Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Web Nexus Network popup windows


  • Please log in to reply

#1
shivraj

shivraj

    New Member

  • Member
  • Pip
  • 1 posts
Hi there, I'm having some difficulty "eliminating" the root cause of the Web Nexus Network popup windows. I've downloaded microsoft antispyware beta 2, but it's not helping. what should i do. I also have downloaded HIzackthis for this. but i am confused what to do next to remove this malware....please help me regarding this problem

here is my Hizack log:


----------------------------------------------------------------------------------------------------
Registry Mechanic 5.0.0.144
----------------------------------------------------------------------------------------------------
Start of Scan
9/26/2005 6:42:22 PM
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2800
MEMORY FREE: 207024
MEMORY TOTAL: 514120
VIRTUAL FREE: 2026536
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)

----------------------------------------------------------------------------------------------------
Running processes: Process ID
----------------------------------------------------------------------------------------------------
[System Process] 0
System 4
smss.exe 844
csrss.exe 916
winlogon.exe 940
services.exe 984
lsass.exe 996
svchost.exe 1180
svchost.exe 1412
svchost.exe 1604
svchost.exe 1712
spoolsv.exe 1908
explorer.exe 1540
sdtray.exe 1864
hkcmd.exe 1936
ccApp.exe 1988
VPTray.exe 1996
sdlss.exe 1968
gcasServ.exe 296
gcasDtServ.exe 388
blackd.exe 420
ccSetMgr.exe 632
DefWatch.exe 456
icserv.exe 768
wake_up.exe 820
inetinfo.exe 828
mdm.exe 876
sqlservr.exe 1364
spkrmon.exe 324
Rtvscan.exe 484
wdfmgr.exe 640
ACNUpdaterSvc.exe 748
ccEvtMgr.exe 1292
blackice.exe 3060
sqlmangr.exe 3312
notepad.exe 3516
IEXPLORE.EXE 3868
nrunner.exe 3936
e_mail.exe 492
IEXPLORE.EXE 2968
notepad.exe 1684
RegMech.exe 3716
----------------------------------------------------------------------------------------------------
Sections Scanned:
----------------------------------------------------------------------------------------------------

CC - 1
Location: HKEY_CLASSES_ROOT\MSWC.PageCounter
Value : File_Location = C:\WINDOWS\system32\inetsrv\data\HitCnt.cnt
Parsed : C:\WINDOWS\system32\inetsrv\data\HitCnt.cnt

CC - 2
Location: HKEY_CLASSES_ROOT\.mht\OpenWithList\Microsoft Excel\shell\edit\command
Value : default = "C:\Program Files\Microsoft Office\Office10\EXCEL.EXE" /e
Parsed : C:\Program Files\Microsoft Office\Office10\EXCEL.EXE

CC - 3
Location: HKEY_CLASSES_ROOT\.mht\OpenWithList\Microsoft Word\shell\edit\command
Value : default = "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde
Parsed : C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

CC - 4
Location: HKEY_CLASSES_ROOT\acrobat\DefaultIcon
Value : default = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroRd32.exe
Parsed : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroRd32.exe

CC - 5
Location: HKEY_CLASSES_ROOT\AcroExch.Document.7\protocol\StdFileEditing\server
Value : default = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe"
Parsed : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe

CC - 6
Location: HKEY_CLASSES_ROOT\bwpfile\Shell\open\command
Value : default = C:\Program Files\Accenture Connection\9341989\6.3.2.62-9341989L\Program\PrvCnt.exe "%1"
Parsed : C:\Program Files\Accenture Connection\9341989\6.3.2.62-9341989L\Program\PrvCnt.exe

CC - 7
Location: HKEY_CLASSES_ROOT\CLSID\{390CE9F2-C4A0-11D4-8A92-0090271D4F88}\InprocServer32
Value : default = C:\PROGRA~1\Yahoo!\MESSEN~1\ycrwin32.dll
Parsed : C:\PROGRA~1\Yahoo!\MESSEN~1\ycrwin32.dll

CC - 8
Location: HKEY_CLASSES_ROOT\CLSID\{41695A8E-6414-11D4-8FB3-00D0B7730277}\InprocServer32
Value : default = C:\Program Files\Yahoo!\Messenger\asw.dll
Parsed : C:\Program Files\Yahoo!\Messenger\asw.dll

