Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Is this spyware?

Started by cdalbon , Jan 08 2007 09:51 PM

  • Please log in to reply

#16
cdalbon
Posted 12 January 2007 - 08:26 PM

cdalbon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
What is my next move? :whistling:
  • 0

Advertisements

#17
loophole
Posted 13 January 2007 - 04:29 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Please download SilentRunners from here:
http://www.silentrun...ent Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.
  • 0

#18
cdalbon
Posted 13 January 2007 - 08:41 AM

cdalbon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"none" = "C:\Program Files\Video ActiveX Object\pmsngr.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Dell Photo AIO Printer 922" = ""C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"" [empty string]
"DLBTCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"DIGStream" = "C:\Program Files\DIGStream\digstream.exe" ["Walt Disney Internet Group"]
"DIGServices" = "C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24" ["Walt Disney Internet Group"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"coverMyTracks" = "*i" (unwritable string) [file not found]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"TraySantaCruz" = "C:\WINDOWS\system32\tbctray.exe" ["Voyetra Turtle Beach, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TDS-3\(Default) = "{E8ADA3E1-CE9B-44A0-A165-997304EF4E18}"
-> {HKLM...CLSID} = "TDS3_Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\tds3shl.dll" [empty string]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
TDS-3\(Default) = "{E8ADA3E1-CE9B-44A0-A165-997304EF4E18}"
-> {HKLM...CLSID} = "TDS3_Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\tds3shl.dll" [empty string]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Default executables:
--------------------

HKCU\Software\Classes\.bat\(Default) = (value not set)

HKCU\Software\Classes\.cmd\(Default) = (value not set)

HKCU\Software\Classes\.com\(Default) = (value not set)

HKCU\Software\Classes\.exe\(Default) = (value not set)

HKCU\Software\Classes\.hta\(Default) = "htafile"


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Porsche Carrera GT.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Porsche Carrera GT.bmp"


Startup items in "Carl" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"Norton AntiVirus - Run Full System Scan - Carl" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{40D41A8B-D79B-43D7-99A7-9EE0F344C385}"
-> {HKLM...CLSID} = "AIM Search"
\InProcServer32\(Default) = "C:\Program Files\AIM Toolbar\AIMBar.dll" ["America Online, Inc"]
"{C4069E3A-68F1-403E-B40E-20066696354B}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
dlbt_device, dlbt_device, "C:\WINDOWS\system32\dlbtcoms.exe -service" ["Dell"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Protection Center Service, NSCService, ""C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]
SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Dell 922 Port\Driver = "dlbtlmpm.DLL" ["Dell"]
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 178 seconds, including 5 seconds for message boxes)
  • 0

#19
loophole
Posted 15 January 2007 - 02:39 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Please open Notepad, and copy/paste the code in the white box below into a new text file. Save it as "fix.reg" WITH THE QUOTES and save it on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"none"=- 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-

after saving as instructed above, please close notepad. You will now have a file on your desktop called fix.reg. Please double click it and allow it to merge with the registry

Reboot

Let me know how the computer is running and if you can get combofix to run
  • 0

#20
cdalbon
Posted 15 January 2007 - 02:52 PM

cdalbon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Did as you asked. It said not allowed. It was not registry script :whistling:
Hope I am not getting to be a PITA
  • 0

#21
loophole
Posted 15 January 2007 - 03:02 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Funny that it is.

Are you familiar with working in the registry?
  • 0

#22
cdalbon
Posted 15 January 2007 - 05:02 PM

cdalbon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I know regedit.exe is not a good place to go if you are a neophyte. I have been there but have never removed anything. Can you guide me through it, or should I just get a clean-install? :whistling:
  • 0

#23
loophole
Posted 16 January 2007 - 06:38 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Lets go this route

Download WinPfind (By OldTimer) and unzip it to the desktop
  • Open the winpfind3u folder
  • Doubleclick the WinPFind3U.exe
  • Click the "Run scan" button (top left corner)
  • Allow it to scan (will take a few minute)
  • Notepad will open with some text Copy/paste it into this thread

  • 0

#24
cdalbon
Posted 17 January 2007 - 06:00 AM

cdalbon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
WinPFind3 logfile created on: 1/17/2007 6:33:06 AM
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\Carl\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

261424 Kb Total Physical Memory | 101636 Kb Available Physical Memory | 38.88% Memory free
436400 Kb Paging File | 140672 Kb Available in Paging File | 32.23% Paging File free
Paging file location(s): C:\pagefile.sys 192 384;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19518940 Kb Total Space | 9749624 Kb Free Space | 49.95% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 0, 0, 21 | Size = 86606 bytes | Modified Date = 6/2/2005 2:54:34 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 11/21/2006 5:38:28 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 11/21/2006 5:38:28 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 11/21/2006 5:38:32 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 11/21/2006 5:38:40 PM | Attr = ]
digservices.exe -> %ProgramFiles%\ESPNRunTime\DIGServices.exe -> Walt Disney Internet Group [Ver = 1.0.0.0016 | Size = 101888 bytes | Modified Date = 10/31/2005 11:18:48 AM | Attr = ]
digstream.exe -> %ProgramFiles%\DIGStream\digstream.exe -> Walt Disney Internet Group [Ver = 2.3.1.0006 | Size = 278528 bytes | Modified Date = 10/31/2005 11:05:44 AM | Attr = ]
dlbtbmgr.exe -> %ProgramFiles%\Dell Photo AIO Printer 922\dlbtbmgr.exe -> [Ver = 1.0.15.4 | Size = 290816 bytes | Modified Date = 11/10/2004 2:36:00 PM | Attr = ]
dlbtbmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 922\dlbtbmon.exe -> [Ver = 1.0.15.4 | Size = 102400 bytes | Modified Date = 11/10/2004 2:59:26 PM | Attr = ]
ewidoctrl.exe -> %ProgramFiles%\ewido anti-malware\ewidoctrl.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 13888 bytes | Modified Date = 11/30/2005 4:47:52 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 12/12/2006 10:12:18 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 139936 bytes | Modified Date = 10/17/2006 1:44:18 PM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 46752 bytes | Modified Date = 10/17/2006 1:44:40 PM | Attr = ]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/11/2005 8:53:00 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 3:03:02 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 11/3/2005 7:06:22 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.826 | Size = 1123008 bytes | Modified Date = 4/15/2006 10:07:00 AM | Attr = ]
tbctray.exe -> %System32%\tbctray.exe -> Voyetra Turtle Beach, Inc. [Ver = 5.12.01.4141-2929 | Size = 290816 bytes | Modified Date = 12/15/2001 7:40:28 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 1/12/2007 4:20:26 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 0, 0, 21 | Size = 86606 bytes | Modified Date = 6/2/2005 2:54:34 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 192104 bytes | Modified Date = 11/21/2006 5:38:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 169576 bytes | Modified Date = 11/21/2006 5:38:40 PM | Attr = ]
(dlbt_device) dlbt_device [Win32_Own | On_Demand | Stopped] -> %System32%\dlbtcoms.exe -> Dell [Ver = 1.27.33.0 | Size = 421888 bytes | Modified Date = 10/25/2004 4:01:52 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(ewido security suite control) ewido security suite control [Win32_Own | Auto | Running] -> %ProgramFiles%\ewido anti-malware\ewidoctrl.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 13888 bytes | Modified Date = 11/30/2005 4:47:52 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 139936 bytes | Modified Date = 10/17/2006 1:44:18 PM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.6.0.1 | Size = 46752 bytes | Modified Date = 10/17/2006 1:44:40 PM | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 12/15/2006 1:36:28 PM | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.1.4 | Size = 198416 bytes | Modified Date = 12/19/2005 7:41:56 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 3:03:02 PM | Attr = ]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 11/3/2005 7:06:22 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.826 | Size = 1123008 bytes | Modified Date = 4/15/2006 10:07:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.13.2 | Size = 52840 bytes | Modified Date = 11/21/2006 5:38:28 PM | Attr = ]
coverMyTracks -> -> File not found
Dell Photo AIO Printer 922 -> %ProgramFiles%\Dell Photo AIO Printer 922\dlbtbmgr.exe -> [Ver = 1.0.15.4 | Size = 290816 bytes | Modified Date = 11/10/2004 2:36:00 PM | Attr = ]
DIGServices -> %ProgramFiles%\ESPNRunTime\DIGServices.exe -> Walt Disney Internet Group [Ver = 1.0.0.0016 | Size = 101888 bytes | Modified Date = 10/31/2005 11:18:48 AM | Attr = ]
DIGStream -> %ProgramFiles%\DIGStream\digstream.exe -> Walt Disney Internet Group [Ver = 2.3.1.0006 | Size = 278528 bytes | Modified Date = 10/31/2005 11:05:44 AM | Attr = ]
DLBTCATS -> %System32%\spool\drivers\w32x86\3\dlbttime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 69632 bytes | Modified Date = 11/9/2004 4:41:32 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/11/2005 8:53:00 PM | Attr = ]
TraySantaCruz -> %System32%\tbctray.exe -> Voyetra Turtle Beach, Inc. [Ver = 5.12.01.4141-2929 | Size = 290816 bytes | Modified Date = 12/15/2001 7:40:28 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.7 | Size = 307200 bytes | Modified Date = 8/18/2005 1:49:06 PM | Attr = R ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/24/2005 1:05:26 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{54D9498B-CF93-414F-8984-8CE7FDE0D391} [HKLM] -> %ProgramFiles%\ewido anti-malware\shellhook.dll [ewido shell guard] -> [Ver = | Size = 39488 bytes | Modified Date = 9/30/2004 7:21:56 AM | Attr = ]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{8d8c2387-7f80-4022-9be6-43630a969558} [HKLM] -> Reg Data - Key not found [carbinyl] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\none -> C:\Program Files\Video ActiveX Object\pmsngr.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKCU: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 10/17/2006 1:44:30 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 10/17/2006 1:44:30 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 5/6/2005 1:43:22 PM | Attr = ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 10/17/2006 1:44:30 PM | Attr = ]
WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8198 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8201 - Reg Data - Key not found ->
{686C970F-1D7D-4469-85D1-4B35763B56CC} -> 8195 - Reg Data - Key not found ->
{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> 8199 - Reg Data - Key not found ->
{946B3E9E-E21A-49c8-9F63-900533FAFE15} -> 8200 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8193 - Reg Data - Key not found ->
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -> 8194 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8203 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 3:21:54 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll\aimsearch.htm -> File not found
&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2219 | Size = 49198 bytes | Modified Date = 12/11/2005 8:53:10 PM | Attr = ]
< Approved Shell Extensions [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [Ver = | Size = 561209 bytes | Modified Date = 5/19/2001 9:57:40 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 10/17/2006 1:44:30 PM | Attr = ]
{E8ADA3E1-CE9B-44A0-A165-997304EF4E18} [HKLM] -> %System32%\tds3shl.dll [TDS-3] -> [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 6/11/2003 5:05:06 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{E8ADA3E1-CE9B-44A0-A165-997304EF4E18} [HKLM] -> %System32%\tds3shl.dll [TDS-3] -> [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 6/11/2003 5:05:06 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 12.6.0.1 | Size = 140960 bytes | Modified Date = 10/17/2006 1:44:30 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 1:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
iebar -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{9CB051B5-B0A3-4DCE-9DDE-8DF77E670CCB} -> (D-Link DFE-550TX 10/100 Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky...can_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} -> Microsoft PID Sniffer - CodeBase = https://support.micr...ActiveX/odc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://www.pandasoft.../as5/asinst.cab ->
{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -> Symantec Download Bridge - CodeBase = https://a248.e.akama...ol/SymDlBrg.cab ->
{B49C4597-8721-4789-9250-315DFBD9F525} -> IWinAmpActiveX Class - CodeBase = http://cdn.digitalci....1.11_en_dl.cab ->
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macr...ash/swflash.cab ->


[Files - Created Wihin 30 days]
EPERSIST.DAT -> %CommonProgramFiles%\Symantec Shared\eengine\EPERSIST.DAT -> [Ver = | Size = 48 bytes | Created Date = 1/10/2007 6:00:51 PM | Attr = ]
2007-01-16-7bdf.kc -> %CommonProgramFiles%\Symantec Shared\SPBBC\2007-01-16-7bdf.kc -> [Ver = | Size = 162360 bytes | Created Date = 1/16/2007 7:10:58 PM | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\CATALOG.DAT -> [Ver = | Size = 3406 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
CCERASER.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\CCERASER.DLL -> Symantec Corporation [Ver = 106.3.3.2 | Size = 2406200 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
EECTRL.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\EECTRL.SYS -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
ERASER.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\ERASER.GRD -> [Ver = | Size = 232 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
ERASER.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\ERASER.SIG -> [Ver = | Size = 2261 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
ERASER.SPM -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\ERASER.SPM -> [Ver = | Size = 2320 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
ERASER.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\ERASER.SYS -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
ESRDEF.BIN -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\ESRDEF.BIN -> [Ver = | Size = 3137912 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
NAVENG.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\NAVENG.EXP -> [Ver = | Size = 13040 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
NAVENG.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
NAVENG.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\NAVENG.VXD -> [Ver = | Size = 89674 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
NAVENG32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\NAVENG32.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
NAVEX15.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\NAVEX15.EXP -> [Ver = | Size = 13232 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
NAVEX15.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
NAVEX15.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\NAVEX15.VXD -> [Ver = | Size = 994379 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
NAVEX32A.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\NAVEX32A.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
SYMAVENG.CAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
SYMAVENG.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\SYMAVENG.INF -> [Ver = | Size = 1061 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
SYMERASE.CAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\SYMERASE.CAT -> [Ver = | Size = 8399 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
SYMERASE.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\SYMERASE.INF -> [Ver = | Size = 580 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\TCDEFS.DAT -> [Ver = | Size = 187615 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\TCSCAN7.DAT -> [Ver = | Size = 1178389 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\TCSCAN8.DAT -> [Ver = | Size = 323950 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\TCSCAN9.DAT -> [Ver = | Size = 729881 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\V.GRD -> [Ver = | Size = 5053 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\V.SIG -> [Ver = | Size = 2269 bytes | Created Date = 12/31/2006 1:52:39 PM | Attr = ]
VIRSCAN.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN.INF -> [Ver = | Size = 106244 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN1.DAT -> [Ver = | Size = 974588 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN2.DAT -> [Ver = | Size = 569976 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN3.DAT -> [Ver = | Size = 147296 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN5.DAT -> [Ver = | Size = 3126633 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN6.DAT -> [Ver = | Size = 390030 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN7.DAT -> [Ver = | Size = 5498638 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN8.DAT -> [Ver = | Size = 1653865 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCAN9.DAT -> [Ver = | Size = 3969026 bytes | Created Date = 12/31/2006 1:52:40 PM | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 12/31/2006 1:52:41 PM | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Created Date = 1/1/2007 4:37:38 AM | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20061231.008\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 12/31/2006 1:52:41 PM | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\CATALOG.DAT -> [Ver = | Size = 3406 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
CCERASER.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\CCERASER.DLL -> Symantec Corporation [Ver = 106.3.3.2 | Size = 2406200 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
EECTRL.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\EECTRL.SYS -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
ERASER.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\ERASER.GRD -> [Ver = | Size = 232 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
ERASER.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\ERASER.SIG -> [Ver = | Size = 2261 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
ERASER.SPM -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\ERASER.SPM -> [Ver = | Size = 2320 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
ERASER.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\ERASER.SYS -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
ESRDEF.BIN -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\ESRDEF.BIN -> [Ver = | Size = 3143103 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
NAVENG.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\NAVENG.EXP -> [Ver = | Size = 13040 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
NAVENG.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
NAVENG.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\NAVENG.VXD -> [Ver = | Size = 89674 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
NAVENG32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\NAVENG32.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
NAVEX15.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\NAVEX15.EXP -> [Ver = | Size = 13232 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
NAVEX15.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
NAVEX15.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\NAVEX15.VXD -> [Ver = | Size = 994379 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
NAVEX32A.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\NAVEX32A.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
SYMAVENG.CAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
SYMAVENG.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\SYMAVENG.INF -> [Ver = | Size = 1061 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
SYMERASE.CAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\SYMERASE.CAT -> [Ver = | Size = 8399 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
SYMERASE.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\SYMERASE.INF -> [Ver = | Size = 580 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\TCDEFS.DAT -> [Ver = | Size = 187698 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\TCSCAN7.DAT -> [Ver = | Size = 1187984 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\TCSCAN8.DAT -> [Ver = | Size = 324094 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\TCSCAN9.DAT -> [Ver = | Size = 732511 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\V.GRD -> [Ver = | Size = 5053 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\V.SIG -> [Ver = | Size = 2269 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
VIRSCAN.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN.INF -> [Ver = | Size = 106244 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN1.DAT -> [Ver = | Size = 974995 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN3.DAT -> [Ver = | Size = 147332 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN5.DAT -> [Ver = | Size = 3152296 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN6.DAT -> [Ver = | Size = 390049 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN7.DAT -> [Ver = | Size = 5772658 bytes | Created Date = 1/7/2007 8:16:46 PM | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN8.DAT -> [Ver = | Size = 1657236 bytes | Created Date = 1/7/2007 8:16:47 PM | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCAN9.DAT -> [Ver = | Size = 3984235 bytes | Created Date = 1/7/2007 8:16:47 PM | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 1/7/2007 8:16:48 PM | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Created Date = 1/8/2007 4:45:18 AM | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070107.005\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 1/7/2007 8:16:48 PM | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\CATALOG.DAT -> [Ver = | Size = 3406 bytes | Created Date = 1/15/2007 1:07:41 PM | Attr = ]
CCERASER.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\CCERASER.DLL -> Symantec Corporation [Ver = 106.3.3.2 | Size = 2406200 bytes | Created Date = 1/15/2007 1:07:41 PM | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 1/15/2007 1:07:41 PM | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 1/15/2007 1:07:41 PM | Attr = ]
EECTRL.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\EECTRL.SYS -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Created Date = 1/15/2007 1:07:41 PM | Attr = ]
ERASER.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\ERASER.GRD -> [Ver = | Size = 232 bytes | Created Date = 1/15/2007 1:07:41 PM | Attr = ]
ERASER.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\ERASER.SIG -> [Ver = | Size = 2261 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
ERASER.SPM -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\ERASER.SPM -> [Ver = | Size = 2320 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
ERASER.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\ERASER.SYS -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
ESRDEF.BIN -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\ESRDEF.BIN -> [Ver = | Size = 3169337 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
NAVENG.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\NAVENG.EXP -> [Ver = | Size = 13040 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
NAVENG.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
NAVENG.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\NAVENG.VXD -> [Ver = | Size = 89674 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
NAVENG32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\NAVENG32.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
NAVEX15.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\NAVEX15.EXP -> [Ver = | Size = 13232 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
NAVEX15.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
NAVEX15.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\NAVEX15.VXD -> [Ver = | Size = 994379 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
NAVEX32A.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\NAVEX32A.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
SYMAVENG.CAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
SYMAVENG.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\SYMAVENG.INF -> [Ver = | Size = 1061 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
SYMERASE.CAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\SYMERASE.CAT -> [Ver = | Size = 8399 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
SYMERASE.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\SYMERASE.INF -> [Ver = | Size = 580 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\TCDEFS.DAT -> [Ver = | Size = 187929 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\TCSCAN7.DAT -> [Ver = | Size = 1197333 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\TCSCAN8.DAT -> [Ver = | Size = 325740 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\TCSCAN9.DAT -> [Ver = | Size = 736463 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\V.GRD -> [Ver = | Size = 5053 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\V.SIG -> [Ver = | Size = 2269 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
VIRSCAN.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN.INF -> [Ver = | Size = 106244 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN1.DAT -> [Ver = | Size = 975930 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN3.DAT -> [Ver = | Size = 147548 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN5.DAT -> [Ver = | Size = 3184912 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN7.DAT -> [Ver = | Size = 5891958 bytes | Created Date = 1/15/2007 1:07:42 PM | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN8.DAT -> [Ver = | Size = 1662737 bytes | Created Date = 1/15/2007 1:07:43 PM | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\VIRSCAN9.DAT -> [Ver = | Size = 4012920 bytes | Created Date = 1/15/2007 1:07:43 PM | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070115.019\V
  • 0

#25
cdalbon
Posted 18 January 2007 - 10:02 PM

cdalbon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Was that helpful :whistling:
  • 0

Advertisements

#26
loophole
Posted 20 January 2007 - 05:40 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

I'm sorry for the delay, work has been a little hectic lately

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\none -> C:\Program Files\Video ActiveX Object\pmsngr.exe
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and you will be asked if you want to reboot. Click Yes.

After the reboot, locate the latest .log file in the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log) and post that back here.


Tell me the problems with the PC at the moment
  • 0

#27
cdalbon
Posted 20 January 2007 - 09:23 AM

cdalbon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
[Registry - Non-Microsoft Only]
Registry value deletion failed for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\none .
Registry value deletion failed for HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools .
< End of log >
Created on 01/20/2007 08:06:46
This is the only report I got. I then -on my own- went to IE and it said IE was running without add ons.
I went into tools and put everything back to default settings. Reloaded IE 7 thinking that maybe what was in there would be forced out. No such luck, upon rebooting and trying to change my start up page, it still forces MSN to appear and disregards the apply command. The funny thing is that when I use the Mozilla browser I can do everything. :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP