Computer Hope

Software => Computer viruses and spyware => Topic started by: tina1rules on August 07, 2008, 01:21:54 AM

Title: Registry....
Post by: tina1rules on August 07, 2008, 01:21:54 AM

Okay so I truly believe after following many many steps countless times that something is in my registry(I think i have some half installed software in there actually). AVG found a restry error and I was researching it moving along nicely. So I wondered about a program designed for that,on your sites suggestions there was 3 links I chose the Glary Utility. I ran the restry cleaner and the results are 622! 622? really.
I haven't cleaned anything or fix'd anything. So what do you think I should do now? seriously I am like wow.

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 01:24:09 AM

Registry tools are dangerous, and that's an understatement.

What is it you are actually trying to do?

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 01:30:39 AM

Its a long story. But I think I have a restry key left in there from an old virus. On top of that I was removing some programs one day and I think I half installed or something.
My computer can not be pinged as if I have a firewall up which I do not.

So i was trying to see if I had traces of Norton or Comondo or something left in there blocking things.

And it is saying I have over 600 restry errors,it doesn't sound right to me.

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 01:36:52 AM

Quote from: tina1rules on August 07, 2008, 01:30:39 AM

And it is saying I have over 600 restry errors,it doesn't sound right to me.

Glary Utilities is good software but in my opinion way too aggressive in what it removes. Too many times I have see where it was ran, all items fixed, then the computer wouldn't boot to Windows. You should uninstall it.

Can you do a System Restore to before this problem with pinging started happening and then let me suggest some better ways of dealing with the virus, and uninstalling whatever it is you need uninstalled?

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 01:45:16 AM

Restore won't go back that far. I had systen restore off then or something. Its been awhile. I am a persistant person. I try and figure it out for awhile then stop. I usually get re-install windows as a reply but I find it more intertaining to figure it out. So I would say I am ready for your suggestions.

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 01:50:12 AM

Can you access the Internet or are you unable to connect on the PC?

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 10:05:17 AM

That to me is the hilarious part. I can connect to the internet I can surf all that. I can't do things like play WoW if I wanted to(which I don't) or Poker Stars.I get cannot connect to server.  So this also means my AVG or super anti-spy can't get updates. Also I have Internet Explorer,XP sp2,so when I click tols and diagnose problems,it basically tells me I am not connected to the internet,that i can use another computer to go to microsoft . com  ::)


I have ran firewall testers and it tells me its working 100%,but my wndows one is OFF,and I have uninstalled other programs that I thought had firewalls. This computer had Norten on it and Mcafee at one point.

During another whats wrong with my computer mission I had Comondoand AVAST I have uninstalled it too.

Also when I go into Safemode I can Play poker stars and I can download updates for AVG ect.,however I can't access yahoo games,specifically Spelldown :(

So this time when I ran AVG i did get two results and they were registry items.,hence my curiosity as too if my registry is screwd somewhere.

So I googled those two results one result is telling me to remove a certain registry key,the other seems to be just a sensitive find.

I am running scans again and will post logs when you want them.

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 10:07:54 AM

Post the logs whenever you are ready.

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 11:47:52 AM

Still waiting on scans. However I just thought of something I restored my computer once to factory settings,and I did back-up everything. So If I can't figure out this problem I am having,Can I restore the back-up easily.

still waiting on scans to finish will post logs shortly.

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 11:48:36 AM

Yes the backup will work.

Do you have your install CD?

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 12:14:19 PM

Yes I do,however if I lose the files on media player I fear I will be yelled at til my head explodes.

and I have never done uch a pocess with a disk so I am a tad intimidated.

I have two of the 3 logs the sticky says to post. I can't figure out where the log is on SuperAnti SPY though.

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 12:16:28 PM

Open SAS and click on Preferences.
Now click the Statistics/Logs tab.
You will find the log in there.

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 12:20:36 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:19 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\locator.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 134.87.141.73:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\sotohuf.dll,TurnOn2
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201728035968
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\PROGRA~1\Symantec\isPwdSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/07/2008 at 02:06 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type       : Complete Scan
Total Scan Time : 02:16:57

Memory items scanned      : 457
Memory threats detected   : 0
Registry items scanned    : 5650
Registry threats detected : 0
File items scanned        : 56674
File threats detected     : 4

Adware.Tracking Cookie
   C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt



Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 175324
Time elapsed: 1 hour(s), 21 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 12:33:22 PM

Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select Show hidden files and folders.
  
• Uncheck Hide protected operating system files (recommended) option.
  
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
  
• Click OK

.
----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 134.87.141.73:80
• O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
• O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\sotohuf.dll,TurnOn2

.
Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Now locate and delete this file.

C:\WINDOWS\system32\sotohuf.dll

Restart the computer and let me know how things are now.

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 01:26:55 PM

Okay I did the hijack this part. I don't know how to find the file sotohuff,I did a search files but it didn't show up.

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 01:28:37 PM

Let's do this.

Download Combofix by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
 Link #2 (http://subs.geekstogo.com/ComboFix.exe)

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click  this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
 
When finished ComboFix will produce a log for you.Post that log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 01:50:35 PM

ok what did I do wrong..it is saying I cannot rename combo fix

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 01:58:22 PM

Have you already ran or have downloaded ComboFix?

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 02:00:31 PM

I have AVG.


When I clicked the link iseen the term URLSEEK or something to that effect,I have seen that on my computer a couple times dodnn't know what is though.
And I have never heard of Combo Fix...so No

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 02:13:22 PM

What does it say exactly?

When you download it try renaming it before you save it to the Desktop. Name it Combo-Fix then try to save it.

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 06:49:44 PM

ComboFix 08-08-07.01 - Owner 2008-08-07 18:33:02.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-07-07 to 2008-08-07  )))))))))))))))))))))))))))))))
.

2008-08-07 03:12 . 2008-08-07 03:12   <DIR>   d--------   C:\Program Files\Glary Utilities
2008-07-28 09:55 . 2008-07-28 09:55   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-07-28 01:10 . 2008-07-28 12:07   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-07-28 00:55 . 2008-07-28 00:55   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-07-28 00:55 . 2008-08-02 09:25   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-28 00:55 . 2008-07-28 00:55   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-28 00:55 . 2008-07-28 00:55   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-28 00:55 . 2008-07-28 00:55   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-07-28 00:54 . 2008-07-28 00:54   <DIR>   d--------   C:\Program Files\AVG
2008-07-28 00:54 . 2008-07-28 00:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 00:20 . 2008-07-28 00:20   <DIR>   d--------   C:\Documents and Settings\Super\Application Data\VersionTracker Pro
2008-07-25 18:02 . 2008-07-25 18:02   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\VersionTracker Pro
2008-07-25 17:57 . 2008-07-25 17:57   <DIR>   d--------   C:\Program Files\TechTracker
2008-07-25 17:50 . 2008-07-25 17:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 21:12 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-15 21:12 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-15 21:12 . 2004-08-04 00:56   21,504   --a------   C:\WINDOWS\system32\hidserv.dll
2008-07-15 21:12 . 2004-08-04 00:56   21,504   --a--c---   C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-15 21:12 . 2004-08-03 22:58   14,848   --a------   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-15 21:12 . 2004-08-03 22:58   14,848   --a--c---   C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-15 21:12 . 2001-08-17 14:02   9,600   --a------   C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-15 21:12 . 2001-08-17 14:02   9,600   --a--c---   C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-13 21:45 . 2008-07-13 21:47   <DIR>   d--------   C:\Program Files\Dofus

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 21:16   ---------   d-----w   C:\Program Files\PokerStars
2008-08-07 18:21   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-08-07 15:47   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-07 15:47   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 06:13   ---------   d-----w   C:\Program Files\PopsMedia
2008-07-28 04:55   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-25 21:49   ---------   d-----w   C:\Program Files\Yahoo!
2008-07-25 21:49   ---------   d-----w   C:\Program Files\DivX
2008-07-02 03:52   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-02 03:51   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\TrueSwitch
2008-07-02 01:27   ---------   d-----w   C:\Program Files\Java
2008-06-25 00:47   ---------   d-----w   C:\Program Files\Viewpoint
2008-06-25 00:47   ---------   d-----w   C:\Program Files\AIM6
2008-06-24 01:36   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\acccore
2008-06-24 01:25   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-06-11 00:04   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2008-05-09 01:19   1,752   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-02-05 04:38   40   ----a-w   C:\Documents and Settings\Owner\language.dat
2007-10-06 14:08   8,088   ----a-w   C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2007-05-18 20:17   300,680   ------w   C:\Documents and Settings\All Users\Application Data\arclib.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 20:42 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"PlayNC Launcher"="C:\program files\ncsoft\launcher\NCLauncher.exe" [2007-08-21 10:00 38128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 01:42 212992]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 08:09 139264]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-18 11:49 98304]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 11:32 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 11:32 7204864]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-28 00:55 1232152]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 18:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-05-18 11:48:11 2168360]
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-25 17:57:35 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"YPCService"=3 (0x3)
"VETMSGNT"=2 (0x2)
"SiteAdvisor Service"=2 (0x2)
"MSK80Service"=2 (0x2)
"MPS9"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"mcmispupdmgr"=3 (0x3)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"CAISafe"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

Title: Re: Registry....
Post by: tina1rules on August 07, 2008, 06:51:18 PM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-28 00:55]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-28 00:55]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 00:55]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-28 00:55]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 11:08]

2007-05-18 C:\WINDOWS\Tasks\ISP signup reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 15:00]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0akcqlp.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 18:37:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-07 18:43:38
ComboFix-quarantined-files.txt  2008-08-07 22:43:34
ComboFix2.txt  2008-08-07 20:44:23

Pre-Run: 72,366,936,064 bytes free
Post-Run: 72,362,270,720 bytes free

184   --- E O F ---   2008-02-14 08:56:49
 ComboFix 08-08-07.01 - Owner 2008-08-07 18:33:02.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-07-07 to 2008-08-07  )))))))))))))))))))))))))))))))
.

2008-08-07 03:12 . 2008-08-07 03:12   <DIR>   d--------   C:\Program Files\Glary Utilities
2008-07-28 09:55 . 2008-07-28 09:55   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-07-28 01:10 . 2008-07-28 12:07   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-07-28 00:55 . 2008-07-28 00:55   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-07-28 00:55 . 2008-08-02 09:25   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-28 00:55 . 2008-07-28 00:55   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-28 00:55 . 2008-07-28 00:55   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-28 00:55 . 2008-07-28 00:55   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-07-28 00:54 . 2008-07-28 00:54   <DIR>   d--------   C:\Program Files\AVG
2008-07-28 00:54 . 2008-07-28 00:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 00:20 . 2008-07-28 00:20   <DIR>   d--------   C:\Documents and Settings\Super\Application Data\VersionTracker Pro
2008-07-25 18:02 . 2008-07-25 18:02   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\VersionTracker Pro
2008-07-25 17:57 . 2008-07-25 17:57   <DIR>   d--------   C:\Program Files\TechTracker
2008-07-25 17:50 . 2008-07-25 17:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 21:12 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-15 21:12 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-15 21:12 . 2004-08-04 00:56   21,504   --a------   C:\WINDOWS\system32\hidserv.dll
2008-07-15 21:12 . 2004-08-04 00:56   21,504   --a--c---   C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-15 21:12 . 2004-08-03 22:58   14,848   --a------   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-15 21:12 . 2004-08-03 22:58   14,848   --a--c---   C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-15 21:12 . 2001-08-17 14:02   9,600   --a------   C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-15 21:12 . 2001-08-17 14:02   9,600   --a--c---   C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-13 21:45 . 2008-07-13 21:47   <DIR>   d--------   C:\Program Files\Dofus

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 21:16   ---------   d-----w   C:\Program Files\PokerStars
2008-08-07 18:21   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-08-07 15:47   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-07 15:47   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 06:13   ---------   d-----w   C:\Program Files\PopsMedia
2008-07-28 04:55   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-25 21:49   ---------   d-----w   C:\Program Files\Yahoo!
2008-07-25 21:49   ---------   d-----w   C:\Program Files\DivX
2008-07-02 03:52   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-02 03:51   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\TrueSwitch
2008-07-02 01:27   ---------   d-----w   C:\Program Files\Java
2008-06-25 00:47   ---------   d-----w   C:\Program Files\Viewpoint
2008-06-25 00:47   ---------   d-----w   C:\Program Files\AIM6
2008-06-24 01:36   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\acccore
2008-06-24 01:25   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-06-11 00:04   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2008-05-09 01:19   1,752   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-02-05 04:38   40   ----a-w   C:\Documents and Settings\Owner\language.dat
2007-10-06 14:08   8,088   ----a-w   C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2007-05-18 20:17   300,680   ------w   C:\Documents and Settings\All Users\Application Data\arclib.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 20:42 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"PlayNC Launcher"="C:\program files\ncsoft\launcher\NCLauncher.exe" [2007-08-21 10:00 38128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 01:42 212992]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 08:09 139264]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-18 11:49 98304]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 11:32 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 11:32 7204864]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-28 00:55 1232152]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 18:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-05-18 11:48:11 2168360]
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-25 17:57:35 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"YPCService"=3 (0x3)
"VETMSGNT"=2 (0x2)
"SiteAdvisor Service"=2 (0x2)
"MSK80Service"=2 (0x2)
"MPS9"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"mcmispupdmgr"=3 (0x3)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"CAISafe"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-28 00:55]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-28 00:55]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 00:55]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-28 00:55]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 11:08]