CC - 9
Location: HKEY_CLASSES_ROOT\CLSID\{8D2809ED-7622-11D0-87B2-00A0C908116C}\ToolboxBitmap32
Value : default = C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2sd.dll, 1
Parsed : C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2sd.dll

CC - 10
Location: HKEY_CLASSES_ROOT\CLSID\{CC2C83A6-9BE4-11D0-98E7-00C04FC2CAF5}\InprocServer32
Value : SystemDB = C:\Program Files\Microsoft Office\OFFICE11\1033\system.mdw
Parsed : C:\Program Files\Microsoft Office\OFFICE11\1033\system.mdw

CC - 11
Location: HKEY_CLASSES_ROOT\CLSID\{ED3CC43B-8AD9-42EF-8C2F-890EB3969D2F}\LocalServer32
Value : default = C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /IMG_WIA
Parsed : C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

CC - 12
Location: HKEY_CLASSES_ROOT\Connection Manager Profile\DefaultIcon
Value : default = C:\WINDOWS\System32\CMMGR32.EXE,1
Parsed : C:\WINDOWS\System32\CMMGR32.EXE

CC - 13
Location: HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open\command
Value : default = C:\WINDOWS\System32\CMMGR32.EXE "%1"
Parsed : C:\WINDOWS\System32\CMMGR32.EXE

CC - 14
Location: HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...\command
Value : default = C:\WINDOWS\System32\CMMGR32.EXE /settings "%1"
Parsed : C:\WINDOWS\System32\CMMGR32.EXE

CC - 15
Location: HKEY_CLASSES_ROOT\ppifile\DefaultIcon
Value : default = C:\WINDOWS\system32\msppcnfg.exe,1
Parsed : C:\WINDOWS\system32\msppcnfg.exe

CC - 16
Location: HKEY_CLASSES_ROOT\ppifile\shell\open\command
Value : default = C:\WINDOWS\System32\msppcnfg.exe /Config %1
Parsed : C:\WINDOWS\System32\msppcnfg.exe

CC - 17
Location: HKEY_CLASSES_ROOT\TypeLib\{3EF20BEE-3792-11D2-8540-00C04F797438}\1.0\HELPDIR
Value : default = C:\Program Files\Microsoft English Query\mseqpkg.dll\
Parsed : C:\Program Files\Microsoft English Query\mseqpkg.dll

CC - 18
Location: HKEY_CLASSES_ROOT\TypeLib\{C5C13CA8-FB24-11D1-9A0C-00C04FC22BF4}\8.0\HELPDIR
Value : default = C:\Program Files\Common Files\Microsoft Shared\EQ80\
Parsed : C:\Program Files\Common Files\Microsoft Shared\EQ80

CC - 19
Location: HKEY_CLASSES_ROOT\TypeLib\{390CE9E4-C4A0-11D4-8A92-0090271D4F88}\1.0\0\win32
Value : default = C:\Program Files\Yahoo!\Messenger\ycrwin32.dll
Parsed : C:\Program Files\Yahoo!\Messenger\ycrwin32.dll

CC - 20
Location: HKEY_CLASSES_ROOT\TypeLib\{3EF20BEE-3792-11D2-8540-00C04F797438}\1.0\0\win32
Value : default = C:\Program Files\Microsoft English Query\mseqpkg.dll\2
Parsed : C:\Program Files\Microsoft English Query\mseqpkg.dll

CC - 21
Location: HKEY_CLASSES_ROOT\TypeLib\{41695A81-6414-11D4-8FB3-00D0B7730277}\1.0\0\win32
Value : default = C:\Program Files\Yahoo!\Messenger\asw.dll
Parsed : C:\Program Files\Yahoo!\Messenger\asw.dll

CC - 22
Location: HKEY_CLASSES_ROOT\TypeLib\{4BC34E13-CB52-11D2-8E93-00600893AF2D}\1.0\0\win32
Value : default = C:\Program Files\Microsoft Analysis Services\Bin\msmdpump.dll
Parsed : C:\Program Files\Microsoft Analysis Services\Bin\msmdpump.dll

