Downloader Virus, vmmdiag32.exe help

OK, want to try and find some more services info.

Download the following file from here:
Getservice

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post. It's going to be huge, so may take up a couple of posts due to character limitations.

 

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Automatic LiveUpdate Scheduler
Manages the scheduling of Automatic LiveUpdate sessions
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic LiveUpdate Scheduler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Uses idle network bandwidth to transfer data.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccEvtMgr
Event propagation and logging service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "
LOAD_ORDER_GROUP : Symantec Core Services
TAG : 0
DISPLAY_NAME : Symantec Event Manager
DEPENDENCIES : RPCSS
: ccSetMgr
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccISPwdSvc
User account management service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Norton Internet Security\ccPwdSvc.exe "
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec Internet Security Password Validation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccProxy
Symantec Proxy Service
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe "
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Network Proxy
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccSetMgr
Settings storage and management service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe "
LOAD_ORDER_GROUP : Symantec Core Services
TAG : 0
DISPLAY_NAME : Symantec Settings Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: comHost
COM aggregation host service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Norton Internet Security\comHost.exe "
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : COM Host
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dcfssvc
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\drivers\dcfssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Dcfssvc
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

 

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Human Interface Device Access
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: IDriverT
Provides support for the Running Object Table for InstallShield Drivers
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : InstallDriver Table Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: iPodService
iPod hardware management services
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\iPod\bin\iPodService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : iPodService
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LiveUpdate
LiveUpdate Core Engine
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : LiveUpdate
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: MDM
Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE "
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Machine Debug Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

 

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Installs, repairs and removes software according to instructions contained in .MSI files.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: navapsvc
Handles Norton AntiVirus Auto-Protect events.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe "
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Norton AntiVirus Auto-Protect Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NSCService
Norton Console Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE "
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Norton Protection Center Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NVSvc
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\nvsvc32.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NVIDIA Driver Helper Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ose
Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PictureTaker
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\PCTKRNT.SYS
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : PictureTaker
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SAVScan
Handles Norton AntiVirus Auto-Protect Archive Scanning
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe "
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec AVScan
DEPENDENCIES : SAVRT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card Helper
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: NLA
: RasMan
: ALG
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe "
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Network Drivers Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SPBBCSvc
Symantec SPBBC
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe "
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec SPBBCSvc
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{6A104D15-C7BF-44ED-A3AB-2C68B37A3EBC}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Symantec Core LC
Symantec Core LC
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe "
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Core LC
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UMWdf
Enables Windows user mode drivers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wdfmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows User Mode Driver Framework
DEPENDENCIES : RpcSs
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: uploadmgr
Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Upload Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

 

Do I win a prize?


Seriously, thanks for all your work on this.

 

Sorry to say, that services log didn't give me any clues.

And no, you don't get a prize!!

Lets try another scanning tool to see what it shows me if anything.

Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.

• Open the folder and double-click on winpfind2.exe to start the program.
• Keep the standard settings and then in the AddOn-Options box click the checkbox for
  • HKCU_IEDesktop.def
  • Policies.def
  to select it.
• Under File Options click Select All
• Under Other Options put a check to both Show All boxes
• Please maximize the window in order to be able to view the Status Bar.
• Now click the Run All Scans button on the toolbar.
• When the scans are complete click the Extended Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.

 

The link isn't working. File not found.

 

Oppps.....here ya go, sorry about that:
http://download.bleepingcomputer.com/oldtimer/winpfind2.exe

 

Logfile created on: 11/14/2006 7:51:29 AM
WinPFind2 by OldTimer - Version 1.0.14 Folder = C:\Documents and Settings\Brad Rabideau\Desktop\WinPFind2\
Microsoft Windows XP (Version = )
Internet Explorer (Version - 6.0.2600.0000)


[Start Post #1]

Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)

smss.exe-----------------000612-----0003----------000004-----Normal---------
#\systemroot\system32\smss.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 45568 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

csrss.exe----------------000680-----0013----------000612-----Normal---------
#\??\c:\windows\system32\csrss.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4096 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

winlogon.exe-------------000704-----0017----------000612-----High-----------
#\??\c:\windows\system32\winlogon.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 430080 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

services.exe-------------000748-----0018----------000704-----Normal---------
#c:\windows\system32\services.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

lsass.exe----------------000760-----0020----------000704-----Normal---------
#c:\windows\system32\lsass.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11776 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

svchost.exe--------------000940-----0010----------000748-----Normal---------
#c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS]
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(RpcSs) C:\WINDOWS\system32\rpcss.dll
##(Microsoft Corporation [Ver = 5.1.2600.135 (xpclnt_qfe.021108-2107) | Size = 214528 bytes | Date = 3/5/2004 8:05:16 PM | Attr = ])

svchost.exe--------------001052-----0061----------000748-----Normal---------
#c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS]
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(AppMgmt) C:\WINDOWS\System32\appmgmts.dll
##(File not found)

----------------------------------------------------------------------------
#(AudioSrv) C:\WINDOWS\System32\audiosrv.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 37888 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(BITS) C:\WINDOWS\System32\qmgr.dll
##(Microsoft Corporation [Ver = 6.6.2600.1569 (xpsp2_gdr.040517-1325) | Size = 361984 bytes | Date = 7/1/2004 4:08:18 PM | Attr = ])

----------------------------------------------------------------------------
#(Browser) C:\WINDOWS\System32\browser.dll
##(Microsoft Corporation [Ver = 5.1.2600.105 (xpclnt_qfe.021108-2107) | Size = 48640 bytes | Date = 3/29/2004 7:25:40 PM | Attr = ])

----------------------------------------------------------------------------
#(CryptSvc) C:\WINDOWS\System32\cryptsvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 51200 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(Dhcp) C:\WINDOWS\System32\dhcpcsvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 98816 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(dmserver) C:\WINDOWS\System32\dmserver.dll
##(Microsoft Corp. [Ver = 2600.0.503.0 | Size = 21504 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(ERSvc) C:\WINDOWS\System32\ersvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 17408 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(EventSystem) C:\WINDOWS\System32\es.dll
##(Microsoft Corporation [Ver = 2001.12.4414.53 | Size = 226816 bytes | Date = 3/5/2004 8:05:04 PM | Attr = ])

----------------------------------------------------------------------------
#(FastUserSwitchingCompatibility) C:\WINDOWS\System32\shsvcs.dll
##(Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 114688 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
##(File not found)

----------------------------------------------------------------------------
#(HidServ) C:\WINDOWS\System32\hidserv.dll
##(File not found)

----------------------------------------------------------------------------
#(lanmanserver) C:\WINDOWS\System32\srvsvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 87040 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(lanmanworkstation) C:\WINDOWS\System32\wkssvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.121 (xpclnt_qfe.021108-2107) | Size = 119808 bytes | Date = 10/21/2003 4:42:58 PM | Attr = ])

----------------------------------------------------------------------------
#(Messenger) C:\WINDOWS\System32\msgsvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.121 (xpclnt_qfe.021108-2107) | Size = 32256 bytes | Date = 10/21/2003 4:42:58 PM | Attr = ])

----------------------------------------------------------------------------
#(Netman) C:\WINDOWS\System32\netman.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 147968 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(Nla) C:\WINDOWS\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(NtmsSvc) C:\WINDOWS\system32\ntmssvc.dll
##(Microsoft Corporation [Ver = 5.1.2400.1 | Size = 392192 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(RasAuto) C:\WINDOWS\System32\rasauto.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 82944 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(RasMan) C:\WINDOWS\System32\rasmans.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 159744 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(RemoteAccess) C:\WINDOWS\System32\mprdim.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(Schedule) C:\WINDOWS\system32\schedsvc.dll
##(Microsoft Corporation [Ver = 4.71.2600.1 (xpclient.010817-1148) | Size = 158720 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(seclogon) C:\WINDOWS\System32\seclogon.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 20992 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(SENS) C:\WINDOWS\system32\sens.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 35840 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(SharedAccess) C:\WINDOWS\System32\ipnathlp.dll
##(Microsoft Corporation [Ver = 5.1.2600.137 (xpclnt_qfe.021108-2107) | Size = 454656 bytes | Date = 3/29/2004 7:25:44 PM | Attr = ])

----------------------------------------------------------------------------
#(ShellHWDetection) C:\WINDOWS\System32\shsvcs.dll
##(Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 114688 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(srservice) C:\WINDOWS\System32\srsvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 155136 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(TapiSrv) C:\WINDOWS\System32\tapisrv.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 233984 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(TermService) C:\WINDOWS\System32\termsrv.dll
##(Microsoft Corporation [Ver = 5.1.2600.18 (xpclnt_qfe.010827-1803) | Size = 197632 bytes | Date = 12/11/2001 4:48:50 PM | Attr = ])

----------------------------------------------------------------------------
#(TermService) C:\WINDOWS\System32\termsrv.dll
##(Microsoft Corporation [Ver = 5.1.2600.18 (xpclnt_qfe.010827-1803) | Size = 197632 bytes | Date = 12/11/2001 4:48:50 PM | Attr = ])

----------------------------------------------------------------------------
#(Themes) C:\WINDOWS\System32\shsvcs.dll
##(Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 114688 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(TrkWks) C:\WINDOWS\system32\trkwks.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 80384 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(uploadmgr) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
##(File not found)

----------------------------------------------------------------------------
#(W32Time) C:\WINDOWS\System32\w32time.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 165376 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(winmgmt) C:\WINDOWS\system32\wbem\WMIsvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 100864 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(WmdmPmSN) C:\WINDOWS\System32\MsPMSNSv.dll
##(Microsoft Corporation [Ver = 10.0.3790.3802 | Size = 25088 bytes | Date = 1/28/2005 12:44:28 PM | Attr = ])

----------------------------------------------------------------------------
#(wuauserv) C:\WINDOWS\System32\wuauserv.dll
##(Microsoft Corporation [Ver = 5.4.2600.0 (XPClient.010817-1148) | Size = 4096 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(WZCSVC) C:\WINDOWS\System32\wzcsvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 184320 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

svchost.exe--------------001196-----0006----------000748-----Normal---------
#c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE]
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(Dnscache) C:\WINDOWS\System32\dnsrslvr.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 44032 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

svchost.exe--------------001216-----0014----------000748-----Normal---------
#c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE]
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(Alerter) C:\WINDOWS\system32\alrsvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 15872 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(LmHosts) C:\WINDOWS\System32\lmhsvc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12288 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(SSDPSRV) C:\WINDOWS\System32\ssdpsrv.dll
##(Microsoft Corporation [Ver = 5.1.2600.23 (xpclnt_qfe.010827-1803) | Size = 41472 bytes | Date = 12/17/2001 5:02:16 PM | Attr = ])

----------------------------------------------------------------------------
#(upnphost) C:\WINDOWS\System32\upnphost.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 162816 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(WebClient) C:\WINDOWS\System32\webclnt.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 61440 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

ccsetmgr.exe-------------001396-----0007----------000748-----Normal---------
#c:\program files\common files\symantec shared\ccsetmgr.exe
##(Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Date = 4/12/2006 11:30:24 AM | Attr = ])

ccevtmgr.exe-------------001428-----0020----------000748-----Normal---------
#c:\program files\common files\symantec shared\ccevtmgr.exe
##(Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Date = 4/12/2006 11:30:10 AM | Attr = ])

ccproxy.exe--------------001932-----0015----------000748-----Normal---------
#c:\program files\common files\symantec shared\ccproxy.exe
##(Symantec Corporation [Ver = 104.0.11.1 | Size = 202400 bytes | Date = 7/27/2006 4:08:40 PM | Attr = ])

sndsrvc.exe--------------001944-----0008----------000748-----Normal---------
#c:\program files\common files\symantec shared\sndsrvc.exe
##(Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Date = 8/7/2006 4:03:02 PM | Attr = ])

spbbcsvc.exe-------------002012-----0012----------000748-----Normal---------
#c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe
##(Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Date = 11/3/2005 10:06:22 PM | Attr = ])

symlcsvc.exe-------------002036-----0006----------000748-----Normal---------
#c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
##(Symantec Corporation [Ver = 1.9.1.826 | Size = 1123008 bytes | Date = 6/19/2006 10:51:18 PM | Attr = ])

spoolsv.exe--------------000552-----0015----------000748-----Normal---------
#c:\windows\system32\spoolsv.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 51200 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

alg.exe------------------001960-----0006----------000748-----Normal---------
#c:\windows\system32\alg.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 40960 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

aluschedulersvc.exe------000312-----0004----------000748-----Normal---------
#c:\program files\symantec\liveupdate\aluschedulersvc.exe
##(Symantec Corporation [Ver = 3.0.0.154 | Size = 100032 bytes | Date = 1/19/2006 10:29:54 AM | Attr = ])

dcfssvc.exe--------------002148-----0002----------000748-----Normal---------
#c:\windows\system32\drivers\dcfssvc.exe
##(Eastman Kodak Company [Ver = 1.1.4400.0 | Size = 188987 bytes | Date = 2/28/2002 12:35:06 PM | Attr = ])

mdm.exe------------------002176-----0004----------000748-----Normal---------
#c:\program files\common files\microsoft shared\vs7debug\mdm.exe
##(Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Date = 6/19/2003 10:25:00 PM | Attr = ])

navapsvc.exe-------------002192-----0011----------000748-----Normal---------
#c:\program files\norton internet security\norton antivirus\navapsvc.exe
##(Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Date = 2/5/2006 3:03:16 AM | Attr = ])

 

nvsvc32.exe--------------002240-----0002----------000748-----Normal---------
#c:\windows\system32\nvsvc32.exe
##(NVIDIA Corporation [Ver = 5.13.01.1520 | Size = 57344 bytes | Date = 8/30/2001 11:56:00 PM | Attr = ])

svchost.exe--------------002420-----0005----------000748-----Normal---------
#c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC]
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

----------------------------------------------------------------------------
#(stisvc) C:\WINDOWS\system32\wiaservc.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 314368 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

wdfmgr.exe---------------002472-----0004----------000748-----Normal---------
#c:\windows\system32\wdfmgr.exe
##(Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Date = 1/28/2005 12:44:28 PM | Attr = ])

nscsrvce.exe-------------003264-----0010----------000748-----Normal---------
#c:\program files\common files\symantec shared\security console\nscsrvce.exe
##(Symantec Corporation [Ver = 2006.1.6.2 | Size = 750768 bytes | Date = 8/31/2006 5:57:16 PM | Attr = ])

explorer.exe-------------001956-----0013----------000796-----Normal---------
#c:\windows\explorer.exe
##(Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 1000960 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

gwmdmmsg.exe-------------001560-----0002----------001956-----Normal---------
#c:\windows\gwmdmmsg.exe
##(GTW [Ver = 3.3.17 10/31/2001 20:10:32 | Size = 101615 bytes | Date = 12/4/2001 11:07:38 AM | Attr = ])

devldr32.exe-------------001524-----0004----------001956-----Normal---------
#c:\windows\system32\devldr32.exe
##(Creative Technology Ltd. [Ver = 1, 0, 0, 22 | Size = 25600 bytes | Date = 8/31/2001 3:44:30 PM | Attr = ])

e_s4i2l1.exe-------------000396-----0001----------001956-----Normal---------
#c:\windows\system32\spool\drivers\w32x86\3\e_s4i2l1.exe
##(SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Date = 6/2/2003 9:00:00 PM | Attr = ])

wkufind.exe--------------000660-----0001----------001956-----Normal---------
#c:\program files\common files\microsoft shared\works shared\wkufind.exe
##(Microsoft® Corporation [Ver = 6.00.3215.0 | Size = 28738 bytes | Date = 8/15/2001 11:41:58 PM | Attr = ])

realsched.exe------------004004-----0004----------001956-----Normal---------
#c:\program files\common files\real\update_ob\realsched.exe
##(RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Date = 5/25/2006 7:40:40 AM | Attr = ])

ccapp.exe----------------002328-----0054----------001956-----Normal---------
#c:\program files\common files\symantec shared\ccapp.exe
##(Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Date = 4/12/2006 11:30:06 AM | Attr = ])

aolsoftware.exe----------000264-----0014----------001956-----Normal---------
#c:\program files\common files\aol\1150858310\ee\aolsoftware.exe
##(America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Date = 4/20/2006 11:10:14 AM | Attr = ])

viewmgr.exe--------------000368-----0005----------001956-----Normal---------
#c:\program files\viewpoint\viewpoint manager\viewmgr.exe
##(Viewpoint Corporation [Ver = 2, 0, 0, 42 | Size = 111816 bytes | Date = 11/10/2004 10:15:32 PM | Attr = ])

jusched.exe--------------001368-----0001----------001956-----Normal---------
#c:\program files\java\jre1.5.0_06\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Date = 11/10/2005 12:03:52 PM | Attr = ])

msmsgs.exe---------------003196-----0002----------001956-----Normal---------
#c:\program files\messenger\msmsgs.exe
##(Microsoft Corporation [Ver = 4.0.0155 | Size = 1077277 bytes | Date = 8/2/2001 6:14:34 AM | Attr = ])

ctfmon.exe---------------002728-----0001----------001956-----Normal---------
#c:\windows\system32\ctfmon.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 13312 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

msupd01106218.exe--------002740-----0001----------001956-----Normal---------
#c:\msupd01106218.exe
##( [Ver = | Size = 3072 bytes | Date = 11/8/2006 5:35:24 PM | Attr = RHS])

easyshare.exe------------003840-----0004----------001956-----Normal---------
#c:\program files\kodak\kodak easyshare software\bin\easyshare.exe
##(Eastman Kodak Company [Ver = 2, 0, 4, 57 | Size = 299008 bytes | Date = 9/16/2002 2:42:06 PM | Attr = ])

wkcalrem.exe-------------003620-----0002----------001956-----Normal---------
#c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
##(Microsoft® Corporation [Ver = 6.00.1911.0 | Size = 24633 bytes | Date = 8/6/2001 6:06:54 PM | Attr = ])

wuauclt.exe--------------003016-----0003----------001052-----Normal---------
#c:\windows\system32\wuauclt.exe
##(Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 124184 bytes | Date = 5/26/2005 3:16:30 AM | Attr = ])

msupd02.exe--------------000476-----0001----------003404-----Normal---------
#c:\msupd02.exe
##( [Ver = | Size = 32256 bytes | Date = 11/14/2006 1:48:02 PM | Attr = ])

iexplore.exe-------------002320-----0013----------000940-----Normal---------
#c:\program files\internet explorer\iexplore.exe
##(Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 91136 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

urlmap.exe---------------003144-----0008----------000940-----Normal---------
#c:\program files\microsoft money\system\urlmap.exe
##(Microsoft Corporation [Ver = 10.00.0809 | Size = 49206 bytes | Date = 7/25/2001 9:00:00 AM | Attr = ])

winpfind2.exe------------001864-----0002----------001956-----Normal---------
#c:\documents and settings\brad rabideau\desktop\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.14.0 | Size = 397312 bytes | Date = 11/6/2006 7:01:08 PM | Attr = ])


Registry Entries

#Value
##(Version Info)

<<< >> Internet Explorer Settings << >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.google.com/
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL
#http://www.gateway.net
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#C:\WINDOWS\System32\blank.htm
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.google.com/
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar
#http://www.google.com/ie
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.google.com
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#C:\WINDOWS\System32\blank.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch
#http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant
#http://www.google.com/ie
##

HKCU\Software\Microsoft\Internet Explorer\urlSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
#Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2750.167 | Size = 1332224 bytes | Date = 8/27/2004 11:57:18 AM | Attr = ])

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
#0
##

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride
#localhost
##

<<< >> BHO's << >>>

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
#AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
##(Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Date = 9/23/2005 8:12:08 PM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
#Reg Data - Value does not exist = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
##(Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Date = 5/31/2005 1:04:00 AM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
#SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Date = 11/10/2005 12:22:12 PM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
#AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
##(AOL LLC [Ver = 3.1.38.2 | Size = 712704 bytes | Date = 4/19/2006 12:27:26 PM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
#CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
##(Symantec Corporation [Ver = 9.1.0.33 | Size = 94384 bytes | Date = 2/7/2006 1:35:48 AM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
#CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
##(Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Date = 2/5/2006 3:03:32 AM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
#Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
#Reg Data - Value does not exist = C:\Program Files\Microsoft Money\System\mnyviewer.dll
##(Microsoft Corporation [Ver = 10.00.0809 | Size = 143420 bytes | Date = 7/25/2001 9:00:00 AM | Attr = ])

<<< >> Internet Explorer Bars, Toolbars and Extensions << >>>

<<< HKLM-> Internet Explorer Bars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
#Reg Data - Key not found = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
#&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2750.167 | Size = 1332224 bytes | Date = 8/27/2004 11:57:18 AM | Attr = ])

<<< HKCU-> Internet Explorer Bars >>>

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
#Search Band = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2737.1600 | Size = 1024512 bytes | Date = 1/16/2004 2:29:32 AM | Attr = ])

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
#Media Band = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2737.1600 | Size = 1024512 bytes | Date = 1/16/2004 2:29:32 AM | Attr = ])

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
#Reg Data - Key not found = Reg Data - Key not found
##(File not found)

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
#File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2600.115 (xpclnt_qfe.021108-2107) | Size = 8223744 bytes | Date = 6/11/2003 12:53:06 PM | Attr = ])

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
#Favorites Band = %SystemRoot%\System32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2750.167 | Size = 1332224 bytes | Date = 8/27/2004 11:57:18 AM | Attr = ])