2007-05-18 C:\WINDOWS\Tasks\ISP signup reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 15:00]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0akcqlp.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 18:37:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-07 18:43:38
ComboFix-quarantined-files.txt  2008-08-07 22:43:34
ComboFix2.txt  2008-08-07 20:44:23

Pre-Run: 72,366,936,064 bytes free
Post-Run: 72,362,270,720 bytes free

184   --- E O F ---   2008-02-14 08:56:49

Title: Re: Registry....
Post by: evilfantasy on August 07, 2008, 07:00:02 PM

Looks OK.

Delete ComboFix. It is a powerful tool and not needed for everyday use as it can easily destroy a system if not treated with care.

Please delete this file

C:\Documents and Settings\Owner\My Documents\ComboFix.exe

----------

place the XP CD in the CD drive.

Follow the instructions below:

• Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
  • Let this run undisturbed until the window with the blue  progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

If you want to see what was replaced, right-click My Computer and click on Manage.
In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.

How is everything now?

Title: Re: Registry....
Post by: tina1rules on August 15, 2008, 02:36:09 PM

ok I have a question. I can't find my xp disk,but I do have a windows xp office disk
Can I use this to do the process above,and should I go back and hide my folders that I unhid on page one?

Title: Re: Registry....
Post by: evilfantasy on August 15, 2008, 02:41:24 PM

Yes rehide your folders. No the office disk won't work. Do you have a friend that has an XP disk? It would have to b ethe same as you have either XP Home or Pro.

Title: Re: Registry....
Post by: tina1rules on August 15, 2008, 03:09:31 PM

I am sure I do have to make some calls now lol

and thank you for helping me.

Title: Re: Registry....
Post by: evilfantasy on August 15, 2008, 03:19:05 PM

No problem.

Title: Re: Registry....
Post by: tina1rules on August 15, 2008, 09:12:54 PM

okay so I can't get a disk at the moment but I will.
I notied I didn't answer one of your questions and  actually mi stated something. I think I actually UNINSTALLED a program incorectly. I got some stupid updates a long time ago....installed they were retarded so I wanted to uninstall it. It happened to be a Norten program. I notce I still have Smnatec in the HJT log. How in the world do you get symnatec out of my computer? So I was ntil I get a disk if someone can help get any symatec or Mcafee(if you see any) off my puter. Thanks

Title: Re: Registry....
Post by: evilfantasy on August 15, 2008, 10:29:55 PM

Norton Removal Tool (SymNRT) (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_2000XPVista/1169144666/1)

McAfee Consumer Product Removal Tool (http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html)

Title: Re: Registry....
Post by: tina1rules on August 15, 2008, 11:47:03 PM

If my computer had a face at the moment I would punch it,grrr.Niether pages will work. The Norten one goes to he page where it says sending you Nortenexe,then after a few secs I get a cannot display page.

And I think the Mcafee one is working now,but it seems to be frozen...

Title: Re: Registry....
Post by: evilfantasy on August 15, 2008, 11:50:11 PM

Alternate pages.

McAfee - http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033

Norton - http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039?OpenDocument

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 12:06:00 AM

MCAfee worked.
I still can't seem to get the download for the Norten,*sigh*

This comp had the 2006 one on it,then the ISP added it I think that may be the one I half uninstalled who knows but yeah I am gonna keep trying to get one of the two downloads to work. I think I have used the last link before though. I KNOW I have used a Norten removal tool before and i think it was the alternative link...

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 12:09:01 AM

Have you tried restarting the computer and then downloading it?

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 12:14:37 AM

Yeah after the Mcafee one completed it restarted. I used CCleaner also in case my history or w\\e was doing something. Its weird I can surf the net without any problems usually. I think Norten hates me for trying to uninstall it lol
I don't get the can't explore page until I am waiting for the download page on both sites..

And I am really mad that I hid my xp disk so I wouldn't lose it, to not being able to find it once again ha ha

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 12:34:13 AM

Download Registry Search (http://www.bleepingcomputer.com/files/regsearch.php)
(see the link titled RegSearch Download Link)

• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• Enter Norton in the top area of the form and then click "OK".
  
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
• Save the Notepad file and do the next search.

.

Now do a search for Symantec

Post both logs in the next reply.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 12:46:58 AM

I don't think I did it right,I clicked save and put it to desktop and when I click it 3 folders are inside...History.txt,Options.txt and regsearch.exe

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 12:48:03 AM

Doubleclick regsearch.exe to start the program.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 01:03:37 AM

first log searched for noton

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 8/16/2008 2:57:29 AM for strings:
;  'norton'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\164AFE3E38BEB3C4C974C2D1850A5155]
"ProductName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\41858184422AA74418AD17DB0285E0B1]
"ProductName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\61DC2AA5F6073f14785CB2A530F1B2B3]
"ProductName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9399EE5EF9522ED40832C5941EA6F434]
"ProductName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\CBA921A9A35A90242AE15DEDFD7BCC8A]
"ProductName"="Norton Protection Center"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E89B44E32BC3573469CA0FD41B885674]
"00000000000000000000000000000000"="C:\\PROGRA~1\\Symantec\\Norton AntiVirus\\rcOffcAV.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\164AFE3E38BEB3C4C974C2D1850A5155\InstallProperties]
"DisplayName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\41858184422AA74418AD17DB0285E0B1\InstallProperties]
"DisplayName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\61DC2AA5F6073f14785CB2A530F1B2B3\InstallProperties]
"DisplayName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9399EE5EF9522ED40832C5941EA6F434\InstallProperties]
"DisplayName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CBA921A9A35A90242AE15DEDFD7BCC8A\InstallProperties]
"DisplayName"="Norton Protection Center"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{48185814-A224-447A-81DA-71BD20580E1B}]
"DisplayName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}]
"DisplayName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}]
"DisplayName"="Norton Protection Center"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}]
"DisplayName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E5EE9939-259F-4DE2-8023-5C49E16A4F43}]
"DisplayName"="Norton Internet Security"

[HKEY_LOCAL_MACHINE\SOFTWARE\SymDebug\SPA]
"LogFile"="C:\\WINDOWS\\TEMP\\Norton_SPALOG_12_18_2007_44277421.txt"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Norton Security Online]

; End Of The Log...

umm how to i put an attachment? trhe second log is quite large.

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 01:07:58 AM

Upload the file to Savefile.com (http://savefile.com/upload.phpSelect/)
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 01:17:15 AM

your security settings do not allow websites to use Activex controls installed on your computer. This page may not be displayed correctly.

So I see no browse I see :Sorry, the file you are requesting was not found.
Probably it was deleted by administrator or file owner.
and an Upload button.

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 01:18:38 AM

Copy it into 2 or 3 posts here. Use as many posts as you need to get it all in.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 01:22:31 AM

00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 8/16/2008 3:00:12 AM for strings:
;  'symantec'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E39D1C81-7E76-4d84-9F25-E2CC76EC050B}]
"LocalService"="Symantec Core LC"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01745A4F-9372-4C50-943C-A43E9CB78505}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\cfLUCbk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01745A4F-9372-4C50-943C-A43E9CB78505}\ProgID]
@="Symantec.LUCallback.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01745A4F-9372-4C50-943C-A43E9CB78505}\VersionIndependentProgID]
@="Symantec.LUCallback"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}\ProgID]
@="Symantec.SymNeti.SymNetiProviderProxy.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}\VersionIndependentProgID]
@="Symantec.SymNeti.SymNetiProviderProxy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1CDAA7-9F9E-4BD2-A9A8-46E6F9082ED2}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\VAEngn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{117891BF-AE4C-4E57-959E-0E0CA7A71E48}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{117891BF-AE4C-4E57-959E-0E0CA7A71E48}\ToolboxBitmap32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll, 104"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleMa nager.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleMa nager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49BB73EE-2C2F-445E-82E3-E6E3380285BF}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.EventMan ager.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49BB73EE-2C2F-445E-82E3-E6E3380285BF}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.EventMan ager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E615E2C-1182-4AD4-B418-0F965533C7AA}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymCAbt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EA5E43F-0449-4CD8-9947-4EFAE455A4E8}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60C70E11-2B08-4798-B366-C8450CDA7B1A}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62FAA135-84EB-4225-B2D5-707DDB884B51}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62FAA135-84EB-4225-B2D5-707DDB884B51}\ToolboxBitmap32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}\ProgID]
@="Symantec.SymNeti.SubscriberProxy.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}\VersionIndependentProgID]
@="Symantec.SymNeti.SymNetiSubscriberProxy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppMgr32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\ProgID]
@="Symantec.AppCoreControl.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\VersionIndependentProgID]
@="Symantec.AppCoreControl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDEE0F0-ECD7-423c-BD1C-525ECBAC7E1B}\InprocServer32]
@="C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Symantec\\SyKnAppS\\SyKnAppS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8561D729-26CD-4F1C-9885-2BACD360E942}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\VAMngr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{891FC164-6BD4-4C84-8B3E-7FA1D17BF465}\LocalServer32]
@="\"C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\comHost.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\ProgID]
@="Symantec.CommonClient.ccSetMgr.Settings Service.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetMgr.Settings Service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90169F18-5957-4E7F-908A-D8FA3567C4D9}\InProcServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\VAMngrPS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98255521-6C76-4414-966D-7A951BDE4614}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\Options\\CLTWrap2.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98255521-6C76-4414-966D-7A951BDE4614}\ProgID]
@="Symantec.CLTWrap2.CLTDataProvider.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98255521-6C76-4414-966D-7A951BDE4614}\VersionIndependentProgID]
@="Symantec.CLTWrap2.CLTDataProvider"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A60EC303-E8A0-41D7-8ED2-6B14B7AF1A08}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymCAbt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6BCDF39-8909-45B1-B614-1231B027E78F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E77B9C-8FBF-4AA7-B72C-54063A86B6FC}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymCAbt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4CBA79-C223-43FC-B4CB-35AE95514FE6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4CBA79-C223-43FC-B4CB-35AE95514FE6}\ToolboxBitmap32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll, 102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6A93DBA-E8F0-4396-8D8C-D904ACDF428F}\InProcServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\VAScanPS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManag er.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManag er"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9A87C58-9683-4644-80BC-90D8462CE326}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}\ProgID]
@="Symantec.CommonClient.ccProSub.Subscrib erProxy.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}\VersionIndependentProgID]
@="Symantec.CommonClient.ccProSub.Subscrib erProxy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D969F2CE-CC93-4983-8693-C08B05DE88FE}\InProcServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\VAEngnPS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\ProgID]
@="Symantec.CommonClient.ccSetEvt.Settings ChangeEvent.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetEvt.Settings ChangeEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4F55570-2FF4-444F-9851-E04BA4E4B524}\InProcServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppMgr32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}\ProgID]
@="Symantec.CommonClient.ccProSub.Provider Proxy.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}\VersionIndependentProgID]
@="Symantec.CommonClient.ccProSub.Provider Proxy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE838C55-4248-4DCC-A88D-202C42623035}\InProcServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\14E7752989672F94F9FB82201D2679A0\SourceList]
; Contents of value:
;   n;1;C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt317\
"LastUsedSource"=hex(2):6e,00,3b,00,31,00,3b,00,43,00,3a,00,5c,00,44,00,4f,00,\
  43,00,55,00,4d,00,45,00,7e,00,31,00,5c,00,41,00,4c,00,4c,00,55,00,53,00,45,\
  00,7e,00,31,00,5c,00,41,00,50,00,50,00,4c,00,49,00,43,00,7e,00,31,00,5c,00,\
  53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,4c,00,49,00,56,00,45,\
  00,55,00,50,00,7e,00,31,00,5c,00,44,00,4f,00,57,00,4e,00,4c,00,4f,00,7e,00,\
  31,00,5c,00,55,00,70,00,64,00,74,00,33,00,31,00,37,00,5c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\14E7752989672F94F9FB82201D2679A0\SourceList\Net]
; Contents of value:
;   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt317\
"1"=hex(2):43,00,3a,00,5c,00,44,00,4f,00,43,00,55,00,4d,00,45,00,7e,00,31,00,\
  5c,00,41,00,4c,00,4c,00,55,00,53,00,45,00,7e,00,31,00,5c,00,41,00,50,00,50,\
  00,4c,00,49,00,43,00,7e,00,31,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
  65,00,63,00,5c,00,4c,00,49,00,56,00,45,00,55,00,50,00,7e,00,31,00,5c,00,44,\
  00,4f,00,57,00,4e,00,4c,00,4f,00,7e,00,31,00,5c,00,55,00,70,00,64,00,74,00,\
  33,00,31,00,37,00,5c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E15F5F6-D369-47db-BE42-B61270883572}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CfgWiz.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E15F5F6-D369-47db-BE42-B61270883572}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0]
@="Symantec Core LC Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{69F6EF22-AF43-456C-9E35-3D74FCA8291B}\1.0\0\win32]
@="C:\\PROGRA~1\\Symantec\\fwEvent.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{69F6EF22-AF43-456C-9E35-3D74FCA8291B}\1.0\HELPDIR]
@="C:\\PROGRA~1\\Symantec\\fwEvent.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{72F541D9-2BC5-4008-B472-3397E21F8651}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\Options\\CLTWrap2.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{72F541D9-2BC5-4008-B472-3397E21F8651}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\Options\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8D7B7DB1-15A9-442D-A36F-A5A6482C4CC6}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\cfLUCbk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8D7B7DB1-15A9-442D-A36F-A5A6482C4CC6}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2E3EE3F-31DD-4FBA-828B-9F39D7B7DB4B}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2E3EE3F-31DD-4FBA-828B-9F39D7B7DB4B}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AAE21EBE-9C71-4A59-B6E3-01CE433B0F29}\1.0\0\win32]
@="C:\\PROGRA~1\\Symantec\\ISLAlert.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AAE21EBE-9C71-4A59-B6E3-01CE433B0F29}\1.0\HELPDIR]
@="C:\\PROGRA~1\\Symantec\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B14921F5-FF0A-45C3-BC7E-0E598170D270}\1.0\0\win32]
@="C:\\PROGRA~1\\Symantec\\NisCfgWz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B14921F5-FF0A-45C3-BC7E-0E598170D270}\1.0\HELPDIR]
@="C:\\PROGRA~1\\Symantec\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB491B25-6E24-4C5A-8A12-D5B543205DBF}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB491B25-6E24-4C5A-8A12-D5B543205DBF}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE54081F-08ED-44AE-AE80-13DEAA19A44A}\0.0\0\win32]
@="C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Symantec\\SyKnAppS\\SyKnAppS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DFB23FF7-0DFA-457b-9450-EC75C8948C1E}\1.0\0\win32]
@="C:\\PROGRA~1\\Symantec\\isPwd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DFB23FF7-0DFA-457b-9450-EC75C8948C1E}\1.0\HELPDIR]
@="C:\\PROGRA~1\\Symantec\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe]
"PATH"="C:\\Program Files\\Common Files\\Symantec Shared\\;"
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MCUI32.exe]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\MCUI32.exe"
"Path"="C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\;C:\\Program Files\\Common Files\\Symantec Shared\\;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\uiStub.exe]
"Path"="C:\\Program Files\\Common Files\\Symantec Shared\\NPC\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\Temp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\MSL\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\IDS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\IDS\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\Temp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\Firewall\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\Options\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\NPC\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\COH\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\QBackup\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Freezer\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\LiveUpdate\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Updates\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\"="1"