CC - 23
Location: HKEY_CLASSES_ROOT\TypeLib\{581D4840-C8DF-11D1-892A-00C04FC2D0A8}\1.0\0\win32
Value : default = C:\Program Files\Microsoft English Query\mseqpkg.dll
Parsed : C:\Program Files\Microsoft English Query\mseqpkg.dll

CC - 24
Location: HKEY_CLASSES_ROOT\TypeLib\{99F76DE1-4359-11D2-8E78-00600893AF2D}\1.0\0\win32
Value : default = C:\Program Files\Microsoft Analysis Services\Bin\pcub.dll
Parsed : C:\Program Files\Microsoft Analysis Services\Bin\pcub.dll

CC - 25
Location: HKEY_CLASSES_ROOT\TypeLib\{C5C13CA8-FB24-11D1-9A0C-00C04FC22BF4}\8.0\0\win32
Value : default = C:\Program Files\Common Files\Microsoft Shared\EQ80\mseqsmf.dll
Parsed : C:\Program Files\Common Files\Microsoft Shared\EQ80\mseqsmf.dll

SL - 26
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe
Value : default = C:\WINDOWS\System32\cmmgr32.exe
Parsed : C:\WINDOWS\System32\cmmgr32.exe

SL - 27
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\None
Value : default = C:\Program Files\Broadcom\DrvInst\Broadcom Gigabit Integrated Controller
Parsed : C:\Program Files\Broadcom\DrvInst\Broadcom Gigabit Integrated Controller

SL - 28
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe
Value : default = C:\Program Files\WexTech\AnswerWorks\yourapp.Exe
Parsed : C:\Program Files\WexTech\AnswerWorks\yourapp.Exe

HR - 29
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help
Value : nwindcs9.cnt = C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\
Parsed : C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\nwindcs9.cnt

HR - 30
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help
Value : nwind9.hlp = C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\
Parsed : C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\nwind9.hlp

HR - 31
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help
Value : nwind9.cnt = C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\
Parsed : C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\nwind9.cnt

HR - 32
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help
Value : nwindcs9.hlp = C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\
Parsed : C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\nwindcs9.hlp

HR - 33
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help
Value : scanpst.hlp = C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\
Parsed : C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\scanpst.hlp

SP - 34
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\Program Files\Symantec\S32STAT.DLL = C:\Program Files\Symantec\S32STAT.DLL
Parsed : C:\Program Files\Symantec\S32STAT.DLL

SP - 35
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\system32\Co2c40en.dll = C:\WINDOWS\system32\Co2c40en.dll
Parsed : C:\WINDOWS\system32\Co2c40en.dll

SP - 36
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\ntwdblib.dll = C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\ntwdblib.dll
Parsed : C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\ntwdblib.dll

ARP - 37
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20610409-CA18-41A6-9E21-A93AE82EE7C5}
Value : DisplayIcon = c:\Program Files\Microsoft Visual Studio .NET 2003\setup\esetup.ico
Parsed : c:\Program Files\Microsoft Visual Studio .NET 2003\setup\esetup.ico

ARP - 38
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools\ = C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools\
Parsed : C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools

ARP - 39
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\profiler\Application Data\Microsoft\Installer\{35343FF7-939B-401A-87B3-FF90A5123D88}\ = C:\Documents and Settings\profiler\Application Data\Microsoft\Installer\{35343FF7-939B-401A-87B3-FF90A5123D88}\
Parsed : C:\Documents and Settings\profiler\Application Data\Microsoft\Installer\{35343FF7-939B-401A-87B3-FF90A5123D88}

ARP - 40
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\profiler\Application Data\Microsoft\Installer\ = C:\Documents and Settings\profiler\Application Data\Microsoft\Installer\
Parsed : C:\Documents and Settings\profiler\Application Data\Microsoft\Installer

ARP - 41
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Symantec\Ghost\ = C:\Program Files\Symantec\Ghost\
Parsed : C:\Program Files\Symantec\Ghost

ARP - 42
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ = C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
Parsed : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus

ARP - 43
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Symantec_Client_Security\ = C:\Program Files\Symantec_Client_Security\
Parsed : C:\Program Files\Symantec_Client_Security

ARP - 44
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\OFFICE\ = C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\OFFICE\
Parsed : C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\OFFICE

ARP - 45
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

SC - 46
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Ghost Explorer.lnk\
Value : Shortcut = C:\WINDOWS\Installer\{99B14F53-5390-435C-0B5B-FFEC123F1088}\_E6E587EABD60_4870_8324_6CAA4B4FCEF6.exe
Parsed : C:\WINDOWS\Installer\{99B14F53-5390-435C-0B5B-FFEC123F1088}\_E6E587EABD60_4870_8324_6CAA4B4FCEF6.exe

SC - 47
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Temp Folder.lnk\
Value : Shortcut = C:\Documents and Settings\profiler\Local Settings\Temp
Parsed : C:\Documents and Settings\profiler\Local Settings\Temp

SC - 48
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer Intranet Setup.lnk\
Value : Shortcut = C:\Program Files\Real\RealPlayer\Setup\setup.exe
Parsed :

SC - 49
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk\
Value : Shortcut = C:\Program Files\Real\RealPlayer\playrlic.html
Parsed : C:\Program Files\Real\RealPlayer\playrlic.html

FX - 50
Location: HKEY_CLASSES_ROOT\.scd
Value : default = Microsoft Schedule+ Application
Parsed :

FX - 51
Location: HKEY_CLASSES_ROOT\.sch
Value : default = Microsoft Schedule+ Application
Parsed :

FX - 52
Location: HKEY_CLASSES_ROOT\.snp
Value : default = Snapshot File
Parsed :

FX - 53
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TMP\OpenWithList
Value : default = blank
Parsed :

DEEP - 54
Location: HKEY_CURRENT_USER\Software\InterTrust\DocBox
Value : ContentFolder = C:\Documents and Settings\profiler\My Documents\My eBooks
Parsed : C:\Documents and Settings\profiler\My Documents\My eBooks

DEEP - 55
Location: HKEY_CURRENT_USER\Software\InterTrust\DocBox
Value : ReceiptFolder = C:\Documents and Settings\profiler\Application Data\InterTrust\ReceiptRepository
Parsed : C:\Documents and Settings\profiler\Application Data\InterTrust\ReceiptRepository

DEEP - 56
Location: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Default MHTML Editor
Value : Last = "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde
Parsed : C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

DEEP - 57
Location: HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers
Value : application/msexcel = C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE

DEEP - 58
Location: HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers
Value : application/xlc = C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE

DEEP - 59
Location: HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers
Value : application/pot = C:\PROGRA~1\MICROS~2\Office10\POWERPNT.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\POWERPNT.EXE

DEEP - 60
Location: HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers
Value : application/pps = C:\PROGRA~1\MICROS~2\Office10\POWERPNT.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\POWERPNT.EXE

DEEP - 61
Location: HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers
Value : application/ppt = C:\PROGRA~1\MICROS~2\Office10\POWERPNT.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\POWERPNT.EXE

DEEP - 62
Location: HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers
Value : application/msword = C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE

DEEP - 63
Location: HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers
Value : application/rtf = C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE

DEEP - 64
Location: HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers
Value : application/x-bwpreview = C:\Program Files\Accenture Connection\9341989\6.3.2.62-9341989L\Program\PrvCnt.exe
Parsed : C:\Program Files\Accenture Connection\9341989\6.3.2.62-9341989L\Program\PrvCnt.exe

DEEP - 65
Location: HKEY_CURRENT_USER\Software\InterTrust\DocBox\Extension\.pdf
Value : ContentFolder = C:\Documents and Settings\profiler\My Documents\My eBooks
Parsed : C:\Documents and Settings\profiler\My Documents\My eBooks

DEEP - 66
Location: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Setup\CreatedLinks
Value : Shortcut0 = C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
Parsed : C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

DEEP - 67
Location: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Setup\CreatedLinks
Value : Shortcut1 = C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk
Parsed : C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk

DEEP - 68
Location: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Setup\CreatedLinks
Value : Shortcut2 = C:\Documents and Settings\profiler\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
Parsed : C:\Documents and Settings\profiler\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk

DEEP - 69
Location: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Setup\CreatedLinks
Value : Shortcut3 = C:\Documents and Settings\profiler\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
Parsed : C:\Documents and Settings\profiler\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

DEEP - 70
Location: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Setup\CreatedLinks
Value : Shortcut4 = C:\Documents and Settings\profiler\Start Menu\Programs\Windows Media Player.lnk
Parsed : C:\Documents and Settings\profiler\Start Menu\Programs\Windows Media Player.lnk

DEEP - 71
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Extensions
Value : mda = C:\PROGRA~1\MICROS~2\Office10\MSACCESS.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\MSACCESS.EXE

DEEP - 72
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Extensions
Value : mdb = C:\PROGRA~1\MICROS~2\Office10\MSACCESS.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\MSACCESS.EXE

DEEP - 73
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Extensions
Value : xls = C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE
Parsed : C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE

DEEP - 74
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Extensions
Value : doc = C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE ^.doc
Parsed : C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE

DEEP - 75
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Extensions
Value : dot = C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE ^.dot
Parsed : C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE

DEEP - 76
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Extensions
Value : rtf = C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE ^.rtf
Parsed : C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE

DEEP - 77
Location: HKEY_CURRENT_USER\Software\Microsoft\DevStudio\5.0\Addins\VisioUMLSolution.UMLVC50.1
Value : Filename = C:\Program Files\Microsoft Office\Visio10\DLL\umlvc50.dll
Parsed : C:\Program Files\Microsoft Office\Visio10\DLL\umlvc50.dll

DEEP - 78
Location: HKEY_CURRENT_USER\Software\Microsoft\DevStudio\6.0\Addins\VisioUMLSolution.UMLVC60.1
Value : Filename = C:\Program Files\Microsoft Office\Visio10\DLL\umlvc60.dll
Parsed : C:\Program Files\Microsoft Office\Visio10\DLL\umlvc60.dll

DEEP - 79
Location: HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Visio
Value : Small Icon = C:\Program Files\Microsoft Office\Visio10\visio.exe, 0
Parsed : C:\Program Files\Microsoft Office\Visio10\visio.exe

DEEP - 80
Location: HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Visio
Value : Large Icon = C:\Program Files\Microsoft Office\Visio10\visio.exe, 1
Parsed : C:\Program Files\Microsoft Office\Visio10\visio.exe

DEEP - 81
Location: HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\7FF34353B939A104783BFF095A21D388\SourceList\Net
Value : 1 = C:\WINDOWS\TEMP\w6btemp\xml\
Parsed : C:\WINDOWS\TEMP\w6btemp\xml

DEEP - 82
Location: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command
Value : default = "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde
Parsed : C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

DEEP - 83
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe
Value : a = C:\Documents and Settings\shivraj.chauhan\Desktop\GoogleToolbarInstaller.exe
Parsed : C:\Documents and Settings\shivraj.chauhan\Desktop\GoogleToolbarInstaller.exe

DEEP - 84
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer
Value : MetadataTemplatesDir = C:\Program Files\Windows Media Player\Templates
Parsed : C:\Program Files\Windows Media Player\Templates

DEEP - 85
Location: HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Value : Path = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
Parsed : C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

DEEP - 86
Location: HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Value : XPTPath = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
Parsed : C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt

DEEP - 87
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\SQLServerAgent
Value : ErrorLogFile = C:\Program Files\Microsoft SQL Server\MSSQL\LOG\SQLAGENT.OUT
Parsed : C:\Program Files\Microsoft SQL Server\MSSQL\LOG\SQLAGENT.OUT

DEEP - 88
Location: HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\Remedy ODBC Driver
Value : Driver = C:\WINDOWS\System32\arodbc45.dll
Parsed : C:\WINDOWS\System32\arodbc45.dll

DEEP - 89
Location: HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\Remedy ODBC Driver
Value : Setup = C:\WINDOWS\System32\arodbc45.dll
Parsed : C:\WINDOWS\System32\arodbc45.dll

DEEP - 90
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Staccato\SCa\CP
Value : CP_TESTTONEPATH = C:\Program Files\Analog Devices\SoundMAX\Test\TestTone.wav
Parsed : C:\Program Files\Analog Devices\SoundMAX\Test\TestTone.wav

DEEP - 91
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Staccato\SCa\CP
Value : CP_TESTMUSICPATH = C:\Program Files\Analog Devices\SoundMAX\Test\TestMusic.wav
Parsed : C:\Program Files\Analog Devices\SoundMAX\Test\TestMusic.wav

DEEP - 92
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Trymedia Systems\ActiveMARK Software\fe83d8e213611dd32aa59ca02feee658
Value : path = C:\Program Files\Yahoo! Games\Atlantis\Atlantis.exe
Parsed : C:\Program Files\Yahoo! Games\Atlantis\Atlantis.exe

DEEP - 93
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions
Value : LDVP = 4.0;C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll;1;00000011111
Parsed : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll

DEEP - 94
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions
Value : Remote Exchange Extensions = 4.0;C:\WINDOWS\System32\emsui32.dll;6;111;111;MSEMS
Parsed : C:\WINDOWS\System32\emsui32.dll

DEEP - 95
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Keyring\Parameters\AddOnServices
Value : SMTP = C:\WINDOWS\System32\inetsrv\smtpkey.dll
Parsed : C:\WINDOWS\System32\inetsrv\smtpkey.dll

DEEP - 96
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value : Shell = Explorer.exe C:\WINDOWS\Nail.exe
Parsed : C:\WINDOWS\Nail.exe

DEEP - 97
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.ivf
Value : RequiredFile = C:\WINDOWS\System32\ivfsrc.ax
Parsed : C:\WINDOWS\System32\ivfsrc.ax

DEEP - 98
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ivf
Value : RequiredFile = C:\WINDOWS\System32\ivfsrc.ax
Parsed : C:\WINDOWS\System32\ivfsrc.ax

DEEP - 99
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\7.1\Projects\{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}
Value : DesignerTemplatesDir = c:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\DesignerTemplates
Parsed : c:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\DesignerTemplates

DEEP - 100
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths
Value : profiler = C:\Documents and Settings\profiler\My Documents
Parsed : C:\Documents and Settings\profiler\My Documents

DEEP - 101
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
Value : Directory = C:\WINDOWS\History
Parsed : C:\WINDOWS\History

DEEP - 102
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Migration DLLs
Value : {5945c046-1e7d-11d1-bc44-00c04fd912be} = C:\Program Files\Messenger\migrate.dll
Parsed : C:\Program Files\Messenger\migrate.dll

DEEP - 103
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command
Value : default = "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde
Parsed : C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

DEEP - 104
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\DVR-MS
Value : RequiredFile = C:\WINDOWS\System32\enable.dvd
Parsed : C:\WINDOWS\System32\enable.dvd

DEEP - 105
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\IVF
Value : RequiredFile = C:\WINDOWS\System32\ivfsrc.ax
Parsed : C:\WINDOWS\System32\ivfsrc.ax

DEEP - 106
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD
Value : RequiredFile = C:\WINDOWS\System32\enable.dvd
Parsed : C:\WINDOWS\System32\enable.dvd

DEEP - 107
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\DVR-MS
Value : RequiredFile = C:\WINDOWS\System32\enable.dvd
Parsed : C:\WINDOWS\System32\enable.dvd

DEEP - 108
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Migration\200
Value : Messenger Migration = C:\Program Files\Messenger\msgsmigr.dll,MsgsMigration
Parsed : C:\Program Files\Messenger\msgsmigr.dll

DEEP - 109
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgClr\7.1\NewProjectTemplates\TemplateDirs\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\/1
Value : TemplatesDir = c:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\GuiDebug\SolutionTemplates
Parsed : c:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\GuiDebug\SolutionTemplates

DEEP - 110
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDN\7.0\NewProjectTemplates\TemplateDirs\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\/1
Value : TemplatesDir = c:\Program Files\Common Files\Microsoft Shared\Help\SolutionTemplates
Parsed : c:\Program Files\Common Files\Microsoft Shared\Help\SolutionTemplates

DEEP - 111
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared\MHTML\Default Editor\shell\Edit\command
Value : default = "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde
Parsed : C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

DEEP - 112
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared\MHTML\Default Editor\shell\Print\command
Value : default = "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /x /n /dde
Parsed : C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

DEEP - 113
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit\command
Value : default = "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde
Parsed : C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

DEEP - 114
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\DeluxeCD\Providers\Provider0000
Value : ProviderLogo = C:\WINDOWS\System32\tunes.bmp
Parsed : C:\WINDOWS\System32\tunes.bmp

DEEP - 115
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\DeluxeCD\Providers\Provider0001
Value : ProviderLogo = C:\WINDOWS\System32\n2k.bmp
Parsed : C:\WINDOWS\System32\n2k.bmp

DEEP - 116
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WebView\TemplateMacros\BACKGROUNDIMAGE
Value : default = C:\WINDOWS\Web\wvleft.bmp
Parsed : C:\WINDOWS\Web\wvleft.bmp

DEEP - 117
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WebView\TemplateMacros\LOGOLINE
Value : default = C:\WINDOWS\Web\wvline.gif
Parsed : C:\WINDOWS\Web\wvline.gif

DEEP - 118
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU
Value : CurrentCacheFile = C:\WINDOWS\SoftwareDistribution\EventCache\{272FE935-800F-4E75-A1A3-13EE5CBFDDD7}.bin
Parsed : C:\WINDOWS\SoftwareDistribution\EventCache\{272FE935-800F-4E75-A1A3-13EE5CBFDDD7}.bin

DEEP - 119
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0723095E1EB7A3F4599FB8829DE20284
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 120
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0723095E1EB7A3F4599FB8829DE20284
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 121
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18073D53762F8D645924FD48C8BACE44
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 122
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18073D53762F8D645924FD48C8BACE44
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 123
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\197986349ADD55E4791877C2F9FD1404
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 124
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E17002306209BF498A5B184A6A4CD0C
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 125
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E17002306209BF498A5B184A6A4CD0C
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 126
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E00DABFCA5E67C4881DCCA176F25C67
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 127
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E00DABFCA5E67C4881DCCA176F25C67
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 128
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\316D91D98F2D37A4585D2DF5DACECF93
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 129
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\316D91D98F2D37A4585D2DF5DACECF93
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 130
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37B018D38884D2043BBD8EAE6745979F
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 131
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37B018D38884D2043BBD8EAE6745979F
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 132
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3914ABCF0CE84A4498608C467AD9AB01
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 133
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3914ABCF0CE84A4498608C467AD9AB01
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 134
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B65FCFCDAFAFF843A056302829A669D
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 135
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B65FCFCDAFAFF843A056302829A669D
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 136
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FFC076946D23F747BCC49D3C49DAD2B
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 137
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FFC076946D23F747BCC49D3C49DAD2B
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 138
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4769CCBE90805494F9B0C1D7AD0F2F6C
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 139
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4769CCBE90805494F9B0C1D7AD0F2F6C
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 140
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E583B84DF94840B69B71B9B9691C7
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 141
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E583B84DF94840B69B71B9B9691C7
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 142
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\539D3B7957C58E141BAA69E8F67A3154
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 143
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\539D3B7957C58E141BAA69E8F67A3154
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 144
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B459F6503E1DF8468F49D2D7090B64C
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 145
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B459F6503E1DF8468F49D2D7090B64C
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 146
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\662D9B6A76F85894B95D3DA06DC598A1
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 147
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66A964206D532614CAA674525C115B5A
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 148
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66A964206D532614CAA674525C115B5A
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 149
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75AD138F296CAC145BAD1206F9BE78A0
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 150
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75AD138F296CAC145BAD1206F9BE78A0
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 151
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A0490666E0FE7143B0EC6D2888CCFBD
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 152
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85FB2592D75D45B4DA66315552889602
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 153
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85FB2592D75D45B4DA66315552889602
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 154
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86D94728C433931458979C371144AC11
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 155
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86D94728C433931458979C371144AC11
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 156
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EA518D8300D4144FBF3C30A17DC0B74
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 157
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EA518D8300D4144FBF3C30A17DC0B74
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 158
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\96443A54E01C3634C8C278DA21B260A1
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 159
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\96443A54E01C3634C8C278DA21B260A1
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 160
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9774B9786310FF74BB53C7B03CB01005
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 161
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BACD3EDDFCFE04CBEF935265E342E2
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 162
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BACD3EDDFCFE04CBEF935265E342E2
Value : 00000000000000000000000000000000 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst

DEEP - 163
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9F561C1606D4884BA82680B3B3CC15F
Value : 497CA84818B8A04418EA464733D75B72 = C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\
Parsed : C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate

Edited by shivraj, 26 September 2005 - 07:36 AM.

  • 0

Advertisements


#2
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi :tazz:

You need to go HERE, and read through the instructions fully. Then post a HJT log in the malware forum where you will get help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP