[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ASUS Probe -> %ProgramFiles%\ASUS\Probe\AsusProb.exe -> [Ver = | Size = 617984 bytes | Modified Date = 06/12/2002 16:07:48 | Attr = ]
DU Meter -> %ProgramFiles%\DU Meter\DUMeter.exe -> Hagel Technologies [Ver = 3.02 Build 76 | Size = 1148928 bytes | Modified Date = 23/06/2002 21:19:26 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 22/10/2006 13:22:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 22/10/2006 13:22:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 22/10/2006 13:22:00 | Attr = ]
Run StartupMonitor -> %SystemRoot%\StartupMonitor.exe -> [Ver = | Size = 86016 bytes | Modified Date = 20/05/2000 17:23:48 | Attr = ]
SmcService -> %ProgramFiles%\Sygate\SPF\smc.exe -> Sygate Technologies, Inc. [Ver = 5.5.00.2525 | Size = 2344160 bytes | Modified Date = 24/03/2005 10:30:06 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 15:13:28 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
zwebauth.dll -> %System32%\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 18/09/2001 19:37:34 | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ]
< HOSTS File > (568096 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> ->
HKLM: Search Page -> ->
HKLM: Start Page ->
http://www.msn.com/ ->
HKLM: CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> ->
HKCU: Search Page -> ->
HKCU: Start Page -> about:blank ->
HKCU: CustomizeSearch -> ->
HKCU: SearchAssistant -> ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
img_bleepingcomputer.com
www_bleepingcomputer.com
www_bleepingcomputer.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 01/08/2006 14:27:06 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2284 | Size = 848496 bytes | Modified Date = 01/09/2006 14:00:14 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14/03/2007 03:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
{40B2063F-DB01-4962-BE63-59435C01283C} -> %ProgramFiles%\UKPoker\client.exe [ButtonText: UKPoker] -> Tribeca Tables Europe Limited [Ver = 23, 3132, 0, 0 | Size = 2502656 bytes | Modified Date = 30/05/2006 23:06:12 | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{F4FBA929-A891-492C-A0F6-5C79CC4F1742} -> %ProgramFiles%\HiDownload\hidownload.exe [ButtonText: HiDownload] -> HiDownload Software [Ver = 2.0.0.3 | Size = 812032 bytes | Modified Date = 06/11/2006 14:46:00 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm -> [Ver = | Size = 1507 bytes | Modified Date = 06/11/2005 20:29:06 | Attr = ]
&Get Gutcheck -> Reg Data - Value does not exist -> File not found
Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm -> [Ver = | Size = 630 bytes | Modified Date = 06/11/2005 20:29:06 | Attr = ]
Download All Files by HiDownload -> %ProgramFiles%\HiDownload\HDGetAll.htm -> [Ver = | Size = 662 bytes | Modified Date = 09/06/2003 01:20:00 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{76807617-D33F-4A38-A96D-BE96C5491589} -> () ->
{8FD2343D-CCBB-49DE-9F40-7C2AF75D1F89} -> (1394 Net Adapter) ->
{CDDE24B6-52BD-42C0-9934-503621F4A9D7} -> () ->
{D7A05597-BF58-4894-8983-33A524BA9459} -> (NVIDIA nForce MCP Networking Controller) ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
about -> 4 = Restricted sites (Not a Default Protocol) ->
about: -> 4 = Restricted sites (Not a Default Protocol) ->
mhtml -> 4 = Restricted sites (Not a Default Protocol) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} -> SentinelVE3D Class - CodeBase =
http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab ->
{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> TmHcmsX Control - CodeBase =
http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase =
http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase =
http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->