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 01:26:08 AM

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\004C36741AEE44B488D180BEF3F6FA66]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppPlg32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00FEDD6F9E681CD45A971784F2F5C33C]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\readme.txt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\019654FC41AD84A42BAB6AB6C6997840]
"41858184422AA74418AD17DB0285E0B1"="C:\\PROGRA~1\\Symantec\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymCUW.loc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0232F4F056492164797F8C5B0B1B2578]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\SAM.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02963CCCAFEE30847AE42DDB3EEDFE74]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCWSCR2.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03A9FC3E3E95C0740A521901F8767CB1]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03C12E5BC49CE5841BB6DF27C3A5496D]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03FE058C68C13F949B357E5FD3543A60]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0424D70226BEDC242A6B519AB67A3C7B]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\VAUI.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04DEDDA6511C8C847B6D9188421615B3]
"41858184422AA74418AD17DB0285E0B1"="02:\\SOFTWARE\\Symantec\\CCPD\\CUW\\Modules\\{1717D63D-0995-4120-8DE7-0051ED05D378}\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04EE369DEB4A7D8468D9FA383FD49A64]
"61DC2AA5F6073f14785CB2A530F1B2B3"="02:\\Software\\Symantec\\CCPD\\SuiteOwners\\{BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840}\\ImplementedCategories\\{9AE3E39A-ACA8-45d0-9A03-35EAC2C52EAB}\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\057C1291E3AF4DC49804EAE83FB848B5]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\osCheck.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\075603C1A0A349649BF01150129CC6A5]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
"41858184422AA74418AD17DB0285E0B1"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07C5353B8B88CF841931E223A8F6FE1A]
"41858184422AA74418AD17DB0285E0B1"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymHost.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08BD09D4CDC879A4F8782F45101CACCA]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppSvc32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08EF0601A5A954D428154BFBCD054D5A]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\ISDataSv.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0919F779039492B4EBCBA4FE4D5FE167]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\PEPEvnt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\095A7E9480E2B75429BD44D554D067EE]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_IA.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\099321B84C2C2BB41851CA389FB70165]
"14E7752989672F94F9FB82201D2679A0"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Snd.spm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A778CF14065B88429721957612B5194]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_007.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B8AC16EE828F9045B85E4834AC823F7]
"41858184422AA74418AD17DB0285E0B1"="02:\\SOFTWARE\\Symantec\\Consumer Security Service\\SSAutoRN\\SKU\\{BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BA54A281EFF56F4C9A11DF6295073D2]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SPLVPlug.spm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C389EE5A5F174545BCA501441CE623E]
"41858184422AA74418AD17DB0285E0B1"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SMNLnch.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C8F566CEA001F943A1DEEF074599FDF]
"41858184422AA74418AD17DB0285E0B1"="C:\\Program Files\\Common Files\\Symantec Shared\\SMNLnch.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D2F0FCBB4AA60B4A8DE10C8A30A70A9]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NIS_007.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D9A455C5514F5C4D97127B0DCF7D7F0]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\LU_Sub.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DE0D10EE51026D46A5FD6C960B32DC7]
"F525BD4F689A94249BB8248A602615AC"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E78EB76F5E8848498F2D6CAD211E3E1]
"F525BD4F689A94249BB8248A602615AC"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Updates\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FA6288E0D72A7548BF5588B8FDBBAE0]
"41858184422AA74418AD17DB0285E0B1"="C:\\PROGRA~1\\Symantec\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymSubWz.loc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\101B4A5A93E58214E90CFEB7952382F0]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\Msg_Cntr.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10329A7AB213B0B4C90B545B39627A0F]
"41858184422AA74418AD17DB0285E0B1"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\ShrdRent.spm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10443376D000D0B46BDAD12E6D2EFBE9]
"41858184422AA74418AD17DB0285E0B1"="C:\\PROGRA~1\\Symantec\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\ewoc.loc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\11C0B9C3F384D374D80B5C4DE48D07F7]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\RuleUI.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\126A4A0DD2C5B994F9171B66877DDF1D]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\ISFWReg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12A05DBB74D0EA94E9187CB7C7493E77]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\npcWmiCl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\SymTheme.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\SymTheme.dll"

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 01:27:32 AM

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1354F2F01210C24408EB6988F4406D20]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\ISDataCl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13A7679611FA9da4F8C3696EF12AE5A0]
"41858184422AA74418AD17DB0285E0B1"="C:\\PROGRA~1\\Symantec\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymOSRes.loc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\145FDFDEEDAD7D54ABEDAB4C231A0972]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWRulMtn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6AE69D474F3F4CA40C97240884521]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16808795F439F7E488DF599DE0F71CC7]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\Temp\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16C5C1911ECFCE4489B8FE21429C2299]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isRes.grd"
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isRes.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1924EED7326AA2F4BBB5536E0E4567A0]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\VAMngrPS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19513656DD80D3F42BF0CB440281D136]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCPLUG2.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1992CF21290F3ED46A5BFA64916A4E2C]
"14E7752989672F94F9FB82201D2679A0"="C?\\Program Files\\Common Files\\Symantec Shared\\IDS\\IdsInst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19E2A33BE39764B41A3FA6A811E2430A]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWCmpCtl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19F7FFD7AA0BCEF42AE720006E45EDD8]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NIS_feat.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A951DB9A1F3F844A9148B18B292825F]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\SUBRES.loc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B070EE9DD504674082E7B2A08283353]
"41858184422AA74418AD17DB0285E0B1"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Symcuw.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D2A21950EF961E4A85E3B1FC298A50E]
"41858184422AA74418AD17DB0285E0B1"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F3633DEEE6A4064CB2B744F3977B740]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isPwdSvc.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F75BC56AB473534B90EF534B9A60EEE]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\faq.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20383D4B10B0E3346A8BD698FE0B295D]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\SNLog.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20F90FDA7EC33F14F98BE0D0DC4AA7B9]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\uiCFReg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21899B53A29020442BA85BF8D72752FC]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\IDS.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\228E90068313311439F6C353F09FEF37]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\EULA.txt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23227B2A7565F7C488801DD83F18F19B]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\CLTWrap.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\238E6F0B5CC52D54882A568ED8B660E7]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYMstart.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26E1EB6055C5D4940ACAB79E58F6A534]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\comHost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2712E50029C439E43A1A472E5234997D]
"9399EE5EF9522ED40832C5941EA6F434"="02:\\SOFTWARE\\Symantec\\CCPD\\SuiteOwners\\{F073BDC9-0D67-4ff0-879E-27241C843828}\\Children\\{0D7956A2-5A08-4ec2-A72C-DF8495A66016}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28DBA66371D20A4418CF39675BFBEE40]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\IMCfg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A0FE241FFEFFF842A931A326E5E9A8D]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppReg32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C8A8BE9137FE0240B18BE65BCFA2172]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWCfg.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E53A294F83182D45A3785356A851754]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccInst.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccInst.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FBD12C6E1C36EB47898A6183376494E]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\ISSvc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3024198938D653B4795B63A8E996F73D]
"41858184422AA74418AD17DB0285E0B1"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\CfgWiz.spm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3035C23AD68FA3942A5596F63D6CD691]
"41858184422AA74418AD17DB0285E0B1"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\cltBTPgS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32B553F205EFF944F83828B31AA17818]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\options.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\333D0370E776E1B449C9DDFB1103A97B]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\npcWmiMn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33DC2D2C146CECD4D83C5660FC330EAE]
"41858184422AA74418AD17DB0285E0B1"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymCAbt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33E62D4972BE6C840ADB2110FA96CC23]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\isUAC.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\353148F2ADB2C7348B654607D44BA4BF]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\cfLUCbk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3571CAAE9CB99C142A2C016A1D3371A6]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\rcAlert.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\rcAlert.dll"

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 01:28:26 AM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35E8816258E7F8F46A1927A9A4D6DD3A]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\PgmCtl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\364780A28F89D24489D4CFA643B4A9BC]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NIS_task.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3696CB9C1614D3C4EA196945CA36BB05]
"41858184422AA74418AD17DB0285E0B1"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymLTCOM.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\377CF6FF5358F5B44BA497E3649BFC56]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isPwd.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\SymHTML.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\SymHTML.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37ED516465EECD34EA2C3CEB0FFB164D]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\FWInst.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B314258F30DC584B92A830C21D2423C]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\Options\\VTCache.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C9A2AED576F5544193A0C5A8DC65BE7]
"14E7752989672F94F9FB82201D2679A0"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Snd.sig"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA427B765143CE49AE374435FA9E363]
"9399EE5EF9522ED40832C5941EA6F434"="C:\\Program Files\\Common Files\\Symantec Shared\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E5C13AD56B2A9B4B960D63E452F2D41]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\ISCFReg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E81A4DC21026924FB5FAF933085D236]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F917311821E3DB48A144FEB0ADD1B94]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\V_AutoLU.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40C594422C6BD8D4EAD0C54BB9EFD7AD]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SymTheme.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4195C25231CD14247835E2AA5BC26860]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\AVMail.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41F868EB9D0DFAD4E8BC09795F5451DC]
"41858184422AA74418AD17DB0285E0B1"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\432B6ED242778674495701239816F173]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_FD.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43BE7E834BB89F74EA8045BE46CCB3F5]
"14E7752989672F94F9FB82201D2679A0"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Snd.grd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\441567AAA28618C46A8BACAAC9BD2047]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ecmldr32.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4431A66BEDB7B38498C83E53F1C66F4E]
"41858184422AA74418AD17DB0285E0B1"="C:\\PROGRA~1\\Symantec\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CUWShr.Loc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\44A8A43282E88BC4B9CB4C2968054C27]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\452F176D393D2E842B78F854DF5D9D56]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccLgView.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4548528DFF5CC7144B23C22800826D59]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\VAMngr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4592EA26606A3594B976FD94299047B9]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\uiStub.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45ECC17136830F040BF82A2CFE8CF687]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\COH\\AHS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46B36A6ED9CF5754394713E70277AA69]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\PROGRA~1\\Symantec\\SetEvtHp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4736E56368C60AB449D90AF7BFB0F0C8]
"41858184422AA74418AD17DB0285E0B1"="C:\\PROGRA~1\\Symantec\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\LicPlug.loc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48F14AD033FE3EB4A87CDCEDC2AAE23B]
"41858184422AA74418AD17DB0285E0B1"="C:\\Program Files\\Common Files\\Symantec Shared\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BD24EE007DA4244BA62E7B91A0EB5A5]
"164AFE3E38BEB3C4C974C2D1850A5155"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\LU_003.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4C67B7268F2AF0547901B13C63922360]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\VACtrlRs.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CB829E5237898741983A2C0FB59BAEF]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
"61DC2AA5F6073f14785CB2A530F1B2B3"="C:\\Program Files\\Common Files\\Symantec Shared\\"
"41858184422AA74418AD17DB0285E0B1"="C:\\Program Files\\Common Files\\Symantec Shared\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FF4D36E2B0F3014B8DACE0950CF5ABC]
"61DC2AA5F6073f14785CB2A530F1B2B3"="C?\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\VACmpCtl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\501BACB76ED261848879D486E4208310]
"41858184422AA74418AD17DB0285E0B1"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\"

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 01:30:45 AM

OK thats enough.

I was going to make a Registry fix but I'm not comfortable removing that much from the Registry. Too many bad things can happen.

It's best to use the removal tool. I will look around for some more options.

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 01:35:16 AM

Follow this link and see if you can download the tool. Click on Download this file.

http://www.filedropper.com/nortonremovaltool_2

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 01:58:10 AM

I can not express how much I love you right now. I have posted this problem on many of forums. I ncluding this one somewhere else before.
I knew Norton was the Devil! I have been blocked from updates and things like poker stars and yahoo games(spelldown) for months literally months!
I freakin Love you! My internet connectivety issue is now resolved. My ghost(noton) firewall has been removed! wheeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

So now I prolly do not need the sfc. but what about that sotohuff thing you seen before is it dangerous? omg I jus love you!

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 02:05:23 AM

Yea, there was a lot of junk from Norton running on the computer.

Let's do some maintenance now.

Run CCleaner and also do the Registry cleaning. Make a backup when it prompts you to just in case.

Do this also to be thorough.

Delete temporary files

Go to:

• Start
• Run
• type: CLEANMGR.EXE
  
• Press Enter.

When prompted select the C: drive and click OK.
Check the boxes for:

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

.
Click OK or Enter

----------

Install and run this - Auslogics Registry Defrag (http://www.auslogics.com/registry-defrag)

Then do a disk defrag - Auslogics Disk Defrag (http://www.auslogics.com/disk-defrag)

Let me know how things are now.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 02:12:14 AM

I am not familiar with the registry cleaner on CC. I did the scam for issues things popped up but I didn't get a back option to click or anything.

And I don't know if this has to be done before the other steps so I thought I 'd ask
I don't wanna screw up.

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 02:19:10 AM

We will backup the Registry now so you don't have to use the CCleaner backup option.

Click on Start then Run and copy the following code into the command line.

Code: [Select]

regedit /e C:\BackupReg1.reg
Click the OK button or press the Enter key. This will save a copy of the Registry to a file (C:\BackupReg1.reg) on your local hard drive.

If there are any problems just go to C:\BackupReg1.reg and double click the BackupReg1.reg file.

Open CCleaner, on the left click Registry, then click Scan for Issues. Once it is done click Fix Selected Issues. Then again click Scan for Issues to see if anything else is found. Do that as many times as needed until nothing is found.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 02:55:05 AM

Okay al seems well. I did the CCleaner til it was clean. I did the registry defrag and a reboot.
Anything else?

ang again THANK YOU!

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 03:01:44 AM

Your welcome.

I think that's it. If anything else comes up just let us know and we'll try to track it down.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 03:04:54 AM

I really can't believe after like 10 months lol it I finally do not have a connectivity issue!
thanks!
File this one as solved wheeeeeeeeeeeeeeeeeeeeeeeeeeeeee

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 03:21:35 AM

Norton is a pain but this is a first for me, that it was blocking you from downloading the removal tool. I just wish I would have thought of hosting the file at File Dropper sooner. Would have saved us some brain cells!

I just realized I never posted this information. Work through it when you get a chance.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) or Windows Vista System Restore Guide  (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
.
----------

Use the  Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

If you are running any Microsoft Office version go to the Office Update (http://office.microsoft.com/search/redir.aspx?assetid=ES790020331033&CTT=96&Origin=CL100570421033) site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

----------

Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 (http://www.spreadfirefox.com/node&id=224248&t=324) with Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) and NoScript (http://noscript.net/)

To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
*  Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

I suggest using SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Check out  Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.

Also see  Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 03:39:56 AM

Okay cool. I have had windows updates off for quite sometime now,it used to do it automtically in the morning but it would not let my comp do anything. I would have to restore it back everytime,so I just disabled it.
And surely all my software needs updated Norton had a firewall up and NOTHING could get updated.
so cool cool I will work through these later and let you know how it all goes when I am done,which could be a few hours or days lol

Oh I have a Firefox question. I never have had that Browser before. I tried installing it,but..
so my question is can I have firefox and IE at the samre time? Because I really like IE for some of my games.
And I am sure firefox is on my system if I re-installed would the files merge with the one I already have,if you know what I mean.

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 04:06:21 AM

Yes you can run FF and IE both or separate. They won't bother each other. Installing a new version of FF will over write the old version.

The Windows updates are very important. There are critical security updates that patch vulnerabilities that malware can exploit.

For a good free (non intrusive) firewall.....

PC Tools Firewall Plus (http://www.pctools.com/firewall/)

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 01:09:53 PM

Okay so I a question. Now that Norton is removed I have updated my software with the latest updates I couldn't get before. I wanna make sure everything is clean before I back any else up. I have C:back-up files on my Comp already from where I restored once when I didn't know anything about computers yet. So all my scans go through and scan the back-up files as well,which makes my scans super long. Is there away to not scan the back-up. Also if I back up the registry will I have like 3 systems worth of files on my comp?

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 01:36:49 PM

You should delete the old backup files and create a new one. You can burn it to a CD so it isn't taking up space on the computer. Backing up the registry is OK but you are only backing up the system settings basically. Your not backing up documents and your programs etc.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 01:43:30 PM

Sweet can you give me links showing how to do this. Burning to a CD,just like a regular one you could put music on?

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 02:05:54 PM

You can try this one. I haven't used it in a while so am a bit rusty with using it. It's pretty straight forward from what I remember. http://www.majorgeeks.com/Karens_Replicator_d3917.html

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 02:17:19 PM

Does AVG keep logs? It popped up in the corner saying something about 105 threats?

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 02:18:10 PM

Run a scan with it and fix anything found.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 02:38:45 PM

Hmm I found the log and everything but one was from my back-up. ::)

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 02:49:40 PM

The AVG log?

Go into the AVG settings and empty the Quarantine.

Title: Re: Registry....
Post by: tina1rules on August 16, 2008, 03:54:32 PM

Now I have a bin file missing from AVG,and I am not protected.
Also this link http://www.majorgeeks.com/Karens_Replicator_d3917.html i went to download it and it like tptally stalled at 45% for like 45 mins so I cancelled it.
fyi...rebooting right quick.

Title: Re: Registry....
Post by: evilfantasy on August 16, 2008, 03:56:42 PM

You may nee3d to reinstall AVG.

Try downloading from Karens site. http://www.karenware.com/powertools/ptreplicator.asp

Title: Re: Registry....
Post by: evilfantasy on August 17, 2008, 11:37:28 AM

Quote

Now I have a bin file missing from AVG,and I am not protected.

There was a corrupt download released by AVG yesterday. It has been fixed with a new update.

Title: Re: Registry....
Post by: tina1rules on August 20, 2008, 05:43:08 PM

Quote from: evilfantasy on August 17, 2008, 11:37:28 AM

Quote

Now I have a bin file missing from AVG,and I am not protected.

There was a corrupt download released by AVG yesterday. It has been fixed with a new update.

Oh I understand,thanks.

So I am trying to run Spybot-search & destroy,but everytime I do It wants to run through the Set-up Wizard. It dose this every single I have ever tried to use it. I have 3 icons for it on my comp,one from before,2&3 are from me trying to figure out how to update it.I also do not see in in my add\remove program lists.
I am trying to make sure(in between irl crap)that I have everything in order before I delete my back-up files and make new ones. ~Thanks.

Title: Re: Registry....
Post by: evilfantasy on August 20, 2008, 06:26:05 PM

Go to C:\Program Files and look for the Spybot folder(s) See if there is an uninstaller in them to uninstall all of them.

Title: Re: Registry....
Post by: tina1rules on August 20, 2008, 06:41:09 PM

okay,none of them say uninstaller. I found it using search.
I should know how to get to C:documents,but I can't seem to remeber.

Title: Re: Registry....
Post by: evilfantasy on August 20, 2008, 08:16:45 PM

Enable Viewing Of Hidden System Files & Folders

Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select Show hidden files and folders.
  
• Uncheck Hide protected operating system files (recommended) option.
  
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
  
• Click OK

Title: Re: Registry....
Post by: tina1rules on August 20, 2008, 09:27:53 PM

okay I did.

Title: Re: Registry....
Post by: evilfantasy on August 20, 2008, 09:30:21 PM

Download to your desktop ISeeYouXP.exe by ShadowPuterDude (http://downloads.malwareteks.com/ISeeYouXP.exe)
Next double-click on ISeeYouXP.exe on your Desktop.
 
ISeeYouXP.exe will self-extract ISeeYouXP to C:\ISeeYouXP and place a .bat file on your Desktop.

Double-click ISeeYouXP.bat to run the script.

Once complete a log will be saved to the Desktop named ISeeYouXP.txt.
           
Post the following logs in your next reply:
ISeeYouXP.txt

If the ISeeYouXP .bat file does not extract to the Desktop. Double-click My Computer on the Desktop and navigate to the ISeeYouXP folder located in the C: drive. Double-click the ISeeYouXP.bat file to run the program.

Upload the file to Savefile.com (http://savefile.com/upload.phpSelect/)
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.

Title: Re: Registry....
Post by: tina1rules on August 20, 2008, 10:21:06 PM

okay so I clicked the link,and the download began. Is it suposed to be running in a cmd prompt box? and does it usually take a long time its been running about 30 mins now.

Okay sorry it just finished I will edit in my link in  a sec.

http://www.savefile.com/files/1742155

Title: Re: Registry....
Post by: tina1rules on August 20, 2008, 11:41:37 PM

okay I think I did everything right thank you again Evilfantasy I really appreciate it.

Title: Re: Registry....
Post by: evilfantasy on August 21, 2008, 12:42:50 PM

Uninstall Java(TM) 6 Update 5

I thought I might be able to find where they are installed by that log but I don't see it. Have you tried deleting the desktop shortcut and reinstalling Spybot?

Title: Re: Registry....
Post by: tina1rules on August 21, 2008, 07:02:16 PM

I uninstalled the Java(TM) update.
Deleting the shortcut worked.
Now I am confused as to how to use this  http://www.majorgeeks.com/Karens_Replicator_d3917.html
 
Thanks again.

Title: Re: Registry....
Post by: evilfantasy on August 21, 2008, 07:52:51 PM

Download the software and use it to backup your important files. Put them on a disk or flash drive.

http://www.karenware.com/powertools/ptreplicator.asp

Title: Re: Registry....
Post by: tina1rules on August 21, 2008, 08:21:35 PM

Its downloaded

Title: Re: Registry....
Post by: tina1rules on August 23, 2008, 12:17:35 AM

I think you misunderstood.  I do not know how to use this software. I tried to find a tutorial but couldn't. I don't know what anything means. you said you weren't to familiar with this program so maybe if you could direct someone to me that does...

I don't wanna be a bother I see all the threads you all are dealing with its just I learned so much since the start of this post,and I just want to have a clean system backed-up instead of the dirty one....

Maybe one day I can help ya all out :)

Also I am in no rush,deal with the people who have infections first.

Title: Re: Registry....
Post by: evilfantasy on August 23, 2008, 01:49:54 PM

Try this first. I forget that XP has a backup utility built in.

http://www.microsoft.com/windowsxp/using/setup/learnmore/bott_03july14.mspx