = ]
QTFont.qfn → %SystemRoot%\QTFont.qfn → [Ver = | Size = 54156 bytes | Created Date = 16/05/2007 17:36:13 | Attr = H ]
uninst.exe → %SystemRoot%\uninst.exe → InstallShield Corporation, Inc. [Ver = 2.20.926.0 | Size = 299520 bytes | Created Date = 06/05/2007 17:32:40 | Attr = ]
wowCP.ini → %SystemRoot%\wowCP.ini → [Ver = | Size = 286 bytes | Created Date = 28/04/2007 17:19:36 | Attr = ]
bwbits70.dll → %System32%\bwbits70.dll → [Ver = | Size = 1982464 bytes | Created Date = 10/05/2007 07:13:39 | Attr = ]
bwnthook.dll → %System32%\bwnthook.dll → [Ver = | Size = 16896 bytes | Created Date = 10/05/2007 07:13:39 | Attr = ]
bwntsend.dll → %System32%\bwntsend.dll → [Ver = | Size = 20992 bytes | Created Date = 10/05/2007 07:13:39 | Attr = ]
bwplay.exe → %System32%\bwplay.exe → [Ver = | Size = 81920 bytes | Created Date = 10/05/2007 07:13:39 | Attr = ]
GetHardDiskNo.dll → %System32%\GetHardDiskNo.dll → MaxSecure Software [Ver = 1.0.0.1 | Size = 143360 bytes | Created Date = 24/05/2007 16:12:52 | Attr = ]
LEX2KUSB.DLL → %System32%\LEX2KUSB.DLL → Lexmark International, Inc. [Ver = 9.37 | Size = 197120 bytes | Created Date = 06/05/2007 17:32:46 | Attr = ]
LEXBCE.DLL → %System32%\LEXBCE.DLL → Lexmark International, Inc. [Ver = 9.37 | Size = 147456 bytes | Created Date = 06/05/2007 17:32:46 | Attr = ]
LEXBCES.EXE → %System32%\LEXBCES.EXE → Lexmark International, Inc. [Ver = 9.37 | Size = 307200 bytes | Created Date = 06/05/2007 17:32:46 | Attr = ]
lexlmpm.dll → %System32%\lexlmpm.dll → Lexmark International, Inc. [Ver = 9.37 | Size = 200192 bytes | Created Date = 06/05/2007 17:32:46 | Attr = ]
LEXP2P32.DLL → %System32%\LEXP2P32.DLL → Lexmark International, Inc. [Ver = 9.37 | Size = 201216 bytes | Created Date = 06/05/2007 17:32:47 | Attr = ]
LEXPPS.EXE → %System32%\LEXPPS.EXE → Lexmark International, Inc. [Ver = 9.37 | Size = 174592 bytes | Created Date = 06/05/2007 17:32:47 | Attr = ]
lxbzpwr.dll → %System32%\lxbzpwr.dll → Lexmark International, Inc. [Ver = 1, 0, 1, 0 | Size = 73728 bytes | Created Date = 06/05/2007 17:32:47 | Attr = ]
patchw.dll → %System32%\patchw.dll → [Ver = | Size = 116736 bytes | Created Date = 10/05/2007 07:13:39 | Attr = ]
patchw32.dll → %System32%\patchw32.dll → [Ver = | Size = 181760 bytes | Created Date = 10/05/2007 07:13:39 | Attr = ]
tsccvid.dll → %System32%\tsccvid.dll → TechSmith Corporation [Ver = 1.0.5 | Size = 98304 bytes | Created Date = 10/05/2007 07:13:50 | Attr = ]
VchReg.dll → %System32%\VchReg.dll → Max Secure Software [Ver = 6, 0, 3, 6 | Size = 1019904 bytes | Created Date = 24/05/2007 16:12:52 | Attr = ]
zlib1.dll → %System32%\zlib1.dll → [Ver = 1.2.1 | Size = 55808 bytes | Created Date = 10/05/2007 07:13:39 | Attr = ]
avg7core.sys → %System32%\drivers\avg7core.sys → GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 23/05/2007 22:02:23 | Attr = ]
avg7rsw.sys → %System32%\drivers\avg7rsw.sys → GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 23/05/2007 22:02:25 | Attr = ]
avg7rsxp.sys → %System32%\drivers\avg7rsxp.sys → GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 23/05/2007 22:02:25 | Attr = ]
avgclean.sys → %System32%\drivers\avgclean.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 23/05/2007 22:02:26 | Attr = ]
avgmfx86.sys → %System32%\drivers\avgmfx86.sys → GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 23/05/2007 22:02:26 | Attr = ]
avgtdi.sys → %System32%\drivers\avgtdi.sys → GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 23/05/2007 22:02:26 | Attr = ]
[Files/Folders - Modified Within 30 days]
Downloads → %SystemDrive%\Downloads → [Folder | Modified Date = 24/05/2007 23:06:08 | Attr = ]
hiberfil.sys → %SystemDrive%\hiberfil.sys → [Ver = | Size = 2147012608 bytes | Modified Date = 27/05/2007 07:35:24 | Attr = HS]
My Downloads → %SystemDrive%\My Downloads → [Folder | Modified Date = 26/05/2007 23:24:38 | Attr = ]
Program Files → %ProgramFiles% → [Folder | Modified Date = 26/05/2007 21:14:14 | Attr = ]
System Volume Information → %SystemDrive%\System Volume Information → [Folder | Modified Date = 24/05/2007 16:58:36 | Attr = HS]
VundoFix Backups → %SystemDrive%\VundoFix Backups → [Folder | Modified Date = 23/05/2007 19:53:26 | Attr = ]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 27/05/2007 07:36:04 | Attr = ]
$hf_mig$ → %SystemRoot%$hf_mig$ → [Folder | Modified Date = 22/05/2007 22:03:38 | Attr = H ]
$NtUninstallKB927891$ → %SystemRoot%$NtUninstallKB927891$ → [Folder | Modified Date = 23/05/2007 14:28:18 | Attr = H ]
$NtUninstallKB930916$ → %SystemRoot%$NtUninstallKB930916$ → [Folder | Modified Date = 09/05/2007 09:47:58 | Attr = H ]
assembly → %SystemRoot%\assembly → [Folder | Modified Date = 24/05/2007 00:53:22 | Attr = R S]
BOC423.INI → %SystemRoot%\BOC423.INI → [Ver = | Size = 57536 bytes | Modified Date = 24/05/2007 01:49:06 | Attr = ]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 27/05/2007 07:35:30 | Attr = S]
bw700.ini → %SystemRoot%\bw700.ini → [Ver = | Size = 13547 bytes | Modified Date = 10/05/2007 09:26:08 | Attr = ]
BW7Dir.ini → %SystemRoot%\BW7Dir.ini → [Ver = | Size = 767 bytes | Modified Date = 10/05/2007 09:26:06 | Attr = ]
Debug → %SystemRoot%\Debug → [Folder | Modified Date = 09/05/2007 09:48:08 | Attr = ]
Downloaded Program Files → %SystemRoot%\Downloaded Program Files → [Folder | Modified Date = 22/05/2007 22:35:12 | Attr = S]
Fonts → %SystemRoot%\Fonts → [Folder | Modified Date = 23/05/2007 23:22:14 | Attr = R S]
imsins.BAK → %SystemRoot%\imsins.BAK → [Ver = | Size = 1917 bytes | Modified Date = 24/05/2007 00:14:28 | Attr = ]
inf → %SystemRoot%\inf → [Folder | Modified Date = 23/05/2007 14:28:16 | Attr = H ]
Installer → %SystemRoot%\Installer → [Folder | Modified Date = 26/05/2007 21:14:18 | Attr = HS]
LEXSTAT.INI → %SystemRoot%\LEXSTAT.INI → [Ver = | Size = 91 bytes | Modified Date = 06/05/2007 18:33:16 | Attr = ]
NeroDigital.ini → %SystemRoot%\NeroDigital.ini → [Ver = | Size = 116 bytes | Modified Date = 27/05/2007 07:36:38 | Attr = ]
network diagnostic → %SystemRoot%\network diagnostic → [Folder | Modified Date = 24/05/2007 00:25:22 | Attr = ]
PREFETCH → %SystemRoot%\PREFETCH → [Folder | Modified Date = 27/05/2007 13:45:00 | Attr = ]
QTFont.for → %SystemRoot%\QTFont.for → [Ver = | Size = 1409 bytes | Modified Date = 16/05/2007 18:36:14 | Attr = ]
QTFont.qfn → %SystemRoot%\QTFont.qfn → [Ver = | Size = 54156 bytes | Modified Date = 17/05/2007 21:15:34 | Attr = H ]
Registration → %SystemRoot%\Registration → [Folder | Modified Date = 27/05/2007 07:37:46 | Attr = ]
system → %SystemRoot%\system → [Folder | Modified Date = 24/05/2007 17:13:10 | Attr = ]
system32 → %System32% → [Folder | Modified Date = 27/05/2007 07:36:08 | Attr = ]
Tasks → %SystemRoot%\Tasks → [Folder | Modified Date = 27/05/2007 07:38:40 | Attr = S]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 27/05/2007 13:45:52 | Attr = ]
win.ini → %SystemRoot%\win.ini → [Ver = | Size = 742 bytes | Modified Date = 12/05/2007 22:39:12 | Attr = ]
wowCP.ini → %SystemRoot%\wowCP.ini → [Ver = | Size = 286 bytes | Modified Date = 29/04/2007 15:48:50 | Attr = ]
AppleSoftwareUpdate.job → %SystemRoot%\tasks\AppleSoftwareUpdate.job → [Ver = | Size = 282 bytes | Modified Date = 13/05/2007 15:08:38 | Attr = ]
Check Updates for Windows Live Toolbar.job → %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job → [Ver = | Size = 254 bytes | Modified Date = 27/05/2007 13:11:02 | Attr = ]
MP Scheduled Scan.job → %SystemRoot%\tasks\MP Scheduled Scan.job → [Ver = | Size = 330 bytes | Modified Date = 27/05/2007 12:00:12 | Attr = H ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 27/05/2007 07:35:38 | Attr = H ]
CatRoot → %System32%\CatRoot → [Folder | Modified Date = 23/05/2007 14:30:58 | Attr = ]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 27/05/2007 07:36:18 | Attr = ]
config → %System32%\config → [Folder | Modified Date = 23/05/2007 14:29:06 | Attr = ]
CONFIG.NT → %System32%\CONFIG.NT → [Ver = | Size = 2577 bytes | Modified Date = 23/05/2007 22:46:48 | Attr = ]
DirectX → %System32%\DirectX → [Folder | Modified Date = 16/05/2007 18:31:52 | Attr = ]
dllcache → %System32%\dllcache → [Folder | Modified Date = 23/05/2007 14:28:10 | Attr = RHS]
drivers → %System32%\drivers → [Folder | Modified Date = 26/05/2007 21:19:32 | Attr = ]
FNTCACHE.DAT → %System32%\FNTCACHE.DAT → [Ver = | Size = 275760 bytes | Modified Date = 24/05/2007 22:44:14 | Attr = ]
Lang → %System32%\Lang → [Folder | Modified Date = 06/05/2007 18:59:22 | Attr = ]
NtmsData → %System32%\NtmsData → [Folder | Modified Date = 24/05/2007 13:17:16 | Attr = ]
nvapps.xml → %System32%\nvapps.xml → [Ver = | Size = 0 bytes | Modified Date = 23/05/2007 08:07:14 | Attr = ]
Restore → %System32%\Restore → [Folder | Modified Date = 24/05/2007 16:58:36 | Attr = ]
tablet.dat → %System32%\tablet.dat → [Ver = | Size = 336 bytes | Modified Date = 27/05/2007 07:36:08 | Attr = ]
wbem → %System32%\wbem → [Folder | Modified Date = 23/05/2007 14:28:42 | Attr = ]
wpa.dbl → %System32%\wpa.dbl → [Ver = | Size = 1158 bytes | Modified Date = 26/05/2007 22:01:20 | Attr = ]
avg7core.sys → %System32%\drivers\avg7core.sys → GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 23/05/2007 23:02:24 | Attr = ]
avg7rsw.sys → %System32%\drivers\avg7rsw.sys → GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 23/05/2007 23:02:26 | Attr = ]
avg7rsxp.sys → %System32%\drivers\avg7rsxp.sys → GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 23/05/2007 23:02:26 | Attr = ]
avgclean.sys → %System32%\drivers\avgclean.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 23/05/2007 23:02:28 | Attr = ]
avgmfx86.sys → %System32%\drivers\avgmfx86.sys → GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 23/05/2007 23:02:28 | Attr = ]
avgtdi.sys → %System32%\drivers\avgtdi.sys → GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 23/05/2007 23:02:28 | Attr = ]
etc → %System32%\drivers\etc → [Folder | Modified Date = 22/05/2007 22:35:12 | Attr = ]
secdrv.sys → %System32%\drivers\secdrv.sys → Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.00.060 | Size = 163644 bytes | Modified Date = 16/05/2007 09:05:18 | Attr = ]
[File String Scan - Non-Microsoft Only]
UPX0 , → %SystemRoot%\RTLCPL.EXE → Realtek Semiconductor Corp. [Ver = 1.0.1.51 | Size = 9710592 bytes | Modified Date = 21/09/2005 15:23:42 | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 10/08/2004 14:00:00 | Attr = ]
PEC2 , PECompact2 , → %System32%\DivX.dll → DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 01/02/2007 05:56:06 | Attr = ]
Thawte Consulting , → %System32%\rmoc3260.dll → RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 16/03/2007 17:53:38 | Attr = ]
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 10/08/2004 14:00:00 | Attr = ]
WSUD , UPX0 , → %System32%\dllcache\hwxjpn.dll → [Ver = | Size = 13463552 bytes | Modified Date = 10/08/2004 14:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , → %System32%\drivers\avg7core.sys → GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 23/05/2007 23:02:24 | Attr = ]
< End of report >
At last that took ages to cut and paste, is there a quicker way to have done so many posts than cut and paste?? Or should have I have done something to file to make it smaller. Sorry to forum owners for taking up so much valuable thread space, I can only hope it’s all been worth it
wee update. still having same issue, although I have made some progress. In my desperation to get my computer fixed and in the spirit of giving anything a bash I tried creating another administrators account. I then logged in to this account and hey presto everything starts up thats meant to start up??? What’s that all about? As I’ve run every spyware and malware and anti-virus program I could find and have found nothing do I just accept defeat on my main user setting and start afresh. Any ideas as to why on one setting, the original administrator setting, windows doesn’t seem to remember anything but on this new setting everything is ok. I’m baffled
Possibly the original avast! detection was a false-positive and deleted something involved in storing the settings for that administrator account? Just a guess really, but as the new admin account is working OK, you can simply delete the non-working admin account.
Did you run the rootkit scanners? I’ll let essexboy wade through the log he requested. If neither reveal anything, I’m pretty certain any problems you have are due to system error/corruption or a FP deletion of a critical component.
Did you run the TuneUp Utilities registry check?
In future please heed the advice about noting down the name of malware detected and moving any detected files into quarantine (the chest in avast!) as this would have saved a lot of trouble!
advice gladly taken, from now on I’ll pay much closer attention to whats happening on my computer. I had used every scanner available over the last few days and found nothing at all, in process of repeating all scans since discovered fix (hopefully) and just have to wait and see. cheers very much for your help one and all and I live in hope that no ones gonna come back and tell me that it’s not quite over yet.
And for anyone interested I have reinstalled avast av again, with avg install program waiting on the sidelines just incase.
well if ur OS files are corrupted beyond repair u can always repair us the window CD…
or if the data is too valuable then u can try recovering it from the disk
restoration.exe by brain kato
http://www.snapfiles.com/get/restoration.html
it works like magic…and does not require any installing…clean simply and effictive.as long as u did not write on them
Biggest winpfind I have come across so far, will take about an hour to analyse