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
#History Band = %SystemRoot%\System32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2750.167 | Size = 1332224 bytes | Date = 8/27/2004 11:57:18 AM | Attr = ])

<<< HKLM-> Internet Explorer ToolBars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
#Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
##(Symantec Corporation [Ver = 9.1.0.33 | Size = 94384 bytes | Date = 2/7/2006 1:35:48 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar2.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{8E718888-423F-11D2-876E-00A0C9082467}
#&Radio = C:\WINDOWS\System32\msdxm.ocx
##( [Ver = | Size = 844048 bytes | Date = 9/17/2003 10:01:28 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{C4069E3A-68F1-403E-B40E-20066696354B}
#Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
##(Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Date = 2/5/2006 3:03:32 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{DE9C389F-3316-41A7-809B-AA305ED9D922}
#AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
##(AOL LLC [Ver = 3.1.38.2 | Size = 712704 bytes | Date = 4/19/2006 12:27:26 PM | Attr = ])

<<< HKCU-> Internet Explorer ToolBars >>>

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar2.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
#Reg Data - Key not found = Reg Data - Key not found
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2737.1600 | Size = 1024512 bytes | Date = 1/16/2004 2:29:32 AM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
#Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
##(Symantec Corporation [Ver = 9.1.0.33 | Size = 94384 bytes | Date = 2/7/2006 1:35:48 AM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2600.115 (xpclnt_qfe.021108-2107) | Size = 8223744 bytes | Date = 6/11/2003 12:53:06 PM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar2.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
#Reg Data - Key not found = Reg Data - Key not found
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B}
#Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
##(Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Date = 2/5/2006 3:03:32 AM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922}
#AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
##(AOL LLC [Ver = 3.1.38.2 | Size = 712704 bytes | Date = 4/19/2006 12:27:26 PM | Attr = ])

<<< HKCU-> Internet Explorer CmdMapping >>>

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#8193 - Sun Java Console
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578}
#8198 - Reg Data - Value does not exist
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#8194 - Reg Data - Value does not exist
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
#8192 - Reg Data - Key not found
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
#8195 - @shdoclc.dll,-864
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
#8196 - Reg Data - Value does not exist
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}
#8197 - Reg Data - Value does not exist
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
#8199
##

<<< HKLM-> Internet Explorer Extensions >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Date = 11/10/2005 12:22:12 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Date = 11/10/2005 12:22:12 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}
#ButtonText: AOL Toolbar = Reg Data - Value does not exist
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#ButtonText: Research = Reg Data - Value does not exist
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
#ButtonText: @shdoclc.dll,-866 = %SystemRoot%\web\related.htm
##( [Ver = | Size = 654 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
#ButtonText: MoneySide = Reg Data - Value does not exist
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}
#ButtonText: eBay - Homepage = C:\Program Files\IrfanView\Ebay\Ebay.htm
##( [Ver = | Size = 378 bytes | Date = 1/16/2005 2:02:48 PM | Attr = ])

<<< HKCU-> Internet Explorer Menu Extensions >>>

HKCU\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar Search
#c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Google Search
#res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word
#res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Backward Links
#res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page
#res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
#res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
##(Microsoft Corporation [Ver = 11.0.6113 | Size = 10074304 bytes | Date = 1/15/2004 11:40:56 PM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages
#res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English
#res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 2/14/2006 7:05:30 PM | Attr = R ])

<<< HKLM-> Internet Explorer Plugins >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.spop
#Reg Data - Value does not exist = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
##(InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Date = 1/30/2001 12:56:24 PM | Attr = ])

<<< >> Approved Shell Extensions (Non-Microsoft only) << >>>

<<< HKLM-> Approved Shell Extensions >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\
# = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#Taskbar and Start Menu = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{42071714-76d4-11d1-8b24-00a0c9068ff3}
#Display Panning CPL Extension = deskpan.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{764BF0E1-F219-11ce-972D-00AA00A14F56}
#Shell extensions for file compression = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{7A9D77BD-5403-11d2-8785-2E0420524153}
#User Accounts = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
#Encryption Context Menu = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{88895560-9AA2-1069-930E-00AA0030EBC8}
#HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{acb4a560-3606-11d3-aef4-00104bd0f92d}
#KodakShellExtension = C:\Program Files\Common Files\Kodak\IFScore\shellext.dll
##(Eastman Kodak Company [Ver = 2.0.1900.0 | Size = 360501 bytes | Date = 6/7/2002 9:42:50 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
#Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll
##(RealNetworks, Inc. [Ver = 1.0.1.2237 | Size = 49198 bytes | Date = 5/25/2006 7:40:52 AM | Attr = ])

<<< >> ContextMenuHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ContextMenuHandlers >>>

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
#{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
##(Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Date = 2/5/2006 3:03:32 AM | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
#{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
##(Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Date = 2/5/2006 3:03:32 AM | Attr = ])

<<< >> ColumnHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ColumnHandlers >>>

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
#PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
##(Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Date = 12/14/2004 2:20:02 AM | Attr = ])

<<< >> File Associations Keys << >>>

HKLM\SOFTWARE\Classes\.bat\\''
#batfile
##

HKLM\SOFTWARE\Classes\batfile\shell\open\command\\''
# "%1" %*
##

HKLM\SOFTWARE\Classes\.cmd\\''
#cmdfile
##

HKLM\SOFTWARE\Classes\cmdfile\shell\open\command\\''
# "%1" %*
##

HKLM\SOFTWARE\Classes\.com\\''
#comfile
##

HKLM\SOFTWARE\Classes\comfile\shell\open\command\\''
# "%1" %*
##

HKLM\SOFTWARE\Classes\.exe\\''
#exefile
##

HKLM\SOFTWARE\Classes\exefile\shell\open\command\\''
# "%1" %*
##

HKLM\SOFTWARE\Classes\.hta\\''
#htafile
##

HKLM\SOFTWARE\Classes\htafile\shell\open\command\\''
#C:\WINDOWS\System32\mshta.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.js\\''
#JSFile
##

HKLM\SOFTWARE\Classes\jsfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.jse\\''
#JSEFile
##

HKLM\SOFTWARE\Classes\jsefile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.scr\\''
#scrfile
##

HKLM\SOFTWARE\Classes\scrfile\shell\open\command\\''
# "%1" /S
##

HKLM\SOFTWARE\Classes\.vbe\\''
#VBEFile
##

HKLM\SOFTWARE\Classes\vbefile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.vbs\\''
#VBSFile
##

HKLM\SOFTWARE\Classes\vbsfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.wsf\\''
#WSFFile
##

HKLM\SOFTWARE\Classes\wsffile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.wsh\\''
#WSHFile
##

HKLM\SOFTWARE\Classes\wshfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.txt\\''
#txtfile
##

HKLM\SOFTWARE\Classes\txtfile\shell\open\command\\''
#%SystemRoot%\system32\NOTEPAD.EXE %1
##

<<< >> Registry Run Keys << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ccApp
# "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
##(Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Date = 4/12/2006 11:30:06 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus CX6400
#C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400 "
##(SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Date = 6/2/2003 9:00:00 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GWMDMMSG
#GWMDMMSG.exe
##(GTW [Ver = 3.3.17 10/31/2001 20:10:32 | Size = 101615 bytes | Date = 12/4/2001 11:07:38 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HostManager
#C:\Program Files\Common Files\AOL\1150858310\ee\AOLSoftware.exe
##(America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Date = 4/20/2006 11:10:14 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IPHSend
#C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
##(America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Date = 2/17/2006 10:59:48 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft Works Portfolio
#C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
##(Microsoft® Corporation [Ver = 6.00.3221.2 | Size = 331830 bytes | Date = 8/22/2001 4:52:52 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft Works Update Detection
#C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
##(Microsoft® Corporation [Ver = 6.00.3215.0 | Size = 28738 bytes | Date = 8/15/2001 11:41:58 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MoneyStartUp10.0
# "C:\Program Files\Microsoft Money\System\Activation.exe "
##(Microsoft Corporation [Ver = 10.00.0809 | Size = 241714 bytes | Date = 7/25/2001 9:00:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ms
#c:\msupd02.exe
##( [Ver = | Size = 32256 bytes | Date = 11/14/2006 1:48:02 PM | Attr = ])

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon
#RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 31744 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task
# "C:\Program Files\QuickTime\qttask.exe" -atboottime
##(Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Date = 9/21/2006 7:17:14 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SSC_UserPrompt
# "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
##(Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240 bytes | Date = 11/2/2004 5:59:52 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched
#C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Date = 11/10/2005 12:03:52 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe
# "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
##(RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Date = 5/25/2006 7:40:40 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ViewMgr
#C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
##(Viewpoint Corporation [Ver = 2, 0, 0, 42 | Size = 111816 bytes | Date = 11/10/2004 10:15:32 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WorksFUD
#C:\Program Files\Microsoft Works\wkfud.exe
##(Microsoft® Corporation [Ver = 6.00.3221.3 | Size = 24576 bytes | Date = 10/4/2001 7:34:52 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
#Installed = 1
##

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AIM
#C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
##(File not found)

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe
#C:\WINDOWS\System32\ctfmon.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 13312 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGS
# "C:\Program Files\Messenger\msmsgs.exe" /background
##(Microsoft Corporation [Ver = 4.0.0155 | Size = 1077277 bytes | Date = 8/2/2001 6:14:34 AM | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\updateMgr
#C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
##(Adobe Systems Incorporated [Ver = 3.1.0.7 | Size = 307200 bytes | Date = 8/18/2005 10:49:06 AM | Attr = R ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinMedia
#c:\msupd01106218.exe
##( [Ver = | Size = 3072 bytes | Date = 11/8/2006 5:35:24 PM | Attr = RHS])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Winsth
#C:\msupd01133593.exe
##(File not found)

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Winstq
#c:\msupd01133593.exe
##(File not found)

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Pager
#C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
##( [Ver = | Size = 3084288 bytes | Date = 8/19/2005 7:34:02 PM | Attr = ])

<<< >> Miscellaneous Startup Keys << >>>

<<< AppInit DLLs >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
#
##(File not found)

<<< Image File Execution Options >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
#Debugger = ntsd -d
##

<<< Shell Service Object Delay Load >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2600.115 (xpclnt_qfe.021108-2107) | Size = 8223744 bytes | Date = 6/11/2003 12:53:06 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2600.115 (xpclnt_qfe.021108-2107) | Size = 8223744 bytes | Date = 6/11/2003 12:53:06 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 117760 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
##(Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 258560 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

<<< Shell Execute Hooks >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
#URL Exec Hook = shell32.dll
##(Microsoft Corporation [Ver = 6.00.2600.115 (xpclnt_qfe.021108-2107) | Size = 8223744 bytes | Date = 6/11/2003 12:53:06 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FBF23B40-E3F0-101B-8488-00AA003E56F8}
#Internet Shortcut = shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2750.167 | Size = 1332224 bytes | Date = 8/27/2004 11:57:18 AM | Attr = ])

<<< Shared Task Scheduler >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
#Browseui preloader = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2737.1600 | Size = 1024512 bytes | Date = 1/16/2004 2:29:32 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}
#Component Categories cache daemon = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2737.1600 | Size = 1024512 bytes | Date = 1/16/2004 2:29:32 AM | Attr = ])

<<< SafeBoot Option >>>

<<< HKLM Command Processor AutoRun >>>

HKLM\SOFTWARE\Microsoft\Command Processor\\AutoRun
#
##

<<< HKCU Command Processor AutoRun >>>

<<< Security Providers >>>

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
#msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
##

<<< BootExecute >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute
#autocheck autochk *;
##

<<< PendingFileRenameOperations >>>

<<< FileRenameOperations >>>

<<< ExcludeFromKnownDlls >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\ExcludeFromKnownDlls
#
##

<<< >> Disabled MSConfig Items << >>>

<<< >> User Agent Post Platform << >>>

<<< >> Winlogon << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\AltDefaultDomainName
#GEORGE
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\AltDefaultUserName
#Brad Rabideau
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\AutoAdminLogon
#Reg Data - Value does not exist
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\DefaultDomainName
#GEORGE
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\DefaultUserName
#Brad Rabideau
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
#Explorer.exe vmmdiag32.exe
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 21504 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet
#rundll32 shell32,Control_RunDLL "sysdm.cpl "
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.1123 (xpsp2.020921-0842) | Size = 544256 bytes | Date = 9/23/2002 2:10:26 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.0 (xpclient.010817-1148) | Size = 53248 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 89600 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 86016 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 86016 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 86016 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 86016 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 86016 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

<<< >> DNS Name Servers << >>>

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F7D394A-4994-4261-A093-4A8B94ED1C5F}
# ()
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{581923F4-B576-480A-8D71-E50A9ABC2721}
# (1394 Net Adapter)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E2B1C38C-A162-4D71-8C5B-361D7944723D}
# (Intel(R) PRO/100 VE Network Connection)
##

<<< >> All Winsock2 Catalogs << >>>

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
#%SystemRoot%\System32\winrnr.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 14848 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

<<< >> Protocol Handlers (Non-Microsoft only) << >>>

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio
#C:\WINDOWS\System32\msdxm.ocx
##( [Ver = | Size = 844048 bytes | Date = 9/17/2003 10:01:28 AM | Attr = ])

<<< >> Protocol Filters (Non-Microsoft only) << >>>



[Start Post #2]

Services
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)

Application Layer Gateway Service--ALG--On Demand--Running--Win32, running in it's own process--
#C:\WINDOWS\System32\alg.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 40960 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Windows Audio--AudioSrv--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Automatic LiveUpdate Scheduler--Automatic LiveUpdate Scheduler--Automatic--Running--Win32, running in it's own process--
# "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "
##(Symantec Corporation [Ver = 3.0.0.154 | Size = 100032 bytes | Date = 1/19/2006 10:29:54 AM | Attr = ])

Background Intelligent Transfer Service--BITS--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Computer Browser--Browser--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Symantec Event Manager--ccEvtMgr--Automatic--Running--Win32, running in it's own process--
# "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "
##(Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Date = 4/12/2006 11:30:10 AM | Attr = ])

Symantec Network Proxy--ccProxy--Automatic--Running--Win32, running in it's own process--
# "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe "
##(Symantec Corporation [Ver = 104.0.11.1 | Size = 202400 bytes | Date = 7/27/2006 4:08:40 PM | Attr = ])

Symantec Settings Manager--ccSetMgr--Automatic--Running--Win32, running in it's own process--
# "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe "
##(Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Date = 4/12/2006 11:30:24 AM | Attr = ])

Cryptographic Services--CryptSvc--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Dcfssvc--Dcfssvc--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\drivers\dcfssvc.exe
##(Eastman Kodak Company [Ver = 1.1.4400.0 | Size = 188987 bytes | Date = 2/28/2002 12:35:06 PM | Attr = ])

DHCP Client--Dhcp--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

DNS Client--Dnscache--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k NetworkService
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Error Reporting Service--ERSvc--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Event Log--Eventlog--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\services.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

COM+ Event System--EventSystem--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Help and Support--helpsvc--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Server--lanmanserver--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Workstation--lanmanworkstation--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

TCP/IP NetBIOS Helper--LmHosts--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k LocalService
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Machine Debug Manager--MDM--Automatic--Running--Win32, running in it's own process--
# "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE "
##(Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Date = 6/19/2003 10:25:00 PM | Attr = ])

Norton AntiVirus Auto-Protect Service--navapsvc--Automatic--Running--Win32, running in it's own process--
# "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe "
##(Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Date = 2/5/2006 3:03:16 AM | Attr = ])

 

Network Connections--Netman--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Network Location Awareness (NLA)--Nla--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Norton Protection Center Service--NSCService--On Demand--Running--Win32, running in it's own process--
# "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE "
##(Symantec Corporation [Ver = 2006.1.6.2 | Size = 750768 bytes | Date = 8/31/2006 5:57:16 PM | Attr = ])

NVIDIA Driver Helper Service--NVSvc--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\System32\nvsvc32.exe
##(NVIDIA Corporation [Ver = 5.13.01.1520 | Size = 57344 bytes | Date = 8/30/2001 11:56:00 PM | Attr = ])

Plug and Play--PlugPlay--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\services.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

IPSEC Services--PolicyAgent--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\lsass.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11776 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Protected Storage--ProtectedStorage--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\lsass.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11776 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Remote Access Auto Connection Manager--RasAuto--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Remote Access Connection Manager--RasMan--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Remote Procedure Call (RPC)--RpcSs--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost -k rpcss
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Security Accounts Manager--SamSs--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\lsass.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11776 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Task Scheduler--Schedule--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Secondary Logon--seclogon--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

System Event Notification--SENS--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)--SharedAccess--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Shell Hardware Detection--ShellHWDetection--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Symantec Network Drivers Service--SNDSrvc--Automatic--Running--Win32, running in it's own process--
# "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe "
##(Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Date = 8/7/2006 4:03:02 PM | Attr = ])

Symantec SPBBCSvc--SPBBCSvc--Automatic--Running--Win32, running in it's own process--
# "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe "
##(Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Date = 11/3/2005 10:06:22 PM | Attr = ])

Print Spooler--Spooler--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\spoolsv.exe
##(Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 51200 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

System Restore Service--srservice--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

SSDP Discovery Service--SSDPSRV--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k LocalService
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Windows Image Acquisition (WIA)--stisvc--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k imgsvc
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Symantec Core LC--Symantec Core LC--Automatic--Running--Win32, running in it's own process--
# "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe "
##(Symantec Corporation [Ver = 1.9.1.826 | Size = 1123008 bytes | Date = 6/19/2006 10:51:18 PM | Attr = ])

Telephony--TapiSrv--On Demand--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Themes--Themes--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Distributed Link Tracking Client--TrkWks--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Windows User Mode Driver Framework--UMWdf--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\System32\wdfmgr.exe
##(Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Date = 1/28/2005 12:44:28 PM | Attr = ])

Upload Manager--uploadmgr--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Windows Time--W32Time--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

WebClient--WebClient--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k LocalService
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Windows Management Instrumentation--winmgmt--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Automatic Updates--wuauserv--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\system32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Wireless Zero Configuration--WZCSVC--Automatic--Running--Win32, running in a shared process--
#C:\WINDOWS\System32\svchost.exe -k netsvcs
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])


Files
Full Path
#Details

%SystemDrive%
#

C:\combofix.exe
#UPX! ( [Ver = 06.10.19. | Size = 276918 bytes | Date = 11/2/2006 1:49:54 PM | Attr = ])

C:\msupd01161187.exe
#SAHAgent ( [Ver = | Size = 24576 bytes | Date = 11/6/2006 9:35:10 AM | Attr = ])

C:\msupd01161187.exe
#KavSvc ( [Ver = | Size = 24576 bytes | Date = 11/6/2006 9:35:10 AM | Attr = ])

C:\msupd01173906.exe
#SAHAgent ( [Ver = | Size = 24576 bytes | Date = 11/7/2006 10:34:24 AM | Attr = ])

C:\msupd01173906.exe
#KavSvc ( [Ver = | Size = 24576 bytes | Date = 11/7/2006 10:34:24 AM | Attr = ])

C:\msupd02.exe
#UPX! ( [Ver = | Size = 32256 bytes | Date = 11/14/2006 1:48:02 PM | Attr = ])

%ProgramFilesDir%
#

%WinDir%
#

%System%
#

C:\WINDOWS\SYSTEM32\dfrg.msc
#PEC2 ( [Ver = | Size = 41397 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PEC2 (DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Date = 10/26/2004 4:38:24 PM | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PECompact2 (DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Date = 10/26/2004 4:38:24 PM | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
#WSUD (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\rasdlg.dll
#Umonitor (Microsoft Corporation [Ver = 5.1.2600.28 (xpclnt_qfe.010827-1803) | Size = 630784 bytes | Date = 2/12/2002 5:14:12 PM | Attr = ])

C:\WINDOWS\SYSTEM32\swsc.exe
#UPX! ( [Ver = | Size = 40960 bytes | Date = 11/25/2005 5:48:28 PM | Attr = ])

C:\WINDOWS\SYSTEM32\wbdbase.deu
#winsync ( [Ver = | Size = 1309184 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\WMOggPlayer.dll
#UPX! (Electronic-Group [Ver = 1, 0, 0, 4 | Size = 286208 bytes | Date = 10/18/2005 7:34:18 PM | Attr = ])

%System%\Drivers folder and sub-folders
#

%windir% + sub-dirs for System or Hidden files less than 60 days old
#

C:\WINDOWS\bootstat.dat
# ( [Ver = | Size = 2048 bytes | Date = 11/13/2006 7:45:12 AM | Attr = S])

C:\WINDOWS\system32\config\default.LOG
# ( [Ver = | Size = 1024 bytes | Date = 11/14/2006 7:34:28 AM | Attr = H ])

C:\WINDOWS\system32\config\SAM.LOG
# ( [Ver = | Size = 1024 bytes | Date = 11/14/2006 7:30:18 AM | Attr = H ])

C:\WINDOWS\system32\config\SECURITY.LOG
# ( [Ver = | Size = 1024 bytes | Date = 11/14/2006 7:20:44 AM | Attr = H ])

C:\WINDOWS\system32\config\software.LOG
# ( [Ver = | Size = 1024 bytes | Date = 11/14/2006 7:46:38 AM | Attr = H ])

C:\WINDOWS\system32\config\system.LOG
# ( [Ver = | Size = 1024 bytes | Date = 11/14/2006 7:31:00 AM | Attr = H ])

C:\WINDOWS\Tasks\SA.DAT
# ( [Ver = | Size = 6 bytes | Date = 11/13/2006 7:45:22 AM | Attr = H ])

CPL files
#

C:\WINDOWS\SYSTEM32\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 66048 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 558592 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 130048 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 150016 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\inetcpl.cpl
# (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 294912 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 119808 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\joy.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 208896 bytes | Date = 8/29/2002 3:41:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\jpicpl32.cpl
# (Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49265 bytes | Date = 11/10/2005 12:03:50 PM | Attr = ])

C:\WINDOWS\SYSTEM32\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 559616 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.520.7713.0 | Size = 36864 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 109056 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 270848 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\telephon.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\timedate.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\wuaucpl.cpl
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 5/26/2005 3:16:30 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 66048 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 558592 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 130048 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 150016 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
# (Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 292352 bytes | Date = 8/29/2002 8:14:40 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 119808 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 208896 bytes | Date = 8/29/2002 3:41:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 559616 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.520.7713.0 | Size = 36864 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 109056 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
# (Microsoft Corporation [Ver = 5.1.4111.00 (XPClient.010817-1148) | Size = 147456 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 270848 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 8/30/2001 4:30:00 AM | Attr = ])

Auto-Start Folders
#

HKLM->Explorer\Shell Folders\\Common Startup
# = C:\Documents and Settings\All Users\Start Menu\Programs\Startup

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
#C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Date = 9/23/2005 10:05:26 PM | Attr = ])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
#( [Ver = | Size = 84 bytes | Date = 6/16/2004 1:38:42 PM | Attr = HS])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
#C:\Program Files\SIFXINST\SIFXINST.EXE (LANovation [Ver = 3.1 | Size = 569344 bytes | Date = 6/16/2004 2:29:40 PM | Attr = ])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
#C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company [Ver = 2, 0, 4, 57 | Size = 299008 bytes | Date = 9/16/2002 2:42:06 PM | Attr = ])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
#C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation [Ver = 10.0.2609 | Size = 83360 bytes | Date = 2/13/2001 12:01:04 AM | Attr = ])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
#C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation [Ver = 6.00.1911.0 | Size = 24633 bytes | Date = 8/6/2001 6:06:54 PM | Attr = ])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Uninstall.exe
#( [Ver = | Size = 2560 bytes | Date = 10/30/2006 2:02:54 PM | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup
# = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup
# = C:\Documents and Settings\Brad Rabideau\Start Menu\Programs\Startup

C:\Documents and Settings\Brad Rabideau\Start Menu\Programs\Startup\desktop.ini
#( [Ver = | Size = 84 bytes | Date = 6/16/2004 1:38:42 PM | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup
# = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
#

System.ini->[Boot]\\Shell
#Explorer.exe vmmdiag32.exe

Config.nt: Line 54
#dos=high, umb

Config.nt: Line 55
#device=%SystemRoot%\system32\himem.sys

Config.nt: Line 56
#files=40

AutoExec.nt: Line 1
#@echo off

AutoExec.nt: Line 8
#lh %SystemRoot%\system32\mscdexnt.exe

 

AutoExec.nt: Line 11
#lh %SystemRoot%\system32\redir

AutoExec.nt: Line 14
#lh %SystemRoot%\system32\dosx

AutoExec.nt: Line 36
#SET BLASTER=A220 I5 D1 P330 T3

Miscellaneous Folders
#

AllUsers ApplicationData Folder
#

C:\Documents and Settings\All Users\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 6/16/2004 7:20:42 AM | Attr = HS])

CurrentUser ApplicationData Folder
#

C:\Documents and Settings\Brad Rabideau\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 6/16/2004 7:20:42 AM | Attr = HS])

C:\Documents and Settings\Brad Rabideau\Application Data\GDIPFONTCACHEV1.DAT
# ( [Ver = | Size = 59000 bytes | Date = 7/19/2005 2:21:20 PM | Attr = ])

Program Files Folder
#

Common Files Folder
#

DPF files
#

{01010E00-5E80-11D8-9E86-0007E96C65AE}
#SupportSoft SmartIssue - CodeBase = http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
#QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
#YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll

{3BFFE033-BF43-11D5-A271-00A024A51325}
#iNotes6 Class - CodeBase = https://mymail.humana.com/iNotes6W.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93}
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{A8683C98-5341-421B-B23C-8514C05354F1}
#FujifilmUploader Class - CodeBase = http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

{BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3}
#OggPlayer Class - CodeBase = http://www.one2one.com/static/class/WMOggPlayer.cab

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
#Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000}
#Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Hosts file = 686 bytes. Reading all entries.
#C:\WINDOWS\System32\drivers\etc\Hosts

# Copyright © 1993-1999 Microsoft Corp.
#

#
#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#

#
#

# This file contains the mappings of IP addresses to host names. Each
#

# entry should be kept on an individual line. The IP address should
#

# be placed in the first column followed by the corresponding host name.
#

# The IP address and the host name should be separated by at least one
#

# space.
#

#
#

# Additionally, comments (such as these) may be inserted on individual
#

# lines or following the machine name denoted by a "#" symbol.
#

#
#

# For example:
#

#
#

# 102.54.94.97 rhino.acme.com # source server
#

# 38.25.63.10 x.acme.com # x client host
#

#
#

127.0.0.1 localhost
#



[Start Post #3]

AddOn's

#Info or Value


#

< KEY HKCU\Software\Microsoft\Internet Explorer\Desktop (Include SUBKEYS) >


#

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
#

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\\DeskHtmlVersion
#272

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\\DeskHtmlMinorVersion
#5

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\\Settings
#1

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\\GeneralFlags
#5

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0
#

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\\Source
#About:Home

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\\SubscribedURL
#About:Home

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\\FriendlyName
#My Current Home Page

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\\Flags
#2

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\\Position
#2C 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 DE 03 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\\CurrentState
#04 00 00 40

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\\OriginalStateInfo
#18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\\RestoredStateInfo
#18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00

HKCU\Software\Microsoft\Internet Explorer\Desktop\General
#

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallpaper
#%USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\WallpaperFileTime
#A0 18 C6 C0 7C F3 C6 01

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\WallpaperLocalFileTime
#A0 10 F0 D7 52 F3 C6 01

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\TileWallpaper
#0

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\WallpaperStyle
#2

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\Wallpaper
#%USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\ComponentsPositioned
#1

HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas
#

HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas\\NoOfOldWorkAreas
#1

HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas\\OldWorkAreaRects
#00 00 00 00 00 00 00 00 00 05 00 00 DE 03 00 00

HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode
#

HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General
#

HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\\Wallpaper
#%SystemRoot%\Web\SafeMode.htt

HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\\VisitGallery
#0

HKCU\Software\Microsoft\Internet Explorer\Desktop\Scheme
#

HKCU\Software\Microsoft\Internet Explorer\Desktop\Scheme\\Edit
#

HKCU\Software\Microsoft\Internet Explorer\Desktop\Scheme\\Display
#


#

< KEY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies (Include SUBKEYS) >


#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
#1073741857

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#32

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\\Key
#6A 43 C0 6D 10 1F 82 D4 98 4A D4 A1 03 67 93 F8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\\Hint
#brads badge

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\\FileName0
#C:\WINDOWS\System32\RSACi.rat

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\\Allow_Unknowns
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\\PleaseMom
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\\Enabled
#0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\v
#0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\s
#0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\n
#0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\l
#0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\\NumSys
#0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\\dwFlags
#0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\\errLine
#0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\\PRNumPolicy
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUNonWild
#29

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUHost
#www.4wheelparts.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUPath
#/4wp/products/productLine.asp

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUUrl
#http://www.4wheelparts.com/4wp/prod...=ACC&prodline=3489&catName=Accessories&man=SX

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUNonWild
#29

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUHost
#www.andale.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUPath
#/img/template.jsp

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUUrl
#http://www.andale.com/img/template.jsp

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub\0\\PRBUHost
#www.google.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\10\PRPPolicySub\0\\PRBUUrl
#www.google.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub\0\\PRBUHost
#www.earlycj5.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\11\PRPPolicySub\0\\PRBUUrl
#www.earlycj5.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub\0
#

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub\0\\PRBUHost
#cgi.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\12\PRPPolicySub\0\\PRBUUrl
#cgi.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub\0\\PRBUHost
#www.andale.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\13\PRPPolicySub\0\\PRBUUrl
#www.andale.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub\0\\PRBUHost
#images.andale.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\14\PRPPolicySub\0\\PRBUUrl
#images.andale.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub\0\\PRBUHost
#search-lvm.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\15\PRPPolicySub\0\\PRBUUrl
#search-lvm.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub\0\\PRBUHost
#63.169.222.33

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\16\PRPPolicySub\0\\PRBUUrl
#63.169.222.33

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub\0\\PRBUHost
#pics.ebaystatic.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\17\PRPPolicySub\0\\PRBUUrl
#pics.ebaystatic.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub\0\\PRBUHost
#www.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\18\PRPPolicySub\0\\PRBUUrl
#www.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub\0\\PRBUHost
#ebay.doubleclick.net

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\19\PRPPolicySub\0\\PRBUUrl
#ebay.doubleclick.net

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUNonWild
#29

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUHost
#as.casalemedia.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUPath
#/s

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUUrl
#http://as.casalemedia.com/s?s=53504&u=webshots.com&f=2&id=7726785031.484814

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub\0\\PRBUHost
#my.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\20\PRPPolicySub\0\\PRBUUrl
#my.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub\0\\PRBUScheme
#https

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub\0\\PRBUHost
#signin.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub\0\\PRBUPort
#443

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\21\PRPPolicySub\0\\PRBUUrl
#signin.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub\0\\PRBUHost
#www.gateway.net

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\22\PRPPolicySub\0\\PRBUUrl
#www.gateway.net

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub\0\\PRBUHost
#www.nextel.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\23\PRPPolicySub\0\\PRBUUrl
#www.nextel.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub\0\\PRBUScheme
#https

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub\0\\PRBUHost
#myaccount.nextel.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub\0\\PRBUPort
#443

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\24\PRPPolicySub\0\\PRBUUrl
#myaccount.nextel.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub\0\\PRBUScheme
#https

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub\0\\PRBUHost
#nextelonline.nextel.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub\0\\PRBUPort
#443

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\25\PRPPolicySub\0\\PRBUUrl
#nextelonline.nextel.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub\0\\PRBUHost
#ads.com.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\26\PRPPolicySub\0\\PRBUUrl
#ads.com.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27
#

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub\0\\PRBUHost
#a.tribalfusion.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\27\PRPPolicySub\0\\PRBUUrl
#a.tribalfusion.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub\0\\PRBUHost
#cgi.msn.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\28\PRPPolicySub\0\\PRBUUrl
#cgi.msn.ebay.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub\0\\PRBUHost
#www.wilenet.org

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\29\PRPPolicySub\0\\PRBUUrl
#www.wilenet.org

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUNonWild
#29

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUHost
#community.webshots.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUPath
#/photo/217799605/217803861yrCrAO

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUUrl
#http://community.webshots.com/photo/217799605/217803861yrCrAO

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub\0\\PRBUScheme
#https

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub\0\\PRBUHost
#wilenet.org

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub\0\\PRBUPort
#443

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\30\PRPPolicySub\0\\PRBUUrl
#wilenet.org

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\0\\PRBUNonWild
#29

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\0\\PRBUHost
#community.webshots.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\0\\PRBUPath
#/photo/217799605/217804046yyNhBk

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\4\PRPPolicySub\0\\PRBUUrl
#http://community.webshots.com/photo/217799605/217804046yyNhBk

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub\0\\PRBUHost
#sa.weatherbug.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\5\PRPPolicySub\0\\PRBUUrl
#sa.weatherbug.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub\0\\PRBUHost
#ad.doubleclick.net

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\6\PRPPolicySub\0\\PRBUUrl
#ad.doubleclick.net

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub\0\\PRBUHost
#pub.weatherbug.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\7\PRPPolicySub\0\\PRBUUrl
#pub.weatherbug.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub\0\\PRBUNonWild
#13

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub\0\\PRBUScheme
#http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub\0\\PRBUHost
#deskwx.weatherbug.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub\0\\PRBUPort
#80

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\8\PRPPolicySub\0\\PRBUUrl
#deskwx.weatherbug.com

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\\PRPPolicyAttribute
#2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\PRPPolicySub
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\PRPPolicySub\\PRNumURLExpressions
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\PRPPolicySub\0
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\PRPPolicySub\0\\PRBUInternetPattern
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\PRPPolicySub\0\\PRBUNonWild
#5

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\PRPPolicySub\0\\PRBUSpecified
#31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\PRPPolicySub\0\\PRBUScheme
#javascript

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\PRPPolicySub\0\\PRBUHost
#richMediaFinished();

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default\0\PRPolicy\9\PRPPolicySub\0\\PRBUUrl
#richMediaFinished();

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername
#0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext
#

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon
#1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon
#1

< KEY HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer (Include SUBKEYS) >


#

< KEY HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies (Include SUBKEYS) >


#

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
#

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
#

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun
#145

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
#

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
#

< KEY HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer (Include SUBKEYS) >


#

 

Took a few posts, but there was no "end of report" at the end. The wrap thing was unchecked.

 

I'm looking over the log, will report back later on tonite.

 

Ok, lets give this Wareout Fix a shot.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
Subratam
Bleeping Computing

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once rebooted please post the text that will open (report.txt) and a new Hijackthis log file into this thread.
If you get a file output similar to below:

Go here and run the fix appropriate to your version of Windows:

http://www.tech-forums.net/computer/topic/29806.html

Then re-run Fixwareout please, thanks.

 

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

 

Logfile of HijackThis v1.99.1
Scan saved at 2:24:48 PM, on 11/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\AOL\1150858310\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\msupd02.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\msupd01106218.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\msupd02.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HJT\hijackthis.exe.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe vmmdiag32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400 "
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150858310\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms] C:\msupd02.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Winstq] c:\msupd01133593.exe
O4 - HKCU\..\Run: [Winsth] C:\msupd01133593.exe
O4 - HKCU\..\Run: [WinMedia] c:\msupd01106218.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Uninstall.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mymail.humana.com/iNotes6W.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) - http://www.one2one.com/static/class/WMOggPlayer.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe