Port Explorer won't load on my home machine

I wonder if only PE is not properly registering or also other programs with installs?
Remember other user's with registry protections which showed up in the hijackthis log.

 

Hello everyone...
I uninstalled, deleted the registry key suggested, downloaded Fabertoys at home, shut down essentially every running process (necessary reboot included after un and re-install) re-installed and had no success.
I ran Fabertoys and these are the only dependencies that show:
C:\OPSYS\SYSTEM\ADVAPI32.DLL
C:\OPSYS\SYSTEM\GDI32.DLL
C:\OPSYS\SYSTEM\KERNEL32.DLL
C:\OPSYS\SYSTEM\USER32.DLL

I am officially at a loss at this time.
No icon shows up on the command bar, but task manager shows the listing for PE (as a non responding program.
Now what
TIA,
Tom

 

Me again...
regsvr32.exe dcsws2.dll FAILED...
return code was 0x80004005


It is present in c:\opsys\system.
Should I manually edit the registry? If so walk me through (I can use regedit or the Symantec registry editor)
TIA,
Tom

 

Oops! including the dcsws2.dll and lots of others -- i just check and faber toys shows me some 43 files in the PE dependencies.

Did you update and patch your windows and IE on that system till the most recent updates?

>c:\opsys\system
is that the real pathname or do you mean windows\system ?

 

That is the path name...
Since some malwarez are hard-coded to look for a "Windows" entry, it was recommended that when re-installing windows to change the name to something else... OPSYS was suggested, so I used it.
Yes, all updates are done on a regular basis, to Windows and IE.
I also found about 7 or 8 entries when I did a registry search for "Port Explorer" after uninstalling, but they were in ?octal? entries, and that is over my head.
Only one actually named port explorer, and I deleted that sub-key. (after un-install).
Puzzled in Florida,
Tom

 

Waiting for the DCS team to react on this or somebody else who really knows.
Is all the rest on your system running just fine as it should, also with installing anything?
This moment PE is uninstalled?

 

Everything else works, installs, etc...
PE installed, non functional.
I'd be willing to allow one of the DCS team access to my machine if they thought it would help.
Tom

 

Think many of us would like that!
Could you have a try with the hijackthis if there is anything strange?
Quoting Pieter from another posting in the forum
"Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet."

Maybe we see something strange, not expecting, but never know.

 

Downloaded at work, will repeat at home.
Thanks for the link.
Tom

 

I have uninstalled PE, run Hijackthis (neat program!)
and below is what it "saw" with my normal boot (less wormguard, I think... it's getting confusing
If one of you could explain how someone could "hijack" any of this stuff, I'd appreciate it!
Roll your sleeves up, long read ahead

As usual,Thanks in advance...
Tom


Logfile of HijackThis v1.96.0
Scan saved at 4:52:56 PM, on 8/8/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\OPSYS\SYSTEM\KERNEL32.DLL
C:\OPSYS\SYSTEM\MSGSRV32.EXE
C:\OPSYS\SYSTEM\MPREXE.EXE
C:\OPSYS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\OPSYS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\OPSYS\SYSTEM\MSTASK.EXE
C:\OPSYS\EXPLORER.EXE
C:\OPSYS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\OPSYS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\VTRAY.EXE
C:\OPSYS\STARTER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\OPSYS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\OPSYS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ewol.com/
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\OPSYS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\OPSYS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\OPSYS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [VoyetraTray] C:\PROGRAM FILES\VOYETRA\AUDIOSTATION2\VTRAY.EXE /s
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\OPSYS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\OPSYS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Image.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\IMAGE32.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Download with &FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O8 - Extra context menu item: Download &All by FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Look for Spybot-S&&D updates (HKLM)
O9 - Extra 'Tools' menuitem: Look for Spybot-S&&D updates (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37595.119375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

 

Congratulations, looks really neat and clean!
The "guys who know" introduced it in the forums and get really much info from it with which they help out people from lots of trouble if it's caused in that area.
If you like tools like these, yiou'll also love on the DCS site in the free tools the AutoStartViewer, which gives the registry keys with those items and possibilities to make your corrections.

WG won't show up as it's running completely in the background, even without using any resources, only jumping up when needed.
You might like to disable that Norton Script blocker.
In the TDS forum here you will see how that one caused Blaze to be unable to run any scripts he wanted to run with TDS till he disabled it, while protected well with WG.

Does Nprotect stay up to disable your proper installation of PE in this case or did you close that too during install?
And you see the symantec registry check, does it only check for malicious changes or also protect it to avoid changes to be made at all like with an install?

I'm trying to remember what i read about IOMEGA --might have been just settings or special patches in windows which you probably have.

There are thousands of win98 and/or dell users who all succeeded in installing and running PE properly so we'll find it all together. Fortunately your system is so very clean. Did you try that LSPfix i mentioned far above with the link to the other thread where you can see why Jason recommended that to another user and what to do with it? (little screenshot -- is also a very little nice tool you'll like)

Some user needed to uninstall her firewall and first install PE and after the fw back, if i remember well that was on an XP system --hundreds don't need that, and somebody can run into that necessity; has to do with the layered structure.

Would keep it for the moment as it is, waiting for more comments/suggestions,
run that LSPfix, (probably all is ok)
close down all those norton/symantec blockers/protectors during installation
and try that installation again.

Hope others jump into the details of the hijackthis log -- and if there are more suggestions......

 

Good morning,
Thanks (I think ) for the compliment...
Not really sure what you mean by clean, though. I never have cared for resource hogs and TSR's so I guess that's your inferral.

The Symantec registry editor is like regedit on steroids... there is a registery logger, but it gave problems so I discontinued using it.

I will disable the script blocker, although AFAIK, it simply stops web sites and malicious e-mail routines from running.

Did you mean ISPfix or LSPfix?

I disabled via the task manager everything except explorer and (another one or two things required to keep the system running) before the install.

I looked at the dependencies (at work) for PE, and you were correct... a ton of them compared to the 4 I saw on this one.

Thanks again,
Tom

 

OK LSPfix...
Shows only 4 entries, and doesn't want "fix" anything.
So I guess that all is right in the socket2 areas.
Tom

 

Hi again, yes i really made you a compliment. If you surf around in the forums here and look at some people's hijackthis logs with hair-raising entries in them at times, one wonders how people can live in their computers, but ok, at least they use them and we try to keep them safe!

It's good your LSPfix was ok and nothing to fix, so now waiting for the hijackthis specialists and DCS team and maybe others with a clear idea to jump in.

The unblocking scripts is more my special idea if you like to be able to run the TDS scripts --which i really do myself!-- not related to this PE problem.
If you ran an SFC there was nothing special to fix either in files, was there?

 

Back again...
I uninstalled, turned EVERYTHING off (not just "end task", but went into ZA, NAV, etc. and shut down autoload, disabled, what ever it took. Rebooted, went into task manager and shut down everything but explorer and one other (Systray, I think) and re-installed.
Got the reboot and successfull install notice and rebooted.
There was no "updating system files" notices at boot (and I can see all processes during boot time, I wanna KNOW as much as I can what's going on in my 'puter).
When I restarted, I went to the PE directory and checked to make sure the keyfile was there, copied into memory (clipboard) the code to unlock it and with great expectations tried to fire PE up... \
Hijackthis dependencies showed only the four files seen before.
I am at my wits end .
Tom

 

Think you mean Faber toys showed the 4 files.
There is definitely something blocking a proper installation, but what can it be?
Wayting for the DCS team, we have one good part they are located in Australia so their weekend is over 6 hours sooner then ours overhere.
First time i see such a stubborn refusal and i am very sorry this happens with you and you're going through so much trouble.

Jason's question was unanswered: did you run the evaluation version on your system successfully prior to this?
And help my memory again if you like: did you also try the installation in safe mode? think you did?

 

Did you ever use tools like HTAstop or Dostop from (www.?) nsclean.com?
I remember i had big trouble long ago which blocked changed settings and registry items, and i even didn't remember if i ever installed those tools.
Anyway to make sure i did not have them installed i grabbed that dostop tool and disabled and enabled it on/off several times, ending with disabling it and since i was rid of those unwanted registry protections and i could configure my system back to normal and install/register properly.
If installing in safe mode --you might like to go into safe mode and try first if the registration of that dll works there before again going through all that with uninstalling deleting and rebooting again into safe mode and try to install from there........

You disabled and closed everything you said, did you also think of disabling the WormGuard protection during that? Easy to forget as it is invisible and doesn't show up in the taskmanager. Normally it is not really necessary, but something is absolutely blocking your system, so try everything you can think of.
Are there any more hidden programs?

Unfortunately i can not tell you the 7 or 8 times you see Port Explorer anywhere after uninstalling it in the registry.
Are you able to post those items here? (if necessary a screenshot)

 

Oops, Fabertoys it was.
Yes WG was unloaded.
No, haven't ever used the two programs mentioned (and probably won't now <BG>).
No and no to demo on this machine or safemode install.
Don't know if I can cut and paste from Symantec's registry editor in the window the individual entries come up. But I will try tomorrow.
For today, I've had it... up at 4AM, messed with this a while, worked on some woodworking projects a while then started digging a planter area for my better half.
I'm pooped, enough so I might do something dumb from sheer exhaustion.
To quote MacArthur... "I shall return"
Tom

 

Very good to do something different at times, and something with hands and body like gardening or walking can be very refreshing, certainly when one actually sees something succeeding like a flower growing or a cooked meal looking nice on our plate and tasting good, the other enjoyments in life!

Expecting you back!

I mean with the dostop i most probably never had used it either but using it to unblock whatever was blocking in my system helped, so as i have the idea something is blocking your registry (maybe the symantec registry tool!) it's just an idea.
You can also just in Start > Run > Regedit
and once there Find and there you type Port Explorer
and copy somehow what you see without making any changes yet.
If the symantec tool is able to display them all at a time would be great.
Rather often if there is no copy or save to clipboard button it's possible to rightclick with the mouse in a window and press the contr+c (maybe contr+a first to select the whole window) and contr+v in a notepad or other editer could copy it there.
As long as contr+c is no hotkey for the program to do other things. Would not like you to run into terrible things beyond repair, certainly not with the registry.
Another way is press printscreen (or alt+printscreen), open paint and paste in the edit and you have your screenshot which you can cut what you need and save as jpg or something else.

 

Well I fired up in safemode and just for grins started PE... It ran, asked for the unlock code and accepted it.
There was zero data though, and I don't know if this was due to being in safe mode or because some file wasn't properly registerred.
Next I'll try re-registerring while in safe mode and see what happens.
Still plugging away,
Tom

 

I tried screen shots of the various registry keys...
Since screen position was one of the points brought up I have one showing just that setting: attached.
I also backed up and compressed my entire registry (a little over 1 meg compressed).
I'd upload it except for the 100 kb limit.
Tom

 

Hi Tom,
You can make a partial export from your Registry.
In Regedit go to: HKEY_LOCAL_MACHINE\SOFTWARE\Diamond Computer Systems\Port Explorer
then click Registry > Export Registry File
Save it and then you can paste/attach it here.

btw you won't have much fun from PE while in Save Mode

Dolf

 

The unlock code should be used only once, and of course the whole internet community now wants to know if you now can fire PE up in normal mode as well and if so and you look in Faber Toys if you have a bunch of files running or just a few!

So with this in the safe mode you now know something is really blocking your system from proper installation and registering dll-s properly! There should at least be some dialogue option asking if you do allow dll X to register.

Seeing Dollefie posted in the meantime, i forgot that option (was half thinking of the symantec tool)
and i hoped you can collect that way all the places where the name is mentioned in the registry.

 

Greetings from the land of frustration!
I cannot run PE in normal mode, the same 4 or 5 dependencies still show up (no more) in Fabertoys.
I manually unregistered with success, then manually re-registered successfully.
Rebooted and still no running PE.
Below is the exported key:
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Diamond Computer Systems\Port Explorer]
"Language"=dword:00000002
"System Text Color2"=dword:eb6922b8
"Background Color1"=dword:107e67f9
"PortExplorerVersion"=dword:000006a4
"Auto Refresh"=dword:00000001
"Refresh Interval"=dword:000003e8
"New Socket Time"=dword:00000bb8
"Dead Socket Time"=dword:00000bb8
"List Display"=dword:00000000
"Minimize To Tray"=dword:00000001
"Reduce Memory Usage"=dword:00000000
"Resolve Addresses"=dword:00000000
"Hide NetStat"=dword:00000000
"Background Color"=dword:00ffffff
"Normal Text Color"=dword:00000000
"System Text Color"=dword:00ff0000
"Hidden Text Color"=dword:000000e6
"Selected Text Color"=dword:00ffffff
"Selected Background Color"=dword:00800000
"Dead Socket Background Color"=dword:009999ff
"New Socket Background Color"=dword:0099ff99
"Large Icons"=dword:00000000
"Always On Top"=dword:00000000
"Font Family"="Verdana"
"Font Weight"=dword:00000190
"Font Italic"=dword:00000000
"Show Log Window"=dword:00000001
"Window Logging"=dword:000001f4
"File Logging"=dword:00000000
"Grid Enabled"=dword:00000000
"Disable Sorting"=dword:00000000
"Split Height"=dword:00000064
"column0"=dword:00000064
"columnorder0"=dword:00000000
"column1"=dword:00000064
"columnorder1"=dword:00000002
"column2"=dword:0000003c
"columnorder2"=dword:0000000b
"column3"=dword:00000028
"columnorder3"=dword:00000003
"column4"=dword:0000005a
"columnorder4"=dword:00000004
"column5"=dword:00000032
"columnorder5"=dword:00000005
"column6"=dword:00000064
"columnorder6"=dword:00000006
"column7"=dword:00000032
"columnorder7"=dword:00000007
"column8"=dword:00000050
"columnorder8"=dword:00000008
"column9"=dword:00000064
"columnorder9"=dword:00000009
"column10"=dword:0000003c
"columnorder10"=dword:0000000a
"column11"=dword:0000003c
"columnorder11"=dword:00000001
"column_0"=dword:00000064
"columnorder_0"=dword:00000000
"column_1"=dword:00000064
"columnorder_1"=dword:00000001
"column_2"=dword:0000003c
"columnorder_2"=dword:00000002
"column_3"=dword:00000028
"columnorder_3"=dword:00000003
"column_4"=dword:0000005a
"columnorder_4"=dword:00000004
"column_5"=dword:00000032
"columnorder_5"=dword:00000005
"column_6"=dword:00000064
"columnorder_6"=dword:00000006
"column_7"=dword:00000032
"columnorder_7"=dword:00000007
"column_8"=dword:00000050
"columnorder_8"=dword:00000008
"column_9"=dword:00000050
"columnorder_9"=dword:00000009
"Window"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,fa,ff,ff,ff,0e,00,00,00,86,02,00,00,d0,01,00,00

This stuff is WAYYYY over my head, I never got "eddicated" at this level.
Tom

 

Here are all of the keys found:
1.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Programs\Port Explorer]
"Order"=hex:08,00,00,00,02,00,00,00,04,02,00,00,01,00,00,00,08,00,00,00,40,00,\
00,00,fb,ff,ff,ff,31,00,32,00,a5,01,00,00,09,2f,94,8b,20,00,44,69,61,6d,6f,\
6e,64,43,53,20,57,65,62,73,69,74,65,2e,6c,6e,6b,00,44,49,41,4d,4f,4e,7e,31,\
2e,4c,4e,4b,00,00,00,00,05,00,00,00,3e,00,00,00,fb,ff,ff,ff,30,00,32,00,ad,\
01,00,00,09,2f,94,8b,20,00,4f,72,64,65,72,20,46,6f,72,6d,20,28,50,44,46,29,\
2e,6c,6e,6b,00,4f,52,44,45,52,46,7e,31,2e,4c,4e,4b,00,00,00,05,00,00,00,3e,\
00,00,00,fb,ff,ff,ff,30,00,32,00,ad,01,00,00,09,2f,94,8b,20,00,4f,72,64,65,\
72,20,46,6f,72,6d,20,28,54,58,54,29,2e,6c,6e,6b,00,4f,52,44,45,52,46,7e,32,\
2e,4c,4e,4b,00,00,00,05,00,00,00,40,00,00,00,fb,ff,ff,ff,32,00,32,00,a2,01,\
00,00,09,2f,94,8b,20,00,50,6f,72,74,20,45,78,70,6c,6f,72,65,72,20,48,65,6c,\
70,2e,6c,6e,6b,00,50,4f,52,54,45,58,7e,32,2e,4c,4e,4b,00,00,00,05,00,00,00,\
44,00,00,00,fb,ff,ff,ff,35,00,32,00,b1,01,00,00,09,2f,94,8b,20,00,50,6f,72,\
74,20,45,78,70,6c,6f,72,65,72,20,57,65,62,73,69,74,65,2e,6c,6e,6b,00,50,4f,\
52,54,45,58,7e,33,2e,4c,4e,4b,00,00,00,00,05,00,00,00,3c,00,00,00,fb,ff,ff,\
ff,2d,00,32,00,b6,01,00,00,09,2f,94,8b,20,00,50,6f,72,74,20,45,78,70,6c,6f,\
72,65,72,2e,6c,6e,6b,00,50,4f,52,54,45,58,7e,31,2e,4c,4e,4b,00,00,00,00,05,\
00,00,00,44,00,00,00,fb,ff,ff,ff,36,00,32,00,aa,01,00,00,09,2f,94,8b,20,00,\
52,65,67,69,73,74,65,72,20,50,6f,72,74,20,45,78,70,6c,6f,72,65,72,2e,6c,6e,\
6b,00,52,45,47,49,53,54,7e,31,2e,4c,4e,4b,00,00,00,05,00,00,00,38,00,00,00,\
fb,ff,ff,ff,29,00,32,00,8a,01,00,00,09,2f,94,8b,20,00,55,6e,69,6e,73,74,61,\
6c,6c,2e,6c,6e,6b,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,00,00,05,00,\
00,00

2.
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Gentee\Paths]
"Wormguard v3.1"="C:\\Wormguard"
"Port Explorer"="C:\\PROGRAM FILES\\PORT EXPLORER\\"

3.
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DiamondCS Port Explorer_is1]
"Inno Setup: Setup Version"="My Inno Setup Extensions 3.0.6.1"
"Inno Setup: App Path"="C:\\Program Files\\Port Explorer"
"Inno Setup: Icon Group"="Port Explorer"
"Inno Setup: User"="No one"
"Inno Setup: Selected Tasks"="desktopicon,LanguageEnglish"
"Inno Setup: Deselected Tasks"="quicklaunchicon,LanguageDutch,LanguageFrench,LanguageGerman,LanguageItalian,LanguagePortugese,LanguageSpanish,LanguageSwedish"
"DisplayName"="DiamondCS Port Explorer v1.700"
"DisplayIcon"="C:\\Program Files\\Port Explorer\\portexplorer.exe"
"UninstallString"="\"C:\\Program Files\\Port Explorer\\unins000.exe\""
"URLInfoAbout"="http://www.diamondcs.com.au/portexplorer"
"HelpLink"="http://www.diamondcs.com.au/portexplorer"
"URLUpdateInfo"="http://www.diamondcs.com.au/portexplorer"

4.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\&Programs\Port Explorer]
"Order"=hex:08,00,00,00,02,00,00,00,04,02,00,00,01,00,00,00,08,00,00,00,40,00,\
00,00,fb,ff,ff,ff,31,00,32,00,a5,01,00,00,09,2f,94,8b,20,00,44,69,61,6d,6f,\
6e,64,43,53,20,57,65,62,73,69,74,65,2e,6c,6e,6b,00,44,49,41,4d,4f,4e,7e,31,\
2e,4c,4e,4b,00,00,00,00,05,00,00,00,3e,00,00,00,fb,ff,ff,ff,30,00,32,00,ad,\
01,00,00,09,2f,94,8b,20,00,4f,72,64,65,72,20,46,6f,72,6d,20,28,50,44,46,29,\
2e,6c,6e,6b,00,4f,52,44,45,52,46,7e,31,2e,4c,4e,4b,00,00,00,05,00,00,00,3e,\
00,00,00,fb,ff,ff,ff,30,00,32,00,ad,01,00,00,09,2f,94,8b,20,00,4f,72,64,65,\
72,20,46,6f,72,6d,20,28,54,58,54,29,2e,6c,6e,6b,00,4f,52,44,45,52,46,7e,32,\
2e,4c,4e,4b,00,00,00,05,00,00,00,40,00,00,00,fb,ff,ff,ff,32,00,32,00,a2,01,\
00,00,09,2f,94,8b,20,00,50,6f,72,74,20,45,78,70,6c,6f,72,65,72,20,48,65,6c,\
70,2e,6c,6e,6b,00,50,4f,52,54,45,58,7e,32,2e,4c,4e,4b,00,00,00,05,00,00,00,\
44,00,00,00,fb,ff,ff,ff,35,00,32,00,b1,01,00,00,09,2f,94,8b,20,00,50,6f,72,\
74,20,45,78,70,6c,6f,72,65,72,20,57,65,62,73,69,74,65,2e,6c,6e,6b,00,50,4f,\
52,54,45,58,7e,33,2e,4c,4e,4b,00,00,00,00,05,00,00,00,3c,00,00,00,fb,ff,ff,\
ff,2d,00,32,00,b6,01,00,00,09,2f,94,8b,20,00,50,6f,72,74,20,45,78,70,6c,6f,\
72,65,72,2e,6c,6e,6b,00,50,4f,52,54,45,58,7e,31,2e,4c,4e,4b,00,00,00,00,05,\
00,00,00,44,00,00,00,fb,ff,ff,ff,36,00,32,00,aa,01,00,00,09,2f,94,8b,20,00,\
52,65,67,69,73,74,65,72,20,50,6f,72,74,20,45,78,70,6c,6f,72,65,72,2e,6c,6e,\
6b,00,52,45,47,49,53,54,7e,31,2e,4c,4e,4b,00,00,00,05,00,00,00,38,00,00,00,\
fb,ff,ff,ff,29,00,32,00,8a,01,00,00,09,2f,94,8b,20,00,55,6e,69,6e,73,74,61,\
6c,6c,2e,6c,6e,6b,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,00,00,05,00,\
00,00

That's it...
All of the keys found by Symantec regedit.
Don't know what happened to the others referred to earlier.
Tom