View Full Version : virtumonde / smitfraud-c.coreservice / zenosearch / directrack / deewoo
soseberg
2008-09-24, 10:09
thank you all for your efforts on this site. i wish i had found the forum sooner, as i spent an inordinate amount of time researching my comoputer infections...
my son severely infected my computer to the point where I thought I might have to reinstall the os – I was not looking forward to it - he was using bit torrent peering for WOW, and claimed the problems started when he tried to download a "free" limewire update – these ad/aml/spyware programs are so insidious they would open explorer even when I was not running a browser & the pop-up ads were bad so I disabled wifi & created a password for explorer to open any pages – repeated spybot runs helped me limp along mostly resolving service denial issues for yahoo, google etc. the malware/Trojans would always reappear – also, my PC would often randomly turn off in the middle of a scan, as id these bad boys knew they were being scanned, thus never completing - I was unable to force safemode using [F8] - for some reason, my logon credentials were denied. weird. I disabled teatimer since the warnings were so prolific, my machine would lock up & I had no clue which registry mods I should allow (or not) so I typically said no - I knew I had registry corruptions, but I am not experienced with registry cleaning
here’s what I have done to date (& no more popups! YAY!)
I think there might be a few remaining items I should manually remove & I would appreciate experienced eyes to review my logs that follow
1) download & run ccleaner, log follows
2) download & run combofix, log follows
I did experience an unexpected behavior when combofix shut down my machine – I thought it would restart to safemode, but it shutdown & I manually powered up again; however, when my pc manually restarted, the log file still was created – hopefully I did this correctly
3) download & run hijackthis, log follows
4) reactivated teatimer, log follows
a bunch of registry mods were generated; I denied some and accepted some – I hope I chose correctly…
ccleaner:
ACT! Premium 2006
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Standard
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
ALPS Touch Pad Driver
anagram
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
bc635PCI Demonstration Software
Broadcom Gigabit Integrated Controller
CCleaner (remove only)
CDBurnerXP Pro 3
C-Major Audio
Compatibility Pack for the 2007 Office system
Curitel PC Card Software
CutePDF Writer 2.5
Diablo II
DivX Web Player
eFax Messenger 4.3
Free iPod Video Converter 1.34
GTK+ Runtime 2.10.11 rev b (remove only)
HijackThis 2.0.2
HP Image Zone Express
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06
Java Media Framework 2.1.1c
Java(TM) 6 Update 3
Lexmark Software Uninstall
LiveUpdate 2.0 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 5.3
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.1)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Netflix Movie Viewer
Picasa 2
QuickSet
QuickTime
Spybot - Search & Destroy
Symantec AntiVirus
The KMPlayer (remove only)
Time Zone Data Update Tool for Microsoft Office Outlook
TPRO-TSAT WDM PCI Driver
VISUAL Manufacturing
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
combofix:
ComboFix 08-09-22.06 - soseberg 2008-09-23 17:55:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.132 [GMT -7:00]
Running from: C:\Documents and Settings\soseberg\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\soseberg\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\soseberg\Application Data\CURITY~1
C:\Documents and Settings\soseberg\Application Data\CURITY~1\?explore.exe
C:\Documents and Settings\soseberg\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\soseberg\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\soseberg\services.exe
C:\Documents and Settings\soseberg\Start Menu\Programs\Startup\Deewoo.lnk
C:\Program Files\BChanger
C:\Program Files\BChanger\data.dat
C:\Program Files\GetPack
C:\Program Files\GetPack\dictame.gz
C:\Program Files\GetPack\trgtame.gz
C:\Program Files\ymante~1
C:\Program Files\ymante~1\?ymantec\
C:\Program Files\ymante~1\spool32.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b158.exe
C:\WINDOWS\BMe338b560.txt
C:\WINDOWS\BMe338b560.xml
C:\WINDOWS\faceback.exe
C:\WINDOWS\mrofinu1188.exe.tmp
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afkhph.dll
C:\WINDOWS\system32\arvoxeto.dll
C:\WINDOWS\system32\atvljjkp.dll
C:\WINDOWS\system32\aukhvbaj.dll
C:\WINDOWS\system32\autodis.dll
C:\WINDOWS\system32\awtqnLDv.dll
C:\WINDOWS\system32\awtutrrO.dll
C:\WINDOWS\system32\axjsliip.exe
C:\WINDOWS\system32\bdfixnml.exe
C:\WINDOWS\system32\bhdtxf.dll
C:\WINDOWS\system32\bmlxad.dll
C:\WINDOWS\system32\byXRigFu.dll
C:\WINDOWS\system32\cbaejisf.ini
C:\WINDOWS\system32\cLknWvut.ini
C:\WINDOWS\system32\cmakcjvr.dll
C:\WINDOWS\system32\czxxsh.dll
C:\WINDOWS\system32\ddcYppml.dll
C:\WINDOWS\system32\DKUFNqss.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\miverlog.dat
C:\WINDOWS\system32\drivers\tosdvdd.sys
C:\WINDOWS\system32\dtqdfrbq.exe
C:\WINDOWS\system32\dwcsfuco.dll
C:\WINDOWS\system32\ehodbumj.dll
C:\WINDOWS\system32\enpfijiv.dll
C:\WINDOWS\system32\fsijeabc.dll
C:\WINDOWS\system32\fxmgcrfc.dll
C:\WINDOWS\system32\gcisdwcr.ini
C:\WINDOWS\system32\gdogol.dll
C:\WINDOWS\system32\geBrqolk.dll
C:\WINDOWS\system32\geBuuvUN.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\gulmrplr.dll
C:\WINDOWS\system32\guujbc.dll
C:\WINDOWS\system32\hfyospri.dll
C:\WINDOWS\system32\hpokjikt.exe
C:\WINDOWS\system32\htvdkvqh.ini
C:\WINDOWS\system32\ifhfisps.dll
C:\WINDOWS\system32\ifsrculr.dll
C:\WINDOWS\system32\iifedbcy.dll
C:\WINDOWS\system32\iiygydde.exe
C:\WINDOWS\system32\jeoslcnw.exe
C:\WINDOWS\system32\jkkIXpNh.dll
C:\WINDOWS\system32\jotyxmld.dll
C:\WINDOWS\system32\jpcotk.dll
C:\WINDOWS\system32\jwsdwnmi.dll
C:\WINDOWS\system32\kglskfdp.dll
C:\WINDOWS\system32\khfGaYsq.dll
C:\WINDOWS\system32\khfggeeE.dll
C:\WINDOWS\system32\kmxisl.dll
C:\WINDOWS\system32\kvfind.dll
C:\WINDOWS\system32\ljJaWOge.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\medjfu.dll
C:\WINDOWS\system32\mftdjpnk.dll
C:\WINDOWS\system32\mlJdeBrq.dll
C:\WINDOWS\system32\mlJYsttQ.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mTAdMUtv.ini
C:\WINDOWS\system32\MWxbayxx.ini
C:\WINDOWS\system32\nfonxbpy.dll
C:\WINDOWS\system32\nnnkIaWo.dll
C:\WINDOWS\system32\nnnOHXNE.dll
C:\WINDOWS\system32\nyhfvjsa.ini
C:\WINDOWS\system32\ohyjxlih.dll
C:\WINDOWS\system32\opnlJywv.dll
C:\WINDOWS\system32\oqiovnwa.dll
C:\WINDOWS\system32\otjefckx.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnkHYQj.dll
C:\WINDOWS\system32\pwcejmrv.dll
C:\WINDOWS\system32\qacdnkgm.dll
C:\WINDOWS\system32\qrtwyJjl.ini
C:\WINDOWS\system32\qswpfmft.dll
C:\WINDOWS\system32\raspriuk.dll
C:\WINDOWS\system32\rbxvbnqo.ini
C:\WINDOWS\system32\riffqqls.dll
C:\WINDOWS\system32\rnwnw64s.exe
C:\WINDOWS\system32\rqRHaBTm.dll
C:\WINDOWS\system32\rqRKETKA.dll
C:\WINDOWS\system32\rucridnb.ini
C:\WINDOWS\system32\sjcikd.dll
C:\WINDOWS\system32\spteggnc.dll
C:\WINDOWS\system32\ssqNEvsS.dll
C:\WINDOWS\system32\tfepeksk.dll
C:\WINDOWS\system32\tuvTNGvW.dll
C:\WINDOWS\system32\txtajdxo.exe
C:\WINDOWS\system32\UEhkmUvw.ini
C:\WINDOWS\system32\UEhkmUvw.ini2
C:\WINDOWS\system32\uisjwypp.dll
C:\WINDOWS\system32\urqrpqOg.dll
C:\WINDOWS\system32\uuubqwpq.dll
C:\WINDOWS\system32\uvbyslgk.dll
C:\WINDOWS\system32\uwdnds.dll
C:\WINDOWS\system32\uyuoptif.exe
C:\WINDOWS\system32\vacldkhw.dll
C:\WINDOWS\system32\vaiathqw.dll
C:\WINDOWS\system32\vhmjcy.dll
C:\WINDOWS\system32\visgykqi.ini
C:\WINDOWS\system32\vrmjecwp.ini
C:\WINDOWS\system32\vtUMdATm.dll
C:\WINDOWS\system32\vtUmNEVO.dll
C:\WINDOWS\system32\vtUoOEvW.dll
C:\WINDOWS\system32\vuprkopd.dll
C:\WINDOWS\system32\vvrrxsfj.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wtlbinkp.dll
C:\WINDOWS\system32\wuglmv.dll
C:\WINDOWS\system32\wupfsabc.dll
C:\WINDOWS\system32\wvUmkhEU.dll
C:\WINDOWS\system32\wwohmyix.dll
C:\WINDOWS\system32\xiymhoww.ini
C:\WINDOWS\system32\xkcfejto.ini
C:\WINDOWS\system32\xkwims.dll
C:\WINDOWS\system32\xmfnweqi.dll
C:\WINDOWS\system32\xxdlvgei.dll
C:\WINDOWS\system32\xxefxz.dll
C:\WINDOWS\system32\xxyyyATL.dll
C:\WINDOWS\system32\xydfocpc.dll
C:\WINDOWS\system32\yayxYSlJ.dll
C:\WINDOWS\system32\yenssbwb.ini
C:\WINDOWS\system32\yhushvqk.dll
C:\WINDOWS\system32\yisiknfa.ini
C:\WINDOWS\system32\ylyybujc.dll
C:\WINDOWS\system32\yocetcjt.dll
C:\WINDOWS\system32\zxdnt3d.cfg
----- BITS: Possible infected sites -----
hxxp://visual
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KILRXCSV
-------\Legacy_TOSDVDD
-------\Service_kilrxcsv
-------\Service_tosdvdd
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\CCleaner
2008-09-23 16:31 . 2008-09-23 16:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-20 12:33 . 2008-09-20 12:33 <DIR> d-------- C:\Program Files\Microsoft Games
2008-09-20 01:09 . 2008-09-20 01:09 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-09-20 01:09 . 2008-09-20 01:40 41,509 --a------ C:\WINDOWS\DIIUnin.dat
2008-09-20 01:09 . 2008-09-20 01:09 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-09-17 02:13 . 2008-09-23 14:46 <DIR> d-------- C:\WINDOWS\system32\mC02
2008-09-17 02:13 . 2008-09-17 02:13 <DIR> d-------- C:\Temp\mtc2
2008-09-16 19:23 . 2008-09-20 01:38 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-09-16 19:23 . 2008-09-20 01:38 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-09-16 19:23 . 2008-09-20 01:38 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-08-29 13:35 . 2008-09-22 19:18 <DIR> d-------- C:\WINDOWS\system32\wTR02
2008-08-29 13:35 . 2008-08-29 13:35 <DIR> d-------- C:\Temp\dax41
2008-08-29 12:57 . 2008-08-29 12:57 5,120 --a------ C:\WINDOWS\system32\drivers\ktlfolnp.dat
2008-08-26 12:09 . 2008-05-29 11:34 60,928 --a------ C:\WINDOWS\system32\jcta.dll
2008-08-26 11:50 . 2008-09-03 12:29 <DIR> d-------- C:\WINDOWS\system32\usp
2008-08-26 11:50 . 2008-08-26 11:50 <DIR> d-------- C:\WINDOWS\system32\tep
2008-08-26 11:50 . 2008-09-03 12:29 <DIR> d-------- C:\WINDOWS\system32\spol
2008-08-26 11:50 . 2008-08-26 11:50 <DIR> d-------- C:\WINDOWS\system32\jr
2008-08-26 11:50 . 2008-08-26 11:51 548,928 --a------ C:\WINDOWS\system32\lcntttdl.exe
2008-08-26 11:50 . 2008-08-26 11:50 153,483 --a------ C:\WINDOWS\system32\g6.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 23:23 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-22 06:44 --------- d-----w C:\Program Files\Viewpoint
2008-09-22 06:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-20 07:52 --------- d-----w C:\Program Files\BitLord
2008-09-19 04:16 --------- d-----w C:\Program Files\InterActual
2008-09-17 09:09 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-05 04:19 --------- d-----w C:\Program Files\Conduit
2008-09-02 21:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 20:04 --------- d-----w C:\Documents and Settings\soseberg\Application Data\LimeWire
2008-08-29 20:03 --------- d-----w C:\Program Files\LimeWire
2008-08-27 18:30 --------- d-----w C:\Program Files\Mjcore
2008-08-25 18:32 --------- d-----w C:\Program Files\Google
2008-08-21 08:48 --------- d-----w C:\Program Files\Verizon Wireless
2008-08-21 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-19 12:24 103,936 ----a-w C:\WINDOWS\faceback1188.exe
2008-08-18 21:51 355 ----a-w C:\334.bat
2008-08-18 21:42 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\Scanner
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\aolback
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\ComcastToolbar
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-18 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-08-10 18:57 77 ----a-w C:\Documents and Settings\soseberg\9123.bat
2008-08-05 06:37 --------- d-----w C:\Program Files\Picasa2
2008-08-02 02:54 --------- d-----w C:\Documents and Settings\soseberg\Application Data\Uniblue
2008-08-02 02:03 --------- d-----w C:\Program Files\Bonjour
2008-07-28 08:46 --------- d-----w C:\Documents and Settings\soseberg\Application Data\Ventrilo
2008-06-28 01:38 53,248 --sh--w C:\Documents and Settings\soseberg\winlogon.exe
2007-01-23 12:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
2006-08-23 20:52 56 --sh--r C:\WINDOWS\system32\7BF3C4AD00.sys
2008-02-20 05:14 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD33E819-2187-5F06-AA3D-7AA2EDBA4CE6}]
2008-05-29 11:34 60928 --a------ C:\WINDOWS\system32\jcta.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD33E81B-2186-5C76-AA3E-79A2E6B44C9C}]
2008-05-29 11:34 60928 --a------ C:\WINDOWS\system32\jcta.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zuctok"="C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe" [?]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2006-06-14 53248]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"Windows Logon Applicationedc"="C:\Documents and Settings\soseberg\winlogon.exe" [2008-06-27 53248]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-05 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 176128]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2008-06-22 629248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vhmjcy.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\soseberg\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\act.scheduler.exe [2006-08-23 53248]
S2 ClockDaemon;Clock Daemon;C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe [ ]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
hijackthis logfile and startup list:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30, on 2008-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\soseberg\winlogon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: (no name) - {DD33E819-2187-5F06-AA3D-7AA2EDBA4CE6} - C:\WINDOWS\system32\jcta.dll
O2 - BHO: (no name) - {DD33E81B-2186-5C76-AA3E-79A2E6B44C9C} - C:\WINDOWS\system32\jcta.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\soseberg\winlogon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Zuctok] "C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O20 - AppInit_DLLs: vhmjcy.dll
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9183 bytes
StartupList report, 9/23/2008, 4:43:55 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Documents and Settings\soseberg\winlogon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\lcntttdl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\PROGRA~1\YMANTE~1\spool32.exe
C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\soseberg\Start Menu\Programs\Startup]
Deewoo.lnk = C:\WINDOWS\system32\lcntttdl.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
IntelZeroConfig = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
Windows Logon Applicationedc = C:\Documents and Settings\soseberg\winlogon.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Apoint = C:\Program Files\Apoint\Apoint.exe
ExploreUpdSched = C:\WINDOWS\system32\lcntttdl.exe DWram03FF
e00b86fc = rundll32.exe "C:\WINDOWS\system32\vtUMdATm.dll",b
BMe338b560 = Rundll32.exe "C:\WINDOWS\system32\hfyospri.dll",s
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Uniblue RegistryBooster 2 = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
DrvMon.exe = C:\WINDOWS\system32\DrvMon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
Tair = "C:\PROGRA~1\YMANTE~1\spool32.exe" -vt ndrv
Zuctok = "C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe"
muuw = C:\Program Files\InetGet2\stub109_4_0_4_0.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=vhmjcy.dll
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 8,220 bytes
Report generated in 0.219 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
[U]teatimer:
2008-09-23 19:13:40 Denied (based on user decision) value "SpybotDeletingB4360" (new data: "") deleted in System Startup user entry!
2008-09-23 19:13:46 Denied (based on user decision) value "SpybotDeletingD4192" (new data: "") deleted in System Startup user entry!
2008-09-23 19:14:33 Denied (based on user decision) value "SpybotDeletingD8620" (new data: "") deleted in System Startup user entry!
2008-09-23 19:21:32 Denied (based on user decision) value "SpybotDeletingB4360" (new data: "") deleted in System Startup user entry!
2008-09-23 19:22:54 Denied (based on user decision) value "SpybotDeletingD4192" (new data: "") deleted in System Startup user entry!
2008-09-23 19:23:23 Allowed (based on user decision) value "SpybotDeletingD8620" (new data: "") deleted in System Startup user entry!
2008-09-23 19:23:23 Allowed (based on lassh blacklist) value "UserFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -u") added in System Startup global entry!
2008-09-23 19:24:20 Denied (based on user decision) value "{B8-86-65-53-DW}" (new data: "") deleted in System Startup global entry!
2008-09-23 19:25:14 Allowed (based on user decision) value "{a7759adb-c3ca-c23d-a4e8-cb386ed24140}" (new data: "") deleted in System Startup global entry!
2008-09-23 19:25:42 Allowed (based on user decision) value "ExploreUpdSched" (new data: "") deleted in System Startup global entry!
2008-09-23 19:27:04 Allowed (based on user decision) value "BMe338b560" (new data: "") deleted in System Startup global entry!
2008-09-23 19:27:38 Allowed (based on user decision) value "e00b86fc" (new data: "") deleted in System Startup global entry!
2008-09-23 19:28:33 Allowed (based on user decision) value "{8a33937f-911b-3b9f-e647-88e4ea3bf891}" (new data: "") deleted in System Startup global entry!
Do NOT run 'fixes' before helpers have analyzed HJT log (http://forums.spybot.info/showthread.php?t=16806)
soseberg
2008-10-01, 02:43
Teatimer is warning me of a systme32 key change - i think both entries are bad, but teatimer does not allow me to deny the change - the same request keeps appearing although a click on deny change (existing value is nyscyigl.dll",s):
2008-09-30 17:27:30 Denied (based on user decision) value "BMe338b560" (new data: "Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s") changed in System Startup global entry!
2008-09-30 17:34:48 Denied (based on user decision) value "BMe338b560" (new data: "Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s") changed in System Startup global entry!
2008-09-30 17:34:48 Allowed (based on user whitelist) value "e00b86fc" (new data: "") deleted in System Startup global entry!
2008-09-30 17:34:58 Denied (based on user decision) value "{8a1314e3-e0ac-433b-8f3b-2545f7ad1298}" (new data: "") added in Browser Helper Object!
2008-09-30 17:35:15 Denied (based on user decision) value "BMe338b560" (new data: "Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s") changed in System Startup global entry!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28, on 2008-09-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf
Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and
Settings\soseberg\winlogon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BMe338b560] Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program
Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Zuctok] "C:\Documents and Settings\soseberg\Application
Data\??curity\?explore.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact -
{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... -
{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.ca
b?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.ca
b?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O20 - AppInit_DLLs: vhmjcy.dll fnqnpc.dll pdogiy.dll jsvdgs.dll, ynejda.dll
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for
windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and
Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file
missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -
C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation -
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. -
C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common
Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation -
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation -
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation -
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9638 bytes
Hi soseberg
The formatting of your post is messed up. This is caused by having Word Wrap checked.
1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears unchecked.
After that, please post back a fresh HijackThis log :)
soseberg
2008-10-01, 23:42
i have unchecked word wrap. here is the log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38, on 2008-10-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\winmine.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\soseberg\winlogon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BMe338b560] Rundll32.exe "C:\WINDOWS\system32\bqiedxlk.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9396] command /c del "C:\WINDOWS\system32\bqiedxlk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9639] cmd /c del "C:\WINDOWS\system32\bqiedxlk.dll_old"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Zuctok] "C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4144] command /c del "C:\WINDOWS\system32\bqiedxlk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2205] cmd /c del "C:\WINDOWS\system32\bqiedxlk.dll_old"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O20 - AppInit_DLLs: vhmjcy.dll fnqnpc.dll pdogiy.dll jsvdgs.dll, ynejda.dll
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10025 bytes
Re-run combofix and let it update itself if it finds a newer version.
Post back a fresh HijackThis log and a fresh combofix log, please.
soseberg
2008-10-02, 16:23
updated & ran combo fix, log follows:
upon reboot, just b4 powerdown, got a missing dll error, catchme.cfexe; while powering up, got one of thise pesky system32 errors.
(question: is combofix supposed to rest my default browser to IE?)
ComboFix 08-10-01.02 - soseberg 2008-10-02 6:40:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.211 [GMT -7:00]
Running from: C:\Documents and Settings\soseberg\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMe338b560.txt
C:\WINDOWS\BMe338b560.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akggoxyo.dll
C:\WINDOWS\system32\amowqbvu.ini
C:\WINDOWS\system32\cjehfucm.dll
C:\WINDOWS\system32\eujgpjal.ini
C:\WINDOWS\system32\fihowizu.dll
C:\WINDOWS\system32\fnqnpc.dll
C:\WINDOWS\system32\fsjdkoxt.dll
C:\WINDOWS\system32\gkdovx.dll
C:\WINDOWS\system32\guvegavu.dll
C:\WINDOWS\system32\hcibcrvm.ini
C:\WINDOWS\system32\hqanfmgr.dll
C:\WINDOWS\system32\jklllnnn.ini
C:\WINDOWS\system32\jklllnnn.ini2
C:\WINDOWS\system32\jlhwwr.dll
C:\WINDOWS\system32\jrsumeit.dll
C:\WINDOWS\system32\jsvdgs.dll
C:\WINDOWS\system32\khfCtqNh.dll
C:\WINDOWS\system32\lajpgjue.dll
C:\WINDOWS\system32\lomehane.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcufhejc.ini
C:\WINDOWS\system32\mlJCUMGX.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvrcbich.dll
C:\WINDOWS\system32\nevxfygr.dll
C:\WINDOWS\system32\nnnlllkj.dll
C:\WINDOWS\system32\nowrjwup.dll
C:\WINDOWS\system32\olircmut.dll
C:\WINDOWS\system32\owrnllns.ini
C:\WINDOWS\system32\oyxoggka.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pdogiy.dll
C:\WINDOWS\system32\rgyfxven.ini
C:\WINDOWS\system32\rtusvw.dll
C:\WINDOWS\system32\snnproxe.dll
C:\WINDOWS\system32\ucqufrdp.dll
C:\WINDOWS\system32\uvbqwoma.dll
C:\WINDOWS\system32\vfenrnpw.dll
C:\WINDOWS\system32\vkiclljh.dll
C:\WINDOWS\system32\vqgvihru.dll
C:\WINDOWS\system32\wlkbcegy.dll
C:\WINDOWS\system32\ygecbklw.ini
C:\WINDOWS\system32\ynejda.dll
C:\WINDOWS\Tasks\znmclagv.job
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete
----- BITS: Possible infected sites -----
hxxp://77.74.48.101
.
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.
2008-09-28 16:06 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 19:57 . 2008-09-25 19:57 <DIR> d-------- C:\Program Files\Sun
2008-09-25 09:50 . 2008-09-25 09:52 <DIR> d-------- C:\Documents and Settings\soseberg\Application Data\SiteAdvisor
2008-09-25 09:50 . 2008-09-25 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-25 09:50 . 2008-09-25 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-24 21:31 . 2008-09-24 21:31 77,824 --ahs---- C:\WINDOWS\system32\ssqNeEuv.dll
2008-09-24 05:42 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-24 02:15 . 2008-09-24 02:28 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\CCleaner
2008-09-23 16:31 . 2008-09-23 16:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-20 12:33 . 2008-09-20 12:33 <DIR> d-------- C:\Program Files\Microsoft Games
2008-09-20 01:09 . 2008-09-20 01:09 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-09-20 01:09 . 2008-09-20 01:40 41,509 --a------ C:\WINDOWS\DIIUnin.dat
2008-09-20 01:09 . 2008-09-20 01:09 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-09-17 02:13 . 2008-09-25 21:16 <DIR> d-------- C:\WINDOWS\system32\mC02
2008-09-17 02:13 . 2008-09-17 02:13 <DIR> d-------- C:\Temp\mtc2
2008-09-16 19:23 . 2008-09-20 01:38 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-09-16 19:23 . 2008-09-20 01:38 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-09-16 19:23 . 2008-09-20 01:38 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 14:00 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-28 23:06 --------- d-----w C:\Program Files\Java
2008-09-25 16:21 --------- d-----w C:\Program Files\Mjcore
2008-09-24 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 06:44 --------- d-----w C:\Program Files\Viewpoint
2008-09-22 06:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-20 07:52 --------- d-----w C:\Program Files\BitLord
2008-09-19 04:16 --------- d-----w C:\Program Files\InterActual
2008-09-17 09:09 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-05 04:19 --------- d-----w C:\Program Files\Conduit
2008-09-02 21:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 20:04 --------- d-----w C:\Documents and Settings\soseberg\Application Data\LimeWire
2008-08-29 20:03 --------- d-----w C:\Program Files\LimeWire
2008-08-25 18:32 --------- d-----w C:\Program Files\Google
2008-08-21 08:48 --------- d-----w C:\Program Files\Verizon Wireless
2008-08-21 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 21:51 355 ----a-w C:\334.bat
2008-08-18 21:42 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\Scanner
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\aolback
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\ComcastToolbar
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-18 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-08-10 18:57 77 ----a-w C:\Documents and Settings\soseberg\9123.bat
2008-08-05 06:37 --------- d-----w C:\Program Files\Picasa2
2008-08-02 02:54 --------- d-----w C:\Documents and Settings\soseberg\Application Data\Uniblue
2008-08-02 02:03 --------- d-----w C:\Program Files\Bonjour
2007-01-23 12:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
2006-08-23 20:52 56 --sh--r C:\WINDOWS\system32\7BF3C4AD00.sys
2008-02-20 05:14 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-09-23_18.26.12.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2008-07-19 05:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
- 2006-08-23 17:17:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-30 19:01:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2006-08-23 17:17:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-30 19:01:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-29 03:02:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
- 2006-08-23 17:17:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-30 19:01:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-05-09 14:50:00 75,736 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 05:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-04-17 05:45:48 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 05:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-04-17 05:45:20 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-04-17 05:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-04-17 05:45:42 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 05:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-04-17 05:47:36 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 05:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-04-17 05:45:36 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-31 02:19:46 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2007-09-25 06:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-25 06:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 07:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-05-17 19:23:38 579,888 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-21 01:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-09-25 16:47:28 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2005-05-26 08:19:32 178,408 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2007-07-31 02:18:34 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2008-07-19 05:09:44 563,912 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.784\wuapi.dll
+ 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2006-09-26 00:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2008-03-20 21:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
- 2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2008-07-19 05:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-07-19 05:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 02:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-10-02 14:00:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_510.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zuctok"="C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe" [?]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2006-06-14 53248]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-05 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BMe338b560"="C:\WINDOWS\system32\vqgvihru.dll"
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2008-06-22 629248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\soseberg\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\act.scheduler.exe [2006-08-23 53248]
S2 ClockDaemon;Clock Daemon;C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe [ ]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 69632]
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7199ba-5293-11dc-b410-00123f1296c3}]
\Shell\AutoRun\command - E:\Loaderw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f70f64ae-6863-11db-b37c-00123f1296c3}]
\Shell\AutoRun\command - F:\Loaderw.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{0a09ca12-5bae-19cc-88c4-073b4d808e66} - (no file)
BHO-{1E1170B7-2BDD-4709-982A-9BF0D16977D1} - C:\WINDOWS\system32\nnnlllkj.dll
BHO-{2699F491-8103-478D-AB09-CB204B84EF64} - (no file)
BHO-{2C072730-2688-4E86-B619-CAD1D33F6C3C} - (no file)
BHO-{300677A5-EEB2-429A-9498-FADC1EBE7400} - (no file)
BHO-{30B58F52-3B18-4571-B6DA-8224C1D438EA} - (no file)
BHO-{3988F3C4-7992-412B-B413-8BDDC16176B3} - (no file)
BHO-{55A848A9-3DEB-4FF1-91D6-F7A64BD06DEA} - (no file)
BHO-{7E5E4C26-B8BA-4ADB-A3E0-7026279BB610} - (no file)
BHO-{9D0E61B0-E08D-4305-9EDD-BDD379DF05B3} - (no file)
BHO-{A49E9AC0-3C5D-4FF1-BE91-D34A212DA320} - (no file)
BHO-{D1ED7B09-08B0-405B-B416-D28343F0FFA7} - (no file)
BHO-{db3121b0-f36e-4142-a206-afa13774236a} - C:\WINDOWS\system32\gkdovx.dll
BHO-{DD33E819-2187-5F06-AA3D-7AA2EDBA4CE6} - C:\WINDOWS\system32\jcta.dll
BHO-{DD33E81B-2186-5C76-AA3E-79A2E6B44C9C} - C:\WINDOWS\system32\jcta.dll
BHO-{e6f48a45-874f-4723-736b-2238bdc192b7} - (no file)
BHO-{EB338DB6-EC2C-456B-B5AD-ED97FB489684} - C:\WINDOWS\system32\mlJCUMGX.dll
BHO-{f4550eb7-8988-af49-346f-461dc9e02214} - (no file)
BHO-{fa941c6f-2936-4104-8d5f-22f090b8f9f2} - (no file)
HKLM-Run-Windows Logon Applicationedc - C:\Documents and Settings\soseberg\winlogon.exe
ShellExecuteHooks-{EB338DB6-EC2C-456B-B5AD-ED97FB489684} - C:\WINDOWS\system32\mlJCUMGX.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\soseberg\Application Data\Mozilla\Firefox\Profiles\5kq5zkxq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Documents and Settings\soseberg\Application Data\Mozilla\Firefox\Profiles\5kq5zkxq.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppsynth.dll
FF -: plugin - C:\WINDOWS\system32\Photosynth\nppsynth.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 07:02:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-10-02 7:06:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-02 14:06:48
ComboFix2.txt 2008-09-24 01:26:38
Pre-Run: 17,829,801,984 bytes free
Post-Run: 17,889,120,256 bytes free
327 --- E O F --- 2007-12-13 15:51:21
[B]new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:14, on 2008-10-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BMe338b560] Rundll32.exe "C:\WINDOWS\system32\vqgvihru.dll",s
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Zuctok] "C:\Documents and Settings\soseberg\Application Data\??curity\?explore.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10057 bytes
"question: is combofix supposed to rest my default browser to IE?"
Yes it is. You can change it later.
Are both avast! and Norton antivirus up-to-date?
soseberg
2008-10-02, 16:51
avast is up-to-date; it is set to update automatically, and just updated this morning. i don't use the symantec - it probably hasn't updated in 6-mos. or so. I tried removing some time ago but whomever installed the SW used a password to prevent uninstallation.
ps. already update my default browser to firefox.
See (http://www.raymond.cc/blog/archives/2006/12/05/password-to-uninstall-symantec-antivirus-client/) and post back if it helped.
soseberg
2008-10-02, 17:56
very kewl - thx so much for this info
I successfully edited the symantec password registry key UseVPUninstallPassword at:
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\
when i try to use add/remove programs, i get the message "fatal error during installation"
will try the norton uninstall program referenced in the blog now.
OK, enable windows firewall before that and post a fresh HijackThis log afterwards :)
soseberg
2008-10-02, 18:08
there are 3-sites referenced in the disable uninstall symantec password (http://www.raymond.cc/blog/archives/2006/12/05/password-to-uninstall-symantec-antivirus-client/) blog:
(1) pcauthorities (http://www.pcauthorities.com/uninstall/uninstall-antivirus.html?gclid=CMyhrdj0iJYCFQ89awod3We1Fg)
(2) simpleuninstaller.com (http://simpleuninstaller.com/?s=g)
(3) pctuneuptips (http://www.pctuneuptips.com/recommends/uninstall/?gclid=CIPax8v0iJYCFQRfagodgWLRFA)
is there any preference?
This (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=bar_sch_nam&docid=2004092711224136&nsf=nip.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=&seg=ag) is the official tool :)
soseberg
2008-10-02, 19:04
tried running the norton removal tool downloaded from the symantec site - the SW tells me that i must use add/remove programs to remove symantec antivirus 9 or later before I can use the norton removal tool. ARGH!
If I click on symantic antivirus supportino in add/remove programs, there is a repair option. should I try repairing? any other suggestions?
Sure you can :)
If no go, you can try those other tools - but I've never used/ask anyone to use them so that will happen at your own risk then.
soseberg
2008-10-02, 20:25
so
All the 3-sites referenced above in the disable uninstall symantec password blog download a program called perfect uninstaller that is advertised to remove norton, among many others, however, when reading the license agreement after download, one must purchase a license to actually remove anything
Seems the referenced blog may be an advert for perfect uninstaller.
Tried to repair symantic antivirus via the support link in add/remove programs, but the Symantec Antivirus server is required.
I guess I am stuck with Symantec for now. I am thinking I should post this as a separate issue after we are done here. What do you think?
Then we will remove it manually a bit later, now most of it.
Open notepad and copy/paste the text in the codebox below into it:
File::
C:\WINDOWS\system32\ssqNeEuv.dll
Folder::
C:\WINDOWS\system32\mC02
C:\Temp\mtc2
C:\Program Files\BitLord
C:\Documents and Settings\soseberg\Application Data\LimeWire
C:\Program Files\LimeWire
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Symantec AntiVirus
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zuctok"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMe338b560"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
soseberg
2008-10-02, 21:55
I ran combofix and dragged the cfscript file from below onto the combofix icon. combofix asked me to download updates again (i had already done so this morning - so i hope i did it correctly - i am guessing the updates are not saved to combofix.exe & that i would need to download a fresh version).
combofix ran fine - but it did not force my machine to reboot this time. also, the task bar disappeared, so i restarted using ctrl-alt-del.
the diabloII in the bitlord folder is a microsoft game my boys play - is there an issue with this game? (i did delete the bitlord folder, as you recommended)
combofix log:
(the HJT log will follow in a separate post, as I ran out of room in this post)
ComboFix 08-10-01.06 - soseberg 2008-10-02 12:25:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.141 [GMT -7:00]
Running from: C:\Documents and Settings\soseberg\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\soseberg\Desktop\troubleshooting\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\ssqNeEuv.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\soseberg\Application Data\LimeWire
C:\Documents and Settings\soseberg\Application Data\LimeWire\active.mojito
C:\Documents and Settings\soseberg\Application Data\LimeWire\certificate\limewire.keystore
C:\Documents and Settings\soseberg\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\downloads.dat
C:\Documents and Settings\soseberg\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\soseberg\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\filters.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\soseberg\Application Data\LimeWire\installation.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\library.dat
C:\Documents and Settings\soseberg\Application Data\LimeWire\limewire.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\mojito.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\passive.mojito
C:\Documents and Settings\soseberg\Application Data\LimeWire\promotion\promodb.backup
C:\Documents and Settings\soseberg\Application Data\LimeWire\promotion\promodb.data
C:\Documents and Settings\soseberg\Application Data\LimeWire\promotion\promodb.properties
C:\Documents and Settings\soseberg\Application Data\LimeWire\promotion\promodb.script
C:\Documents and Settings\soseberg\Application Data\LimeWire\questions.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\responses.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\soseberg\Application Data\LimeWire\spam.dat
C:\Documents and Settings\soseberg\Application Data\LimeWire\tables.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\soseberg\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\soseberg\Application Data\LimeWire\ttrees.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\ttroot.cache
C:\Documents and Settings\soseberg\Application Data\LimeWire\version.xml
C:\Documents and Settings\soseberg\Application Data\LimeWire\versions.props
C:\Documents and Settings\soseberg\Application Data\LimeWire\xml\data\video.sxml2
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\BitLord
C:\Program Files\BitLord\BitLord.xml
C:\Program Files\BitLord\Diablo II\binkw32.dll
C:\Program Files\BitLord\Diablo II\bncache.dat
C:\Program Files\BitLord\Diablo II\Bnclient.dll
C:\Program Files\BitLord\Diablo II\BnetLog.txt
C:\Program Files\BitLord\Diablo II\BNUpdate.exe
C:\Program Files\BitLord\Diablo II\bnupdate.log
C:\Program Files\BitLord\Diablo II\D2.LNG
C:\Program Files\BitLord\Diablo II\D2080929.txt
C:\Program Files\BitLord\Diablo II\D2080930.txt
C:\Program Files\BitLord\Diablo II\D2081001.txt
C:\Program Files\BitLord\Diablo II\d2char.mpq
C:\Program Files\BitLord\Diablo II\D2Client.dll
C:\Program Files\BitLord\Diablo II\D2CMP.dll
C:\Program Files\BitLord\Diablo II\D2Common.dll
C:\Program Files\BitLord\Diablo II\d2data.mpq
C:\Program Files\BitLord\Diablo II\D2DDraw.dll
C:\Program Files\BitLord\Diablo II\D2Direct3D.dll
C:\Program Files\BitLord\Diablo II\d2exp.mpq
C:\Program Files\BitLord\Diablo II\D2Game.dll
C:\Program Files\BitLord\Diablo II\D2Gdi.dll
C:\Program Files\BitLord\Diablo II\D2gfx.dll
C:\Program Files\BitLord\Diablo II\D2Glide.dll
C:\Program Files\BitLord\Diablo II\D2Lang.dll
C:\Program Files\BitLord\Diablo II\D2Launch.dll
C:\Program Files\BitLord\Diablo II\D2MCPClient.dll
C:\Program Files\BitLord\Diablo II\D2Multi.dll
C:\Program Files\BitLord\Diablo II\d2music.mpq
C:\Program Files\BitLord\Diablo II\D2Net.dll
C:\Program Files\BitLord\Diablo II\d2readme.htm
C:\Program Files\BitLord\Diablo II\d2sfx.mpq
C:\Program Files\BitLord\Diablo II\D2sound.dll
C:\Program Files\BitLord\Diablo II\d2speech.mpq
C:\Program Files\BitLord\Diablo II\d2video.mpq
C:\Program Files\BitLord\Diablo II\D2VidTst.exe
C:\Program Files\BitLord\Diablo II\D2Win.dll
C:\Program Files\BitLord\Diablo II\D2xMusic.mpq
C:\Program Files\BitLord\Diablo II\d2xtalk.mpq
C:\Program Files\BitLord\Diablo II\D2xVideo.mpq
C:\Program Files\BitLord\Diablo II\default.key
C:\Program Files\BitLord\Diablo II\Diablo II.exe
C:\Program Files\BitLord\Diablo II\Fog.dll
C:\Program Files\BitLord\Diablo II\Game.exe
C:\Program Files\BitLord\Diablo II\ijl11.dll
C:\Program Files\BitLord\Diablo II\Install.log
C:\Program Files\BitLord\Diablo II\License.html
C:\Program Files\BitLord\Diablo II\Patch.txt
C:\Program Files\BitLord\Diablo II\patch_d2.mpq
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.key
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.ma0
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.ma1
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.ma2
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.ma3
C:\Program Files\BitLord\Diablo II\save\USWest\filthysmellyvag.map
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.key
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.ma0
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.ma1
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.ma2
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.ma3
C:\Program Files\BitLord\Diablo II\save\USWest\jewroaster.map
C:\Program Files\BitLord\Diablo II\save\USWest\negromacerr.key
C:\Program Files\BitLord\Diablo II\save\USWest\negromacerr.ma0
C:\Program Files\BitLord\Diablo II\save\USWest\negromacerr.map
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.key
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.ma0
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.ma1
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.ma2
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.ma3
C:\Program Files\BitLord\Diablo II\save\USWest\skankassHOE.map
C:\Program Files\BitLord\Diablo II\save\USWest\sneakylittlerat.key
C:\Program Files\BitLord\Diablo II\save\USWest\sneakylittlerat.ma0
C:\Program Files\BitLord\Diablo II\save\USWest\sneakylittlerat.map
C:\Program Files\BitLord\Diablo II\SmackW32.dll
C:\Program Files\BitLord\Diablo II\Storm.dll
C:\Program Files\BitLord\Diablo II\support\bnet\channels.htm
C:\Program Files\BitLord\Diablo II\support\bnet\char.htm
C:\Program Files\BitLord\Diablo II\support\bnet\commands.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\16bit.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\account.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\appver.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\cdkey.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\index.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\inuse.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\manually.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\noname.htm
C:\Program Files\BitLord\Diablo II\support\bnet\errors\password.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\chatboot.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\harass.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\index.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\symbols.htm
C:\Program Files\BitLord\Diablo II\support\bnet\general\symobls.htm
C:\Program Files\BitLord\Diablo II\support\bnet\index.htm
C:\Program Files\BitLord\Diablo II\support\bnet\latency.htm
C:\Program Files\BitLord\Diablo II\support\d2\accessv.htm
C:\Program Files\BitLord\Diablo II\support\d2\alt_tab.htm
C:\Program Files\BitLord\Diablo II\support\d2\altav.htm
C:\Program Files\BitLord\Diablo II\support\d2\blckedge.htm
C:\Program Files\BitLord\Diablo II\support\d2\cd.htm
C:\Program Files\BitLord\Diablo II\support\d2\choppy.htm
C:\Program Files\BitLord\Diablo II\support\d2\contact.htm
C:\Program Files\BitLord\Diablo II\support\d2\corpse.htm
C:\Program Files\BitLord\Diablo II\support\d2\cr.htm
C:\Program Files\BitLord\Diablo II\support\d2\d2music.htm
C:\Program Files\BitLord\Diablo II\support\d2\death.htm
C:\Program Files\BitLord\Diablo II\support\d2\drivers.htm
C:\Program Files\BitLord\Diablo II\support\d2\errors.htm
C:\Program Files\BitLord\Diablo II\support\d2\hardcore.htm
C:\Program Files\BitLord\Diablo II\support\d2\icontact.htm
C:\Program Files\BitLord\Diablo II\support\d2\index.htm
C:\Program Files\BitLord\Diablo II\support\d2\legalfaq.htm
C:\Program Files\BitLord\Diablo II\support\d2\minreq.htm
C:\Program Files\BitLord\Diablo II\support\d2\msinfo.htm
C:\Program Files\BitLord\Diablo II\support\d2\realm.htm
C:\Program Files\BitLord\Diablo II\support\d2\sprite.htm
C:\Program Files\BitLord\Diablo II\support\d2\tech.htm
C:\Program Files\BitLord\Diablo II\support\d2\terms.htm
C:\Program Files\BitLord\Diablo II\support\d2\unique.htm
C:\Program Files\BitLord\Diablo II\support\d2\vendors.htm
C:\Program Files\BitLord\Diablo II\support\d2\vid_mode.htm
C:\Program Files\BitLord\Diablo II\support\d2\windows.htm
C:\Program Files\BitLord\Diablo II\support\images\arrows\left.gif
C:\Program Files\BitLord\Diablo II\support\images\arrows\right.gif
C:\Program Files\BitLord\Diablo II\support\images\bnet.gif
C:\Program Files\BitLord\Diablo II\support\images\bnet.jpg
C:\Program Files\BitLord\Diablo II\support\images\cd.gif
C:\Program Files\BitLord\Diablo II\support\images\cd.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\bhood.gif
C:\Program Files\BitLord\Diablo II\support\images\char\BHood.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\blizrep.gif
C:\Program Files\BitLord\Diablo II\support\images\char\BlizRep.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\chat.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Chat.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\diablo.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Diablo.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\ghood.gif
C:\Program Files\BitLord\Diablo II\support\images\char\GHood.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\medic.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Medic.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\mod.gif
C:\Program Files\BitLord\Diablo II\support\images\char\mod.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\referee.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Referee.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\sc.gif
C:\Program Files\BitLord\Diablo II\support\images\char\SC.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\speaker.gif
C:\Program Files\BitLord\Diablo II\support\images\char\Speaker.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\sysop.gif
C:\Program Files\BitLord\Diablo II\support\images\char\SysOp.jpg
C:\Program Files\BitLord\Diablo II\support\images\char\war2bne.gif
C:\Program Files\BitLord\Diablo II\support\images\char\War2Bne.jpg
C:\Program Files\BitLord\Diablo II\support\images\common.gif
C:\Program Files\BitLord\Diablo II\support\images\common.jpg
C:\Program Files\BitLord\Diablo II\support\images\d2logo.jpg
C:\Program Files\BitLord\Diablo II\support\images\diablo2.gif
C:\Program Files\BitLord\Diablo II\support\images\diablo2.jpg
C:\Program Files\BitLord\Diablo II\support\images\lat.gif
C:\Program Files\BitLord\Diablo II\support\images\lat.jpg
C:\Program Files\BitLord\Diablo II\support\images\msproxy\clnt1.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\clnt2.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\clnt3.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\clnt4.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp1.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp10.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp2.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp3.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp4.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp5.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp6.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp7.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp8.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msp9.gif
C:\Program Files\BitLord\Diablo II\support\images\msproxy\msproxy.gif
C:\Program Files\BitLord\Diablo II\support\images\proxy.gif
C:\Program Files\BitLord\Diablo II\support\images\proxy.jpg
C:\Program Files\BitLord\Diablo II\support\images\readme.gif
C:\Program Files\BitLord\Diablo II\support\images\readme.jpg
C:\Program Files\BitLord\Diablo II\support\images\wingate\sc.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\sc1.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\sc2.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\sc3.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg1.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg2.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg3.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg4.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wg5.gif
C:\Program Files\BitLord\Diablo II\support\images\wingate\wingate.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\sc.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\sc1.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\sc2.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\sc3.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\winproxy.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\wp1.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\wp2.gif
C:\Program Files\BitLord\Diablo II\support\images\winproxy\wp3.gif
C:\Program Files\BitLord\Diablo II\support\include\support.css
C:\Program Files\BitLord\Diablo II\support\index.htm
C:\Program Files\BitLord\Diablo II\xreadme.htm
C:\Program Files\BitLord\Downloads.xml
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar - 101 - The Boy In The Iceberg & 102 - The Avatar Returns.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar - 104 - The Warriors Of Kyoshi.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E03.-.The.Southern.Air.Temple.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E05.-.The.King.of.Omashu.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E06.-.Imprisoned.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E07.-.The.Spirit.World.(Winter.Solstice,Part.One).DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E08.-.Avatar.Roku.(Winter.Solstice,Part.Two).DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E09.-.The.Waterbending.Scroll.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E10.-.Jet.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E11.-.The.Great.Divide.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E12.-.The.Storm.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E13.-.The.Blue.Spirit.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E14.-.The.Fortuneteller.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E15.-.Bato.of.the.Water.Tribe.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E16.-.The.Deserter.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E17.-.The.Northern.Air.Temple.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E18.-.The.Waterbending.Master.DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E19.-.The.Siege.of.the.North.(Part.One).DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 1 - Water\Avatar.The.Last.Airbender.-.S01E20.-.The.Siege.of.the.North.(Part.Two).DVDRip.XviD [WatchAvatarTV.com].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 05 - Avatar Day.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 10 - The Library.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 11 - The Desert.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 12 - The Serpent's Pass (Secret Of the Fire Nation Part 1).mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 13 - The Drill.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 14 - City of Walls and Secrets.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 16 - Appa's Lost Days.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 17 - Lake Laogai.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 18 - The Earth King.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 19 & 20 (The Guru, The Crossroads of Destiny) .mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 6 - The Blind Bandit.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 7 - Zuko Alone.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 - Chapter 8 - Chase.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Chapter 1 - The Avatar State.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Chapter 15 - Tales of Ba Sing Se.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Chapter 9 - Bitter Work.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Earth - Chapter 03- Return to Omashu.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Earth - Chapter 2 - The Cave of Two Lovers.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 2 - Earth\Avatar - The Last Airbender - Book 2 Earth - Chapter 4 - The Swamp.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar- The Last Airbender - Book 3- chapter 10 - The day of the black sun part 1 The invasion.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - 06 - The Avatar and the Firelord [Eng)].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 03 - The Painted Lady.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 1 - The Awakening.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 11 - The Day of Black Sun part 2 the eclipse.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 12 - The Western Air Temple [C-W].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 14 - The Boiling Rock, Part 1.mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 15 - The Boiling Rock, Part 2.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 2 - The Headband.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 4 - Sokka's Master' [NICK-usotsuki] [4BD71D1D].avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 5 - The Beach.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 7 - The Runaway.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 8 - The Puppetmaster.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar - The Last Airbender - Book 3 - Chapter 9 - (Nightmares and Daydreams).avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar 318-321 Sozin's Comet [Common].mp4
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar The Last Airbender - book 3 - chapter 13 - The Firebending Masters.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar the Last Airbender - Book 3 - Chapter 16 - The Southern Raiders.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\Avatar The Last Airbender - Book 3 Chapters 18-21 - Sozin's Comet.avi
C:\Program Files\BitLord\Downloads\Avatar\Book 3 - Fire\The Avatar - 317 - The Ember Island Players {C_P}.avi
C:\Program Files\BitLord\lang\lang_ar_ae.xml
C:\Program Files\BitLord\lang\lang_bg_bg.xml
C:\Program Files\BitLord\lang\lang_ca_es.xml
C:\Program Files\BitLord\lang\lang_cz_cz.xml
C:\Program Files\BitLord\lang\lang_da_dk.xml
C:\Program Files\BitLord\lang\lang_de_de.xml
C:\Program Files\BitLord\lang\lang_el_gr.xml
C:\Program Files\BitLord\lang\lang_en_us.xml
C:\Program Files\BitLord\lang\lang_es_ar.xml
C:\Program Files\BitLord\lang\lang_es_es.xml
C:\Program Files\BitLord\lang\lang_et_ee.xml
C:\Program Files\BitLord\lang\lang_fi_fi.xml
C:\Program Files\BitLord\lang\lang_fr_fr.xml
C:\Program Files\BitLord\lang\lang_gl_es.xml
C:\Program Files\BitLord\lang\lang_he_il.xml
C:\Program Files\BitLord\lang\lang_hu_hu.xml
C:\Program Files\BitLord\lang\lang_it_it.xml
C:\Program Files\BitLord\lang\lang_jp_jp.xml
C:\Program Files\BitLord\lang\lang_ko_kr.xml
C:\Program Files\BitLord\lang\lang_nb_no.xml
C:\Program Files\BitLord\lang\lang_nl_nl.xml
C:\Program Files\BitLord\lang\lang_pl_pl.xml
C:\Program Files\BitLord\lang\lang_pt_br.xml
C:\Program Files\BitLord\lang\lang_pt_pt.xml
C:\Program Files\BitLord\lang\lang_ro_ro.xml
C:\Program Files\BitLord\lang\lang_ru_ru.xml
C:\Program Files\BitLord\lang\lang_sk_sk.xml
C:\Program Files\BitLord\lang\lang_sl_si.xml
C:\Program Files\BitLord\lang\lang_sr_sr.xml
C:\Program Files\BitLord\lang\lang_sv_se.xml
C:\Program Files\BitLord\lang\lang_th_th.xml
C:\Program Files\BitLord\lang\lang_tr_tr.xml
C:\Program Files\BitLord\lang\lang_va_es.xml
C:\Program Files\BitLord\lang\lang_zh_tw.xml
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccDec.dll
C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll
C:\Program Files\Common Files\Symantec Shared\ccErrDsp.dll
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.CHM
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\Program Files\Common Files\Symantec Shared\ccProd.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccPwd.dll
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccScan.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\ccWebWnd.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2EXE.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2MIME.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
C:\Program Files\Common Files\Symantec Shared\Decomposers\DecSDK.dll
C:\Program Files\Common Files\Symantec Shared\Default.rul
C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
C:\Program Files\Common Files\Symantec Shared\Help\LUALL.chm
C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSCoLU.exe
C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSLU.exe
C:\Program Files\Common Files\Symantec Shared\Persist.BAK
C:\Program Files\Common Files\Symantec Shared\Persist.Dat
C:\Program Files\Common Files\Symantec Shared\sevinst.exe
C:\Program Files\Common Files\Symantec Shared\SNDInst.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SSC\ExchngUI.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\IMailUI.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDDateTm.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDVPDlgs.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDVPTask.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\ldvpui.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\LDVPView.ocx
C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll
C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll
C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
C:\Program Files\Common Files\Symantec Shared\SSC\webshell.dll
C:\Program Files\Common Files\Symantec Shared\Validate.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\cceraser.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ERASER.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ERASER.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ERASER.spm
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ERASER.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\esrdef.bin
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SymErase.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\SymErase.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\vscanmsx.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070914.008\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\cceraser.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ERASER.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ERASER.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ERASER.spm
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ERASER.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\esrdef.bin
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SymErase.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\SymErase.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\vscanmsx.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070921.019\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\catalog.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecbootil.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\hh
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.exp
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.exp
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ncsacert.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\scrauth.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan7.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan8.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan9.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\technote.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinf.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfidx.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfl.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1hd.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan1.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan2.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan3.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan4.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan5.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan6.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan7.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\whatsnew.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\zdone.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\lulock.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\TextHub\virscant.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\usage.dat
C:\Program Files\LimeWire
C:\Program Files\LimeWire\hs_err_pid3876.log
C:\Program Files\LimeWire\lib\aopalliance.jar
C:\Program Files\LimeWire\lib\clink.jar
C:\Program Files\LimeWire\lib\commons-codec-1.3.jar
C:\Program Files\LimeWire\lib\commons-logging.jar
C:\Program Files\LimeWire\lib\commons-net.jar
C:\Program Files\LimeWire\lib\daap.jar
C:\Program Files\LimeWire\lib\dnsjava.jar
C:\Program Files\LimeWire\lib\forms.jar
C:\Program Files\LimeWire\lib\foxtrot.jar
C:\Program Files\LimeWire\lib\gettext-commons.jar
C:\Program Files\LimeWire\lib\guice-1.0.jar
C:\Program Files\LimeWire\lib\hsqldb.jar
C:\Program Files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
C:\Program Files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
C:\Program Files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
C:\Program Files\LimeWire\lib\icu4j.jar
C:\Program Files\LimeWire\lib\jaudiotagger.jar
C:\Program Files\LimeWire\lib\jcraft.jar
C:\Program Files\LimeWire\lib\jdic.dll
C:\Program Files\LimeWire\lib\jdic.jar
C:\Program Files\LimeWire\lib\jdic_stub.jar
C:\Program Files\LimeWire\lib\jflac.jar
C:\Program Files\LimeWire\lib\jl.jar
C:\Program Files\LimeWire\lib\jmdns.jar
C:\Program Files\LimeWire\lib\jogg.jar
C:\Program Files\LimeWire\lib\jorbis.jar
C:\Program Files\LimeWire\lib\LimeWire.jar
C:\Program Files\LimeWire\lib\log4j.jar
C:\Program Files\LimeWire\lib\looks.jar
C:\Program Files\LimeWire\lib\messages.jar
C:\Program Files\LimeWire\lib\mp3spi.jar
C:\Program Files\LimeWire\lib\onion-common.jar
C:\Program Files\LimeWire\lib\onion-fec.jar
C:\Program Files\LimeWire\lib\ProgressTabs.jar
C:\Program Files\LimeWire\lib\swt.jar
C:\Program Files\LimeWire\lib\SystemUtilities.dll
C:\Program Files\LimeWire\lib\themes.jar
C:\Program Files\LimeWire\lib\tray.dll
C:\Program Files\LimeWire\lib\tritonus.jar
C:\Program Files\LimeWire\lib\vorbisspi.jar
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Symantec AntiVirus
C:\Program Files\Symantec AntiVirus\Cliproxy.dll
C:\Program Files\Symantec AntiVirus\Cliscan.dll
C:\Program Files\Symantec AntiVirus\clninst.bat
C:\Program Files\Symantec AntiVirus\COUNTRY.DAT
C:\Program Files\Symantec AntiVirus\Dec2.dll
C:\Program Files\Symantec AntiVirus\Dec2AMG.dll
C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll
C:\Program Files\Symantec AntiVirus\Dec2CAB.dll
C:\Program Files\Symantec AntiVirus\Dec2EXE.dll
C:\Program Files\Symantec AntiVirus\Dec2GHO.dll
C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll
C:\Program Files\Symantec AntiVirus\Dec2HQX.dll
C:\Program Files\Symantec AntiVirus\Dec2ID.dll
C:\Program Files\Symantec AntiVirus\Dec2LHA.dll
C:\Program Files\Symantec AntiVirus\Dec2LZ.dll
C:\Program Files\Symantec AntiVirus\Dec2MIME.dll
C:\Program Files\Symantec AntiVirus\Dec2RTF.dll
C:\Program Files\Symantec AntiVirus\Dec2SS.dll
C:\Program Files\Symantec AntiVirus\Dec2TAR.dll
C:\Program Files\Symantec AntiVirus\Dec2Text.dll
C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll
C:\Program Files\Symantec AntiVirus\Dec2UUE.dll
C:\Program Files\Symantec AntiVirus\Dec2Zip.dll
C:\Program Files\Symantec AntiVirus\Dec3.cfg
C:\Program Files\Symantec AntiVirus\DecSDK.dll
C:\Program Files\Symantec AntiVirus\Default.hst
C:\Program Files\Symantec AntiVirus\DefUtDCD.dll
C:\Program Files\Symantec AntiVirus\DefUtDCS.dll
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\DWHWizrd.exe
C:\Program Files\Symantec AntiVirus\ecmldr32.DLL
C:\Program Files\Symantec AntiVirus\I2ldvp3.dll
C:\Program Files\Symantec AntiVirus\IMail.dll
C:\Program Files\Symantec AntiVirus\LDVPREG.exe
C:\Program Files\Symantec AntiVirus\LuaWrap.exe
C:\Program Files\Symantec AntiVirus\LuHstEdt.dll
C:\Program Files\Symantec AntiVirus\NAVAPI32.DLL
C:\Program Files\Symantec AntiVirus\NAVLU.dll
C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL
C:\Program Files\Symantec AntiVirus\nnewdefs.dll
C:\Program Files\Symantec AntiVirus\OEHeur.dll
C:\Program Files\Symantec AntiVirus\PATCH32I.DLL
C:\Program Files\Symantec AntiVirus\PLATFORM.DAT
C:\Program Files\Symantec AntiVirus\qscomm32.dll
C:\Program Files\Symantec AntiVirus\QsInfo.dll
C:\Program Files\Symantec AntiVirus\qspak32.dll
C:\Program Files\Symantec AntiVirus\Rec2.dll
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec AntiVirus\SAVCProd.dll
C:\Program Files\Symantec AntiVirus\SavEmail.dll
C:\Program Files\Symantec AntiVirus\savhelp.chm
C:\Program Files\Symantec AntiVirus\savmain.chm
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\savrt.cat
C:\Program Files\Symantec AntiVirus\savrt.dat
C:\Program Files\Symantec AntiVirus\savrt.inf
C:\Program Files\Symantec AntiVirus\savrt.sys
C:\Program Files\Symantec AntiVirus\SavRT32.dll
C:\Program Files\Symantec AntiVirus\savrtpel.cat
C:\Program Files\Symantec AntiVirus\savrtpel.inf
C:\Program Files\Symantec AntiVirus\Savrtpel.sys
C:\Program Files\Symantec AntiVirus\SCANCFG.DAT
C:\Program Files\Symantec AntiVirus\SCANDLVR.DLL
C:\Program Files\Symantec AntiVirus\SCANDRES.DLL
C:\Program Files\Symantec AntiVirus\SDPCK32I.DLL
C:\Program Files\Symantec AntiVirus\SDSND32I.DLL
C:\Program Files\Symantec AntiVirus\SDSOK32I.DLL
C:\Program Files\Symantec AntiVirus\SDSTP32I.DLL
C:\Program Files\Symantec AntiVirus\SMSTR32I.DLL
C:\Program Files\Symantec AntiVirus\SRTLEXCL.DAT
C:\Program Files\Symantec AntiVirus\SRTSEXCL.DAT
C:\Program Files\Symantec AntiVirus\SymClnUp.exe
C:\Program Files\Symantec AntiVirus\Virus Defs\CATALOG.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\ECBOOTIL.VXD
C:\Program Files\Symantec AntiVirus\Virus Defs\ECMSVR32.DLL
C:\Program Files\Symantec AntiVirus\Virus Defs\HH
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVENG.EXP
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVENG.SYS
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVENG.VXD
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVENG32.DLL
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVEX15.EXP
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVEX15.SYS
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVEX15.VXD
C:\Program Files\Symantec AntiVirus\Virus Defs\NAVEX32A.DLL
C:\Program Files\Symantec AntiVirus\Virus Defs\NCSACERT.TXT
C:\Program Files\Symantec AntiVirus\Virus Defs\SCRAUTH.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\SYMAVENG.CAT
C:\Program Files\Symantec AntiVirus\Virus Defs\SYMAVENG.INF
C:\Program Files\Symantec AntiVirus\Virus Defs\TCDEFS.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TCSCAN7.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TCSCAN8.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TCSCAN9.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TECHNOTE.TXT
C:\Program Files\Symantec AntiVirus\Virus Defs\TINF.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TINFIDX.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TINFL.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TSCAN1.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\TSCAN1HD.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\V.GRD
C:\Program Files\Symantec AntiVirus\Virus Defs\V.SIG
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN.INF
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN1.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN2.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN3.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN4.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN5.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN6.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN7.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN8.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCAN9.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\VIRSCANT.DAT
C:\Program Files\Symantec AntiVirus\Virus Defs\WHATSNEW.TXT
C:\Program Files\Symantec AntiVirus\Virus Defs\ZDONE.DAT
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\Program Files\Symantec AntiVirus\VPDN_LU.exe
C:\Program Files\Symantec AntiVirus\vpmsece.dll
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Temp\mtc2
C:\Temp\mtc2\h5v.log
C:\WINDOWS\system32\mC02
C:\WINDOWS\system32\ssqNeEuv.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.
2008-09-28 16:06 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 19:57 . 2008-09-25 19:57 <DIR> d-------- C:\Program Files\Sun
2008-09-25 09:50 . 2008-09-25 09:52 <DIR> d-------- C:\Documents and Settings\soseberg\Application Data\SiteAdvisor
2008-09-25 09:50 . 2008-09-25 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-25 09:50 . 2008-09-25 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-24 05:42 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-24 02:15 . 2008-09-24 02:28 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\CCleaner
2008-09-23 16:31 . 2008-09-23 16:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-20 12:33 . 2008-09-20 12:33 <DIR> d-------- C:\Program Files\Microsoft Games
2008-09-20 01:09 . 2008-09-20 01:09 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-09-20 01:09 . 2008-09-20 01:40 41,509 --a------ C:\WINDOWS\DIIUnin.dat
2008-09-20 01:09 . 2008-09-20 01:09 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-09-16 19:23 . 2008-09-20 01:38 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-09-16 19:23 . 2008-09-20 01:38 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-09-16 19:23 . 2008-09-20 01:38 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 16:37 1,838 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-28 23:06 --------- d-----w C:\Program Files\Java
2008-09-25 16:21 --------- d-----w C:\Program Files\Mjcore
2008-09-24 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 06:44 --------- d-----w C:\Program Files\Viewpoint
2008-09-22 06:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-19 04:16 --------- d-----w C:\Program Files\InterActual
2008-09-17 09:09 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-05 04:19 --------- d-----w C:\Program Files\Conduit
2008-09-02 21:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-26 18:50 153,483 ----a-w C:\WINDOWS\system32\g6.exe
2008-08-25 18:32 --------- d-----w C:\Program Files\Google
2008-08-21 08:48 --------- d-----w C:\Program Files\Verizon Wireless
2008-08-21 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 21:51 355 ----a-w C:\334.bat
2008-08-18 21:42 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\Scanner
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\aolback
2008-08-18 21:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\ComcastToolbar
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\soseberg\Application Data\AOL
2008-08-18 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-18 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-08-11 05:04 1,491,111 --sha-w C:\WINDOWS\system32\gqkondov.tmp
2008-08-10 18:57 77 ----a-w C:\Documents and Settings\soseberg\9123.bat
2008-08-05 06:37 --------- d-----w C:\Program Files\Picasa2
2008-08-02 02:54 --------- d-----w C:\Documents and Settings\soseberg\Application Data\Uniblue
2008-08-02 02:03 --------- d-----w C:\Program Files\Bonjour
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-01-23 12:07 1,847,296 ----a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
2006-08-23 20:52 56 --sh--r C:\WINDOWS\system32\7BF3C4AD00.sys
.
((((((((((((((((((((((((((((( snapshot_2008-10-02_ 7.06.23.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-02 19:22:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_150.dat
+ 2008-10-02 19:22:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2006-06-14 53248]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-05 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2008-06-22 629248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\soseberg\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\act.scheduler.exe [2006-08-23 53248]
S2 ClockDaemon;Clock Daemon;C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe [ ]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 69632]
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7199ba-5293-11dc-b410-00123f1296c3}]
\Shell\AutoRun\command - E:\Loaderw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f70f64ae-6863-11db-b37c-00123f1296c3}]
\Shell\AutoRun\command - F:\Loaderw.exe
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 12:29:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-02 12:31:59
ComboFix-quarantined-files.txt 2008-10-02 19:31:19
ComboFix2.txt 2008-10-02 14:06:53
ComboFix3.txt 2008-09-24 01:26:38
Pre-Run: 18,877,657,088 bytes free
Post-Run: 18,850,205,696 bytes free
868 --- E O F --- 2007-12-13 15:51:21
soseberg
2008-10-02, 21:56
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51, on 2008-10-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9513 bytes
soseberg
2008-10-02, 22:07
p.s. looking in add/remove programs & program files, I still see symantec liveupdate
C:\Program Files\Symantec\LiveUpdate
also - looking at bitlord, i found these remnants of WOW. should i delete? I will have to look closer at bitlord - my guess is it uses peering?
C:\Documents and Settings\Bitlord\WoW-2.3.0.7561-enUS\World of Warcraft (OS X).app\Contents\Resources
"the diabloII in the bitlord folder is a microsoft game my boys play - is there an issue with this game? (i did delete the bitlord folder, as you recommended)"
ComboFix removed it because it was installed inside BitLord folder.
If you can ensure that it is a legal game, I'm happy to help restoring it from ComboFix backups :)
"p.s. looking in add/remove programs & program files, I still see symantec liveupdate
C:\Program Files\Symantec\LiveUpdate"
Yes we didn't remove it yet. You can attempt to remove it first via add/remove programs.
soseberg
2008-10-03, 15:52
tried add/remove - get same fatal error
a new odd behavior: when I right-click start button, items in windows explorer or items on desktop, symantec tries to reinstall until i get an error that the server is not available (rather annoying)
re: WOW remnants in C:\Documents and Settings\Bitlord\WoW-2.3.0.7561-enUS\World of Warcraft (OS X).app\Contents\Resources
I mentioned to my son that I saw these. I notice this morning he deleted these remnants (but he did not empty the trash).
Ok, then we do this:
Copy text below to Notepad and save it as remsym.bat (save it as all files, *.*)
@ECHO OFF
del C:\Program Files\Symantec /s /q
sc stop ccSetMgr
sc delete ccSetMgr
sc stop DefWatch
sc delete DefWatch
sc stop SavRoam
sc delete SavRoam
sc stop SNDSrvc
sc delete SNDSrvc
sc stop "Symantec AntiVirus"
sc delete "Symantec AntiVirus"
del remsym.bat
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG
Doubleclick remsym.bat; black dos windows will flash, that's normal.
Reboot.
Post back a fresh HijackThis log.
soseberg
2008-10-03, 20:03
running remsys did not stop the pesky symantec reinstall attempts upon right click
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15, on 2008-10-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8785 bytes
At least it removed everything visible :)
Please download regsearch.zip (http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip) and save it to your desktop.
Right click on regsearch.zip and select Extract All....
Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
Click on the Browse button. Click on Desktop. Then click OK.
Once done, check (tick) the Show extracted files box and click Finish.
Double click on regsearch.exe to run it.
Copy and paste Symantec under Enter search strings (case independent) and click OK... (boxed up in red in the screenshot below).
http://xs224.xs.to/xs224/08073/regsearch184.png
Click OK.
When done, RegSearch.txt will open. Please post the contents of this file in your next reply. This file can also be found on your desktop or wherever regsearch is extracted to.
soseberg
2008-10-03, 22:43
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-10-03 13:27:48 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0E6C2-363B-11D3-B536-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0E6C2-363B-11D3-B536-00902771A435}\ProgID]
@="Symantec.stCheckForUpdates.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0E6C2-363B-11D3-B536-00902771A435}\VersionIndependentProgID]
@="Symantec.stCheckForUpdates"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}\ProgID]
@="Symantec.stInetTransferItem.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetTransferItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\ProgID]
@="Symantec.stInetBatchGet.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetBatchGet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}\ProgID]
@="Symantec.SymNeti.SymNetiProviderProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}\VersionIndependentProgID]
@="Symantec.SymNeti.SymNetiProviderProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A1-6BD0-11D3-B542-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A1-6BD0-11D3-B542-00902771A435}\ProgID]
@="Symantec.stLUProgressCallback.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A1-6BD0-11D3-B542-00902771A435}\VersionIndependentProgID]
@="Symantec.stLUProgressCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}\ProgID]
@="Symantec.stCallbackManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}\VersionIndependentProgID]
@="Symantec.stCallbackManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40800-D38D-11D3-B562-00902771A435}\InProcServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServerPS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\ProgID]
@="Symantec.stLog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\VersionIndependentProgID]
@="Symantec.stLog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F0E0EE0-760F-11D2-8E55-72C9EE000000}\InProcServer32]
@="C:\\Program Files\\Symantec AntiVirus\\nnewdefs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5E-7B07-11D2-BF1F-00A024D73444}\InProcServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegComPS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}\InprocServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegCom.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}\ProgID]
@="Symantec.luProductReg.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}\VersionIndependentProgID]
@="Symantec.luProductReg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CEFD16C-91C2-4953-986E-EE77DE2DCF94}\InprocServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\NetDetectController.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FBEF3C8-45A0-42E0-8C68-681C4EB26DF7}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2045EFE5-99CF-11D2-B40A-00600831DD76}\InprocServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegCom.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2045EFE5-99CF-11D2-B40A-00600831DD76}\ProgID]
@="Symantec.luGroup.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2045EFE5-99CF-11D2-B40A-00600831DD76}\VersionIndependentProgID]
@="Symantec.luGroup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBC128-E397-11D1-B7A0-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBC129-E397-11D1-B7A0-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2707AAC6-C268-11D1-8263-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B83B324-49FD-11D3-B538-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B83B324-49FD-11D3-B538-00902771A435}\ProgID]
@="Symantec.stSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B83B324-49FD-11D3-B538-00902771A435}\VersionIndependentProgID]
@="Symantec.stSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5B6502-5731-11D3-B53D-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5B6502-5731-11D3-B53D-00902771A435}\ProgID]
@="Symantec.stHostCatalog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5B6502-5731-11D3-B53D-00902771A435}\VersionIndependentProgID]
@="Symantec.stHostCatalog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2BF-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C0-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C3-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C4-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C5962-08E2-4EC6-A21A-340838D6EDB5}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C57BF5-CA86-11D1-B782-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C57BF6-CA86-11D1-B782-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4128E694-4BB9-11D1-8190-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4128E695-4BB9-11D1-8190-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43943CCA-883C-11D1-83A4-00A0C9749EEF}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49BB73EE-2C2F-445E-82E3-E6E3380285BF}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49BB73EE-2C2F-445E-82E3-E6E3380285BF}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.EventManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49BB73EE-2C2F-445E-82E3-E6E3380285BF}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.EventManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C34B690-D1B7-11D1-B041-00104B252EEA}\InprocServer32]
@="C:\\Program Files\\Symantec AntiVirus\\SCANDLVR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DEF8DD1-C4D1-11D1-82DA-00A0C9749EEF}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C2-B82E-11D1-8252-00A0C95C0756}]
@="Symantec AntiVirus UI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C2-B82E-11D1-8252-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C3-B82E-11D1-8252-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{592DC44C-4977-11D1-818D-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{592DC44F-4977-11D1-818D-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B4A5AE-0799-11D1-812A-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}\ProgID]
@="Symantec.SymNeti.SubscriberProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}\VersionIndependentProgID]
@="Symantec.SymNeti.SymNetiSubscriberProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C2714F-4478-11D3-B537-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C2714F-4478-11D3-B537-00902771A435}\ProgID]
@="Symantec.stPatchCatalog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C2714F-4478-11D3-B537-00902771A435}\VersionIndependentProgID]
@="Symantec.stPatchCatalog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}\ProgID]
@="Symantec.stPatch.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}\VersionIndependentProgID]
@="Symantec.stPatch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72E2440E-EBEA-49E6-A185-1BE03F723E28}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F365837-F578-11D1-B7B2-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F365838-F578-11D1-B7B2-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D37EC8-8342-11D3-B54C-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D37EC8-8342-11D3-B54C-00902771A435}\ProgID]
@="Symantec.stDisScriptEngine.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D37EC8-8342-11D3-B54C-00902771A435}\VersionIndependentProgID]
@="Symantec.stDisScriptEngine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E9145BD-703D-11D1-81C9-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\ProgID]
@="Symantec.CommonClient.ccSetMgr.SettingsService.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetMgr.SettingsService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6F6788-4009-11D1-8184-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91581CB1-0E7B-11D1-9D93-00A0C95C1762}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{921BD9FB-4963-11D1-818D-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6BCDF39-8909-45B1-B614-1231B027E78F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBAB8BD-E4F1-11D1-A42C-00A0C9A243C6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBAB8BE-E4F1-11D1-A42C-00A0C9A243C6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBBB9C6-8A99-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBBB9C7-8A99-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8038863-10BB-464D-AF8C-3EBF7043B409}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8038863-10BB-464D-AF8C-3EBF7043B409}\ProgID]
@="Symantec.CommonClient.ccPassword.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8038863-10BB-464D-AF8C-3EBF7043B409}\VersionIndependentProgID]
@="Symantec.CommonClient.ccPassword"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B91B0CAD-D866-11D1-B78C-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B91B0CAE-D866-11D1-B78C-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C6365-7218-11D0-8865-444553540000}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDA77241-42F6-11D0-85E2-00AA001FE28C}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEE62D80-4A07-11D1-818E-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10E2CC6-1525-11D3-B527-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10E2CC6-1525-11D3-B527-00902771A435}\ProgID]
@="Symantec.stInetGetFile.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10E2CC6-1525-11D3-B527-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetGetFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C859248A-513E-11D1-8194-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C859248B-513E-11D1-8194-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9A87C58-9683-4644-80BC-90D8462CE326}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}\ProgID]
@="Symantec.CommonClient.ccProSub.SubscriberProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}\VersionIndependentProgID]
@="Symantec.CommonClient.ccProSub.SubscriberProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1C0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1D0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1E0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\ProgID]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F2026-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F2027-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202A-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202B-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}\ProgID]
@="Symantec.CommonClient.ccProSub.ProviderProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}\VersionIndependentProgID]
@="Symantec.CommonClient.ccProSub.ProviderProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8E2BDBE-5723-11D3-B53D-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8E2BDBE-5723-11D3-B53D-00902771A435}\ProgID]
@="Symantec.stHost.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8E2BDBE-5723-11D3-B53D-00902771A435}\VersionIndependentProgID]
@="Symantec.stHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC894628-B91D-11D1-8254-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC894629-B91D-11D1-8254-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE207EB8-122B-11D3-B527-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE207EB8-122B-11D3-B527-00902771A435}\ProgID]
@="Symantec.stInetConnParms.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE207EB8-122B-11D3-B527-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetConnParms"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF1C1AB8-C27D-11D1-8263-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF1C1AB9-C27D-11D1-8263-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\497CA84818B8A04418EA464733D75B72]
"ProductName"="Symantec AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\497CA84818B8A04418EA464733D75B72\SourceList]
"PackageName"="Symantec AntiVirus.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LDVPUI.LDVPUICtrl.1]
@="Symantec AntiVirus UI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveupdateFile\DefaultIcon]
@="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManagerag]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManagerag\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManagerag\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManagerag\CurVer]
@="Symantec.CommonClient.ccEvtMgr.EventManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManag]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManag\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManag\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManag\CurVer]
@="Symantec.CommonClient.ccEvtMgr.LogManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModManag]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModManag\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModManag\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModManag\CurVer]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword\CurVer]
@="Symantec.CommonClient.ccPassword.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy\CurVer]
@="Symantec.CommonClient.ccProSub.ProviderProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy\CurVer]
@="Symantec.CommonClient.ccProSub.SubscriberProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CurVer]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CurVer]
@="Symantec.CommonClient.ccSetMgr.SettingsService.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup\CurVer]
@="Symantec.luGroup.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg\CurVer]
@="Symantec.luProductReg.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager\CurVer]
@="Symantec.stCallbackManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates\CurVer]
@="Symantec.stCheckForUpdates.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine\CurVer]
@="Symantec.stDisScriptEngine.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost\CurVer]
@="Symantec.stHost.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog\CurVer]
@="Symantec.stHostCatalog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet\CurVer]
@="Symantec.stInetBatchGet.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms\CurVer]
@="Symantec.stInetConnParms.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile\CurVer]
@="Symantec.stInetGetFile.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem\CurVer]
@="Symantec.stInetTransferItem.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog\CurVer]
@="Symantec.stLog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback\CurVer]
@="Symantec.stLUProgressCallback.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch\CurVer]
@="Symantec.stPatch.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog\CurVer]
@="Symantec.stPatchCatalog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings\CurVer]
@="Symantec.stSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{17580E52-7B07-11D2-BF1F-00A024D73444}\1.0\0\win32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegCom.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{17580E52-7B07-11D2-BF1F-00A024D73444}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec\\LiveUpdate\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2149B26D-55C9-4DC3-BD03-B982AAA1733A}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2149B26D-55C9-4DC3-BD03-B982AAA1733A}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226CDAFB-819C-4298-89FA-8A018BB188B5}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226CDAFB-819C-4298-89FA-8A018BB188B5}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2CECFD1F-CA35-4558-AC7F-64B6B463714A}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccPwdSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2CECFD1F-CA35-4558-AC7F-64B6B463714A}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2E76B2B4-C603-11D1-826C-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2E76B2B4-C603-11D1-826C-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C3D7949-0006-4745-B3F6-BED93B98FA9B}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C3D7949-0006-4745-B3F6-BED93B98FA9B}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{51B9BCA6-4A06-11D3-B538-00902771A435}\1.0\0\win32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{51B9BCA6-4A06-11D3-B538-00902771A435}\1.0\HELPDIR]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{536604BF-B82E-11D1-8252-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{536604BF-B82E-11D1-8252-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{592DC449-4977-11D1-818D-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{592DC449-4977-11D1-818D-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64B4A5AB-0799-11D1-812A-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64B4A5AB-0799-11D1-812A-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E9145BE-703D-11D1-81C9-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E9145BE-703D-11D1-81C9-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{941F23D1-BD56-4F90-B99F-134D55D86053}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F3B84DC-3631-4BCE-90E9-041A6198A2FA}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F3B84DC-3631-4BCE-90E9-041A6198A2FA}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABA89334-36F7-4263-987C-941FF0C3E105}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABA89334-36F7-4263-987C-941FF0C3E105}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C40049E7-5154-40E3-83B5-A94A89A29890}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C40049E7-5154-40E3-83B5-A94A89A29890}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C546DD23-7302-4E47-A4C1-E8417AD4243F}\1.0\0\win32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\NetDetectController.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C546DD23-7302-4E47-A4C1-E8417AD4243F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec\\LiveUpdate\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1A0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1A0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1B0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1B0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EB54C4A8-F9BE-429F-AA4F-F1FA39EA3537}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EB54C4A8-F9BE-429F-AA4F-F1FA39EA3537}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F32F2023-8607-11D1-8892-0080C75FFCC4}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F32F2023-8607-11D1-8892-0080C75FFCC4}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF1C1AB5-C27D-11D1-8263-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF1C1AB5-C27D-11D1-8263-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
soseberg
2008-10-03, 23:06
i keep getting time outs trying to post the rest of this...
Fatal error: Maximum execution time of 30 seconds exceeded in /arrayx/www/forums/includes/functions.php on line 1736
I will keep trying.
btw - do you know how to do a char count in txt editor?
soseberg
2008-10-03, 23:13
P.S.
will you recommend a free zip application? I am using WinRAR on a trial period, and it is time to uninstall the SW since I don't want to buy it.
soseberg
2008-10-04, 07:50
it is 83 pages, 163,760 chars (per word) - but the forum char count don't agree w/the forum web count
keep getting fatal error...
Fatal error: Maximum execution time of 30 seconds exceeded in /arrayx/www/forums/includes/functions.php on line 1736
gonna try slicing into 4 in lieu of 3...
if you do not see the log here, is there a way to email the log as an attachment?
soseberg
2008-10-04, 07:55
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-10-03 13:27:48 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0E6C2-363B-11D3-B536-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0E6C2-363B-11D3-B536-00902771A435}\ProgID]
@="Symantec.stCheckForUpdates.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0E6C2-363B-11D3-B536-00902771A435}\VersionIndependentProgID]
@="Symantec.stCheckForUpdates"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}\ProgID]
@="Symantec.stInetTransferItem.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetTransferItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\ProgID]
@="Symantec.stInetBatchGet.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetBatchGet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}\ProgID]
@="Symantec.SymNeti.SymNetiProviderProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}\VersionIndependentProgID]
@="Symantec.SymNeti.SymNetiProviderProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A1-6BD0-11D3-B542-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A1-6BD0-11D3-B542-00902771A435}\ProgID]
@="Symantec.stLUProgressCallback.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A1-6BD0-11D3-B542-00902771A435}\VersionIndependentProgID]
@="Symantec.stLUProgressCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}\ProgID]
@="Symantec.stCallbackManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}\VersionIndependentProgID]
@="Symantec.stCallbackManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40800-D38D-11D3-B562-00902771A435}\InProcServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServerPS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\ProgID]
@="Symantec.stLog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\VersionIndependentProgID]
@="Symantec.stLog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F0E0EE0-760F-11D2-8E55-72C9EE000000}\InProcServer32]
@="C:\\Program Files\\Symantec AntiVirus\\nnewdefs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5E-7B07-11D2-BF1F-00A024D73444}\InProcServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegComPS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}\InprocServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegCom.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}\ProgID]
@="Symantec.luProductReg.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}\VersionIndependentProgID]
@="Symantec.luProductReg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CEFD16C-91C2-4953-986E-EE77DE2DCF94}\InprocServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\NetDetectController.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FBEF3C8-45A0-42E0-8C68-681C4EB26DF7}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2045EFE5-99CF-11D2-B40A-00600831DD76}\InprocServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegCom.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2045EFE5-99CF-11D2-B40A-00600831DD76}\ProgID]
@="Symantec.luGroup.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2045EFE5-99CF-11D2-B40A-00600831DD76}\VersionIndependentProgID]
@="Symantec.luGroup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBC128-E397-11D1-B7A0-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBC129-E397-11D1-B7A0-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2707AAC6-C268-11D1-8263-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B83B324-49FD-11D3-B538-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B83B324-49FD-11D3-B538-00902771A435}\ProgID]
@="Symantec.stSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B83B324-49FD-11D3-B538-00902771A435}\VersionIndependentProgID]
@="Symantec.stSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5B6502-5731-11D3-B53D-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5B6502-5731-11D3-B53D-00902771A435}\ProgID]
@="Symantec.stHostCatalog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5B6502-5731-11D3-B53D-00902771A435}\VersionIndependentProgID]
@="Symantec.stHostCatalog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2BF-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C0-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C3-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C4-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C5962-08E2-4EC6-A21A-340838D6EDB5}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C57BF5-CA86-11D1-B782-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C57BF6-CA86-11D1-B782-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4128E694-4BB9-11D1-8190-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4128E695-4BB9-11D1-8190-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43943CCA-883C-11D1-83A4-00A0C9749EEF}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49BB73EE-2C2F-445E-82E3-E6E3380285BF}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49BB73EE-2C2F-445E-82E3-E6E3380285BF}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.EventManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49BB73EE-2C2F-445E-82E3-E6E3380285BF}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.EventManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C34B690-D1B7-11D1-B041-00104B252EEA}\InprocServer32]
@="C:\\Program Files\\Symantec AntiVirus\\SCANDLVR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DEF8DD1-C4D1-11D1-82DA-00A0C9749EEF}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C2-B82E-11D1-8252-00A0C95C0756}]
@="Symantec AntiVirus UI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C2-B82E-11D1-8252-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C3-B82E-11D1-8252-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{592DC44C-4977-11D1-818D-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{592DC44F-4977-11D1-818D-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B4A5AE-0799-11D1-812A-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}\ProgID]
@="Symantec.SymNeti.SubscriberProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}\VersionIndependentProgID]
@="Symantec.SymNeti.SymNetiSubscriberProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C2714F-4478-11D3-B537-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C2714F-4478-11D3-B537-00902771A435}\ProgID]
@="Symantec.stPatchCatalog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C2714F-4478-11D3-B537-00902771A435}\VersionIndependentProgID]
@="Symantec.stPatchCatalog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}\ProgID]
@="Symantec.stPatch.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}\VersionIndependentProgID]
@="Symantec.stPatch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72E2440E-EBEA-49E6-A185-1BE03F723E28}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F365837-F578-11D1-B7B2-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F365838-F578-11D1-B7B2-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D37EC8-8342-11D3-B54C-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D37EC8-8342-11D3-B54C-00902771A435}\ProgID]
@="Symantec.stDisScriptEngine.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D37EC8-8342-11D3-B54C-00902771A435}\VersionIndependentProgID]
@="Symantec.stDisScriptEngine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E9145BD-703D-11D1-81C9-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\ProgID]
@="Symantec.CommonClient.ccSetMgr.SettingsService.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetMgr.SettingsService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6F6788-4009-11D1-8184-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91581CB1-0E7B-11D1-9D93-00A0C95C1762}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{921BD9FB-4963-11D1-818D-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6BCDF39-8909-45B1-B614-1231B027E78F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBAB8BD-E4F1-11D1-A42C-00A0C9A243C6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBAB8BE-E4F1-11D1-A42C-00A0C9A243C6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBBB9C6-8A99-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBBB9C7-8A99-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8038863-10BB-464D-AF8C-3EBF7043B409}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8038863-10BB-464D-AF8C-3EBF7043B409}\ProgID]
@="Symantec.CommonClient.ccPassword.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8038863-10BB-464D-AF8C-3EBF7043B409}\VersionIndependentProgID]
@="Symantec.CommonClient.ccPassword"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B91B0CAD-D866-11D1-B78C-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B91B0CAE-D866-11D1-B78C-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C6365-7218-11D0-8865-444553540000}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDA77241-42F6-11D0-85E2-00AA001FE28C}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEE62D80-4A07-11D1-818E-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10E2CC6-1525-11D3-B527-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10E2CC6-1525-11D3-B527-00902771A435}\ProgID]
@="Symantec.stInetGetFile.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10E2CC6-1525-11D3-B527-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetGetFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C859248A-513E-11D1-8194-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C859248B-513E-11D1-8194-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9A87C58-9683-4644-80BC-90D8462CE326}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}\ProgID]
@="Symantec.CommonClient.ccProSub.SubscriberProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}\VersionIndependentProgID]
@="Symantec.CommonClient.ccProSub.SubscriberProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1C0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1D0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1E0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\ProgID]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F2026-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F2027-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202A-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202B-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}\ProgID]
@="Symantec.CommonClient.ccProSub.ProviderProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}\VersionIndependentProgID]
@="Symantec.CommonClient.ccProSub.ProviderProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8E2BDBE-5723-11D3-B53D-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8E2BDBE-5723-11D3-B53D-00902771A435}\ProgID]
@="Symantec.stHost.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8E2BDBE-5723-11D3-B53D-00902771A435}\VersionIndependentProgID]
@="Symantec.stHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC894628-B91D-11D1-8254-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC894629-B91D-11D1-8254-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE207EB8-122B-11D3-B527-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE207EB8-122B-11D3-B527-00902771A435}\ProgID]
@="Symantec.stInetConnParms.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE207EB8-122B-11D3-B527-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetConnParms"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF1C1AB8-C27D-11D1-8263-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF1C1AB9-C27D-11D1-8263-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\497CA84818B8A04418EA464733D75B72]
"ProductName"="Symantec AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\497CA84818B8A04418EA464733D75B72\SourceList]
"PackageName"="Symantec AntiVirus.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LDVPUI.LDVPUICtrl.1]
@="Symantec AntiVirus UI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveupdateFile\DefaultIcon]
@="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManagerag]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManagerag\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManagerag\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManagerag\CurVer]
@="Symantec.CommonClient.ccEvtMgr.EventManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManag]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManag\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManag\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManag\CurVer]
@="Symantec.CommonClient.ccEvtMgr.LogManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModManag]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModManag\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModManag\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModManag\CurVer]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword\CurVer]
@="Symantec.CommonClient.ccPassword.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy\CurVer]
@="Symantec.CommonClient.ccProSub.ProviderProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy\CurVer]
@="Symantec.CommonClient.ccProSub.SubscriberProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CurVer]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CurVer]
@="Symantec.CommonClient.ccSetMgr.SettingsService.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup\CurVer]
@="Symantec.luGroup.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg\CurVer]
@="Symantec.luProductReg.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager\CurVer]
@="Symantec.stCallbackManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates\CurVer]
@="Symantec.stCheckForUpdates.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine\CurVer]
@="Symantec.stDisScriptEngine.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost\CurVer]
@="Symantec.stHost.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog\CurVer]
@="Symantec.stHostCatalog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet\CurVer]
@="Symantec.stInetBatchGet.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms\CurVer]
@="Symantec.stInetConnParms.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile\CurVer]
@="Symantec.stInetGetFile.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem\CurVer]
@="Symantec.stInetTransferItem.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog\CurVer]
@="Symantec.stLog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback\CurVer]
@="Symantec.stLUProgressCallback.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch\CurVer]
@="Symantec.stPatch.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog\CLSID]
soseberg
2008-10-04, 08:01
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog\CurVer]
@="Symantec.stPatchCatalog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings\CurVer]
@="Symantec.stSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{17580E52-7B07-11D2-BF1F-00A024D73444}\1.0\0\win32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegCom.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{17580E52-7B07-11D2-BF1F-00A024D73444}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec\\LiveUpdate\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2149B26D-55C9-4DC3-BD03-B982AAA1733A}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2149B26D-55C9-4DC3-BD03-B982AAA1733A}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226CDAFB-819C-4298-89FA-8A018BB188B5}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226CDAFB-819C-4298-89FA-8A018BB188B5}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2CECFD1F-CA35-4558-AC7F-64B6B463714A}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccPwdSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2CECFD1F-CA35-4558-AC7F-64B6B463714A}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2E76B2B4-C603-11D1-826C-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2E76B2B4-C603-11D1-826C-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C3D7949-0006-4745-B3F6-BED93B98FA9B}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C3D7949-0006-4745-B3F6-BED93B98FA9B}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{51B9BCA6-4A06-11D3-B538-00902771A435}\1.0\0\win32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{51B9BCA6-4A06-11D3-B538-00902771A435}\1.0\HELPDIR]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{536604BF-B82E-11D1-8252-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{536604BF-B82E-11D1-8252-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{592DC449-4977-11D1-818D-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{592DC449-4977-11D1-818D-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64B4A5AB-0799-11D1-812A-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64B4A5AB-0799-11D1-812A-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E9145BE-703D-11D1-81C9-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E9145BE-703D-11D1-81C9-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{941F23D1-BD56-4F90-B99F-134D55D86053}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F3B84DC-3631-4BCE-90E9-041A6198A2FA}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F3B84DC-3631-4BCE-90E9-041A6198A2FA}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABA89334-36F7-4263-987C-941FF0C3E105}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABA89334-36F7-4263-987C-941FF0C3E105}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C40049E7-5154-40E3-83B5-A94A89A29890}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C40049E7-5154-40E3-83B5-A94A89A29890}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C546DD23-7302-4E47-A4C1-E8417AD4243F}\1.0\0\win32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\NetDetectController.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C546DD23-7302-4E47-A4C1-E8417AD4243F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec\\LiveUpdate\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1A0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1A0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1B0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1B0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EB54C4A8-F9BE-429F-AA4F-F1FA39EA3537}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EB54C4A8-F9BE-429F-AA4F-F1FA39EA3537}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F32F2023-8607-11D1-8892-0080C75FFCC4}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F32F2023-8607-11D1-8892-0080C75FFCC4}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF1C1AB5-C27D-11D1-8263-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF1C1AB5-C27D-11D1-8263-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\DLLUsage\VP6]
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"="9.0.338"
"C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"="9.0.338"
"C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"="9.0.338"
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="9.0.338"
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"="9.0.338"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion]
"Home Directory"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Common]
"SelectedMessage"="Symantec AntiVirus found a virus in an attachment from ~D.
"
"WarningMessage"="Symantec AntiVirus found a virus in an attachment from ~D.
"
"SenderMessage"="Symantec AntiVirus found a virus in an attachment you (~D) sent to ~I.
To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment.
"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine3]
"ProductName"="Symantec AntiVirus Corporate Client NT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail]
"ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes]
"ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient]
"ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions]
"SAVCORP90"="4.0;C:\\Program Files\\Symantec AntiVirus\\vpmsece.dll;1;00000011111"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe]
"PATH"="C:\\Program Files\\Common Files\\Symantec Shared\\;"
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\LUALL.EXE]
@="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE"
"Path"="C:\\Program Files\\Symantec\\LiveUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VPC32.exe]
@="C:\\Program Files\\Symantec AntiVirus\\\\VPC32.exe"
"Path"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls]
"SYMLIVE"="C:\\Program Files\\Symantec\\LiveUpdate\\S32LUCP1.CPL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\APTemp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\I2_LDVP.VDB\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\Logs\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\Quarantine\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"=""
"C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\"=""
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Symantec Client Security\\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0007E264C66416743963D7BDD4E2B7C8]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\LDVPREG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01110A84106428F40880B93192013FC2]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DWHWizrd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01ABD917955355D4A84144CA3CB609AA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\022AFE82A764D864A8CD9B23D4A38F57]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02C7935C8D887B948800BAE4ABE3C564]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2EXE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0723095E1EB7A3F4599FB8829DE20284]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\075603C1A0A349649BF01150129CC6A5]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09BD02E0169E55A44BB0A041D2C449E5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B0D2DF9159AC314BAD5F67FE98F6398]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2ID.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DC310B120C02754683F563C5C11B7CC]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Validate.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E84B0475F3B7F84292D8B8BF4A0FAD3]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DefUtDCD.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\121A95866D8C3E147A73AF2FE040249B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\VPDN_LU.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\125695B83FF3EF745AE8D42E41D1E368]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\sevinst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1409F9F72CE9B2A4B9A2765A3A1E81A6]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVENG.SYS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\150FA3B991BBEBA41BF609AB43273898]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15BCFAB3580A39841A2C9288D55C21DF]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SDPCK32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6AE69D474F3F4CA40C97240884521]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17BAD0AD61B75B64398F0A2154B4E93A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18073D53762F8D645924FD48C8BACE44]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\197986349ADD55E4791877C2F9FD1404]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AB755D80FE34914080C323F73F3F7F8]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D0E4A28D2B91874D8BFAAF0D7D48C94]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DE10FC25DE814440ADCDF53E037BC5E]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E17002306209BF498A5B184A6A4CD0C]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F1CD0F52203E4041B8C1F49ED12DAC2]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\vpmsece.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F77298863CF8F449A01B1CD959B1FE1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\COUNTRY.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\203F9F5F4F3B1FE499FFF39DD06E0DDA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SAVCProd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\219438F63413C924CA5B1C2ED64087BF]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NCSACERT.TXT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\253D749F0295B08418625E282C0B20E8]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A894AB0F40A174EB0A93E99D63C893]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27FD15E46829E1643A8717519FE78684]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2TNEF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28808A0D22C26CD48AE82330ADE8789F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2GZIP.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\298EAB6682C3A3B4D8309EB13208D507]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TINF.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29BB554C82ECCC44FB1791D4169A8F11]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SymClnUp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AF612196D264A54DAB3109CC2F64A3E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TCSCAN9.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E00DABFCA5E67C4881DCCA176F25C67]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2EE121971B29C064C864C5239C98CEF9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TINFIDX.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\308369E2AB881E545BD28CDED907ED5A]
"497CA84818B8A04418EA464733D75B72"="02:\\SOFTWARE\\Symantec\\LiveUpdate\\Preferences\\All Transports Available"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\316D91D98F2D37A4585D2DF5DACECF93]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31E285710D82D0C4FADFF97B867F2BB8]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\320A69A94DB9F36488B915AC4F80E442]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\VPTray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\331BFD9AFD37BAD45914687B44B716D0]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN2.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35E89152EB5CD1D4CAB72A216BA94B6F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SavEmail.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36509426D2A5F93419B575FEC08752DD]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37B018D38884D2043BBD8EAE6745979F]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3914ABCF0CE84A4498608C467AD9AB01]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B65FCFCDAFAFF843A056302829A669D]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D818C45510B5394E975AFDD34C21F75]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\SCRAUTH.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DEE68F0FC3313E4CAD8E4C3EBCBEC40]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2Text.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2Text.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E2AF2B8461F9B341AE996F816488D03]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E81A4DC21026924FB5FAF933085D236]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FFC076946D23F747BCC49D3C49DAD2B]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4104FC2402715CE48B5F76E86269EAFA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SCANDLVR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\421D4B34EE9882B4D8068382B21C97A2]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2LZ.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\433A4F345A4260C4BAB58E0D0FE2CA62]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN8.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\441567AAA28618C46A8BACAAC9BD2047]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\ecmldr32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4506881C8147E5C4898473908F999A6A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\452F176D393D2E842B78F854DF5D9D56]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccLgView.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\461CB5CCD4AE6B4438CE56243372952A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SDSOK32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4650327CD3FFB8644A07B95EF08E1533]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4749418146A5C4D44A311288648899BB]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN1.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4769CCBE90805494F9B0C1D7AD0F2F6C]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\486376AD35E5B3D49940144BC46211F4]
"497CA84818B8A04418EA464733D75B72"="02:\\SOFTWARE\\Symantec\\InstalledApps\\SAV Install Directory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E583B84DF94840B69B71B9B9691C7]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CA4254E5D1DC3F41B7AAEE955FCDD65]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\ECMSVR32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CB829E5237898741983A2C0FB59BAEF]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50BBD0A1CB1FD3648A16157120DF2829]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2TNEF.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2TNEF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50E357748DE0DD840851872431DDB49B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2RTF.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2RTF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52329A5967EA7BE4396C59CEA602DECC]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5246FBA0D2725974B98D2F241801CE59]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\530B755CC7E4B0240B516CA62CE52FB0]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TCSCAN7.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\539D3B7957C58E141BAA69E8F67A3154]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53A119F546B8F0B4F8F6F980A73E0AC9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\ecmldr32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5549159AC4062D54397934DF6950AE35]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\IMail.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5645C240E90FDA14BAF1865CF63C602E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2TAR.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57257620AAEA0C242BDD7AB607B65379]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSLU.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B459F6503E1DF8468F49D2D7090B64C]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BB8408507AD2244D835B30D2FAE684E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TECHNOTE.TXT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D5E3CA2F6ABC7843ACCA3FE7FA5C2C9]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccSet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DAD7F81C316EDA4993345FA879C659F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2MIME.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64B5C6D35D4BA694090534F8F4275822]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN9.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6591A502E6CED1F48BF7C76C53CBF8F2]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SCANDRES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\662D9B6A76F85894B95D3DA06DC598A1]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66A964206D532614CAA674525C115B5A]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\670CE72E9F5EF7B42A9891043F5F6890]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\689C01ED28E08AA46A7CFC2A5FC5BE5B]
"497CA84818B8A04418EA464733D75B72"="02:\\Software\\Symantec\\InstalledApps\\IDSDefs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6925106EE9D0AF740BCCD43F8907862F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2TAR.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2TAR.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A98339CA4BE12046B79421363FDFA28]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\HH"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D4CD7C5D5B674F42A653A41E32208C0]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2GHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D8AC6C6E342F8E44A12D80B8D572F95]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2SS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EEA3CF07EBD65C48A3FE380BC2FF61E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2LZ.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2LZ.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB241AAAF09D3840BC2241E9AF19C9A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Rec2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70D2DE21FED8FF34C844F4A31D07101A]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70F1A44A35ECA3A4E87039D639C5E73A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\VPC32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\717AB62A0DC6B434EA08A1A45AC41341]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\ccDec.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71DECD1F77D7E3546ACEC3E68CA8D0D7]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SavRT32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72DD961BBCB9085489897E100B268A1B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVENG.EXP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\732889D137C8A784D8AF276C5D5A9C80]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN7.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74A47876014BF1D41A0C231D7930868B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN4.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75AD138F296CAC145BAD1206F9BE78A0]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76A5F6DF743589646A86A23EC64F3FD5]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccPwdSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\795ACC80F6B8CA9468B4BEE3453CE063]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVEX15.SYS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79768F9785BA38542BCF92E51B008096]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\nnewdefs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A0490666E0FE7143B0EC6D2888CCFBD]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E0766AE391E7FC46A6253340D25FD6A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\savmain.chm"
soseberg
2008-10-04, 08:08
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog\CurVer]
@="Symantec.stPatchCatalog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings\CurVer]
@="Symantec.stSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{17580E52-7B07-11D2-BF1F-00A024D73444}\1.0\0\win32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegCom.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{17580E52-7B07-11D2-BF1F-00A024D73444}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec\\LiveUpdate\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2149B26D-55C9-4DC3-BD03-B982AAA1733A}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2149B26D-55C9-4DC3-BD03-B982AAA1733A}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226CDAFB-819C-4298-89FA-8A018BB188B5}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226CDAFB-819C-4298-89FA-8A018BB188B5}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2CECFD1F-CA35-4558-AC7F-64B6B463714A}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccPwdSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2CECFD1F-CA35-4558-AC7F-64B6B463714A}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2E76B2B4-C603-11D1-826C-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2E76B2B4-C603-11D1-826C-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C3D7949-0006-4745-B3F6-BED93B98FA9B}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C3D7949-0006-4745-B3F6-BED93B98FA9B}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{51B9BCA6-4A06-11D3-B538-00902771A435}\1.0\0\win32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{51B9BCA6-4A06-11D3-B538-00902771A435}\1.0\HELPDIR]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{536604BF-B82E-11D1-8252-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{536604BF-B82E-11D1-8252-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{592DC449-4977-11D1-818D-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{592DC449-4977-11D1-818D-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64B4A5AB-0799-11D1-812A-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64B4A5AB-0799-11D1-812A-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E9145BE-703D-11D1-81C9-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E9145BE-703D-11D1-81C9-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{941F23D1-BD56-4F90-B99F-134D55D86053}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F3B84DC-3631-4BCE-90E9-041A6198A2FA}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F3B84DC-3631-4BCE-90E9-041A6198A2FA}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABA89334-36F7-4263-987C-941FF0C3E105}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABA89334-36F7-4263-987C-941FF0C3E105}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C40049E7-5154-40E3-83B5-A94A89A29890}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C40049E7-5154-40E3-83B5-A94A89A29890}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C546DD23-7302-4E47-A4C1-E8417AD4243F}\1.0\0\win32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\NetDetectController.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C546DD23-7302-4E47-A4C1-E8417AD4243F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec\\LiveUpdate\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1A0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1A0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1B0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1B0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EB54C4A8-F9BE-429F-AA4F-F1FA39EA3537}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EB54C4A8-F9BE-429F-AA4F-F1FA39EA3537}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F32F2023-8607-11D1-8892-0080C75FFCC4}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F32F2023-8607-11D1-8892-0080C75FFCC4}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF1C1AB5-C27D-11D1-8263-00A0C95C0756}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF1C1AB5-C27D-11D1-8263-00A0C95C0756}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\DLLUsage\VP6]
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"="9.0.338"
"C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"="9.0.338"
"C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"="9.0.338"
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="9.0.338"
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"="9.0.338"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion]
"Home Directory"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Common]
"SelectedMessage"="Symantec AntiVirus found a virus in an attachment from ~D.
"
"WarningMessage"="Symantec AntiVirus found a virus in an attachment from ~D.
"
"SenderMessage"="Symantec AntiVirus found a virus in an attachment you (~D) sent to ~I.
To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment.
"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine3]
"ProductName"="Symantec AntiVirus Corporate Client NT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail]
"ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes]
"ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient]
"ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions]
"SAVCORP90"="4.0;C:\\Program Files\\Symantec AntiVirus\\vpmsece.dll;1;00000011111"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe]
"PATH"="C:\\Program Files\\Common Files\\Symantec Shared\\;"
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\LUALL.EXE]
@="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE"
"Path"="C:\\Program Files\\Symantec\\LiveUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VPC32.exe]
@="C:\\Program Files\\Symantec AntiVirus\\\\VPC32.exe"
"Path"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls]
"SYMLIVE"="C:\\Program Files\\Symantec\\LiveUpdate\\S32LUCP1.CPL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\APTemp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\I2_LDVP.VDB\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\Logs\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\Quarantine\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"=""
"C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\"=""
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Symantec Client Security\\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0007E264C66416743963D7BDD4E2B7C8]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\LDVPREG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01110A84106428F40880B93192013FC2]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DWHWizrd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01ABD917955355D4A84144CA3CB609AA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\022AFE82A764D864A8CD9B23D4A38F57]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02C7935C8D887B948800BAE4ABE3C564]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2EXE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0723095E1EB7A3F4599FB8829DE20284]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\075603C1A0A349649BF01150129CC6A5]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09BD02E0169E55A44BB0A041D2C449E5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B0D2DF9159AC314BAD5F67FE98F6398]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2ID.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DC310B120C02754683F563C5C11B7CC]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Validate.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E84B0475F3B7F84292D8B8BF4A0FAD3]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DefUtDCD.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\121A95866D8C3E147A73AF2FE040249B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\VPDN_LU.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\125695B83FF3EF745AE8D42E41D1E368]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\sevinst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1409F9F72CE9B2A4B9A2765A3A1E81A6]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVENG.SYS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\150FA3B991BBEBA41BF609AB43273898]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15BCFAB3580A39841A2C9288D55C21DF]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SDPCK32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6AE69D474F3F4CA40C97240884521]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17BAD0AD61B75B64398F0A2154B4E93A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18073D53762F8D645924FD48C8BACE44]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\197986349ADD55E4791877C2F9FD1404]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AB755D80FE34914080C323F73F3F7F8]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D0E4A28D2B91874D8BFAAF0D7D48C94]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DE10FC25DE814440ADCDF53E037BC5E]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E17002306209BF498A5B184A6A4CD0C]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F1CD0F52203E4041B8C1F49ED12DAC2]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\vpmsece.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F77298863CF8F449A01B1CD959B1FE1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\COUNTRY.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\203F9F5F4F3B1FE499FFF39DD06E0DDA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SAVCProd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\219438F63413C924CA5B1C2ED64087BF]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NCSACERT.TXT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\253D749F0295B08418625E282C0B20E8]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A894AB0F40A174EB0A93E99D63C893]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27FD15E46829E1643A8717519FE78684]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2TNEF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28808A0D22C26CD48AE82330ADE8789F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2GZIP.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\298EAB6682C3A3B4D8309EB13208D507]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TINF.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29BB554C82ECCC44FB1791D4169A8F11]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SymClnUp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AF612196D264A54DAB3109CC2F64A3E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TCSCAN9.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E00DABFCA5E67C4881DCCA176F25C67]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2EE121971B29C064C864C5239C98CEF9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TINFIDX.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\308369E2AB881E545BD28CDED907ED5A]
"497CA84818B8A04418EA464733D75B72"="02:\\SOFTWARE\\Symantec\\LiveUpdate\\Preferences\\All Transports Available"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\316D91D98F2D37A4585D2DF5DACECF93]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31E285710D82D0C4FADFF97B867F2BB8]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\320A69A94DB9F36488B915AC4F80E442]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\VPTray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\331BFD9AFD37BAD45914687B44B716D0]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN2.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35E89152EB5CD1D4CAB72A216BA94B6F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SavEmail.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36509426D2A5F93419B575FEC08752DD]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37B018D38884D2043BBD8EAE6745979F]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3914ABCF0CE84A4498608C467AD9AB01]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B65FCFCDAFAFF843A056302829A669D]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D818C45510B5394E975AFDD34C21F75]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\SCRAUTH.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DEE68F0FC3313E4CAD8E4C3EBCBEC40]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2Text.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2Text.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E2AF2B8461F9B341AE996F816488D03]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E81A4DC21026924FB5FAF933085D236]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FFC076946D23F747BCC49D3C49DAD2B]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4104FC2402715CE48B5F76E86269EAFA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SCANDLVR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\421D4B34EE9882B4D8068382B21C97A2]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2LZ.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\433A4F345A4260C4BAB58E0D0FE2CA62]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN8.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\441567AAA28618C46A8BACAAC9BD2047]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\ecmldr32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4506881C8147E5C4898473908F999A6A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\452F176D393D2E842B78F854DF5D9D56]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccLgView.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\461CB5CCD4AE6B4438CE56243372952A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SDSOK32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4650327CD3FFB8644A07B95EF08E1533]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4749418146A5C4D44A311288648899BB]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN1.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4769CCBE90805494F9B0C1D7AD0F2F6C]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\486376AD35E5B3D49940144BC46211F4]
"497CA84818B8A04418EA464733D75B72"="02:\\SOFTWARE\\Symantec\\InstalledApps\\SAV Install Directory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E583B84DF94840B69B71B9B9691C7]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CA4254E5D1DC3F41B7AAEE955FCDD65]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\ECMSVR32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CB829E5237898741983A2C0FB59BAEF]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50BBD0A1CB1FD3648A16157120DF2829]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2TNEF.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2TNEF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50E357748DE0DD840851872431DDB49B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2RTF.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2RTF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52329A5967EA7BE4396C59CEA602DECC]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5246FBA0D2725974B98D2F241801CE59]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\530B755CC7E4B0240B516CA62CE52FB0]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TCSCAN7.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\539D3B7957C58E141BAA69E8F67A3154]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53A119F546B8F0B4F8F6F980A73E0AC9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\ecmldr32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5549159AC4062D54397934DF6950AE35]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\IMail.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5645C240E90FDA14BAF1865CF63C602E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2TAR.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57257620AAEA0C242BDD7AB607B65379]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSLU.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B459F6503E1DF8468F49D2D7090B64C]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BB8408507AD2244D835B30D2FAE684E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TECHNOTE.TXT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D5E3CA2F6ABC7843ACCA3FE7FA5C2C9]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccSet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DAD7F81C316EDA4993345FA879C659F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2MIME.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64B5C6D35D4BA694090534F8F4275822]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN9.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6591A502E6CED1F48BF7C76C53CBF8F2]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SCANDRES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\662D9B6A76F85894B95D3DA06DC598A1]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66A964206D532614CAA674525C115B5A]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\670CE72E9F5EF7B42A9891043F5F6890]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\689C01ED28E08AA46A7CFC2A5FC5BE5B]
"497CA84818B8A04418EA464733D75B72"="02:\\Software\\Symantec\\InstalledApps\\IDSDefs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6925106EE9D0AF740BCCD43F8907862F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2TAR.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2TAR.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A98339CA4BE12046B79421363FDFA28]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\HH"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D4CD7C5D5B674F42A653A41E32208C0]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2GHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D8AC6C6E342F8E44A12D80B8D572F95]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2SS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EEA3CF07EBD65C48A3FE380BC2FF61E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2LZ.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2LZ.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB241AAAF09D3840BC2241E9AF19C9A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Rec2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70D2DE21FED8FF34C844F4A31D07101A]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70F1A44A35ECA3A4E87039D639C5E73A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\VPC32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\717AB62A0DC6B434EA08A1A45AC41341]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\ccDec.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71DECD1F77D7E3546ACEC3E68CA8D0D7]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SavRT32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72DD961BBCB9085489897E100B268A1B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVENG.EXP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\732889D137C8A784D8AF276C5D5A9C80]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN7.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74A47876014BF1D41A0C231D7930868B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN4.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75AD138F296CAC145BAD1206F9BE78A0]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76A5F6DF743589646A86A23EC64F3FD5]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccPwdSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\795ACC80F6B8CA9468B4BEE3453CE063]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVEX15.SYS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79768F9785BA38542BCF92E51B008096]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\nnewdefs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A0490666E0FE7143B0EC6D2888CCFBD]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E0766AE391E7FC46A6253340D25FD6A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\savmain.chm"
soseberg
2008-10-04, 08:11
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\819E87494C4723B45800D6033BCC1761]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccProd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\841AE651E02091243A9B88AFB0AC6C7A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\LuHstEdt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854F9CD2DF3D35C4691F1F93BA55A8BE]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2HQX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85A6640347184DE419174A7D938EE4A3]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85FB2592D75D45B4DA66315552889602]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86095466B37C0E2439C999C8734ACE74]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccAlert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86D94728C433931458979C371144AC11]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\886C438BBCEB3B34BBA2959B96D59782]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\SYMAVENG.CAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89A9407964B17F247A566F608906224F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\savhelp.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BA4514F4285A044BA167737E8F5984E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN3.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CFE9A92E47366C4D8BDA666C4265808]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\ZDONE.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EA518D8300D4144FBF3C30A17DC0B74]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F6C8E11621FE1B4493B1749232D780E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVEX32A.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\906E809EEA460C24E9E07BA3848F2529]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\savrt.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91F31ECC41B96D243A45422551C96C23]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2Zip.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2Zip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9284075EBAFA2524A97FE13EB90107F6]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\qspak32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92B1FBC2BB19F8E449B57B8A725C60A6]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN.INF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\932F0A059FB9ABC40A82EA16631751E7]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\CATALOG.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9372E53F9E9D3E542BEFE92078F34B27]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9390D61626BCDCB419965BCE33EF44F9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\WHATSNEW.TXT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\956B95676BE85A84DA3C38A66DE87EF4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2RAR.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2RAR.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\958453EF741836F4BBE15CEF80455A58]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95AADCB20EDD7A44FA70DA3B6EA3B300]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95F27B56918757849A0200722CE06175]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\qscomm32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\96443A54E01C3634C8C278DA21B260A1]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9774B9786310FF74BB53C7B03CB01005]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97DECBDE60A61F24B9747DC59772FD22]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TSCAN1.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98A908F509C436F43A1E953FE0E9EC00]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DecSDK.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\992DF40EA82049D46973729800B0109B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\SYMAVENG.INF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A94DDAF26A43054091D654EE7E6C17A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TINFL.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E38B3DC8CFB1A847A7BF1DA50E4493D]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Savrtpel.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9F0D5E01FFCBEDD459A7E55164EC51FA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\clninst.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BACD3EDDFCFE04CBEF935265E342E2]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A23D51D91BC1593468D63B29064215C4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SDSTP32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A49B22B4BF7F06441B3AF1D1FD9FFB8F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\NAVAPI32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A50ED13B3B131AB4D94F9219F9FD2A9E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\V.SIG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A54A0A5E2EB288B428823EE49A3FB0E5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6A1D0DC76F98104BB42B4D6CEEFFF9B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2Text.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A77464867EB9BD8439B0D0E164572155]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccEmlPxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8DC89FAF3F52B3448C6E06B118C405E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2AMG.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2AMG.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9F561C1606D4884BA82680B3B3CC15F]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB316309998CCD04AB05CA3502231C36]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TCDEFS.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2EXE.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2EXE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD1B6F6D0BA4B06429F76E1615E7AF72]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE842139D531885469A1CDC35A26B1F4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\DecSDK.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\DecSDK.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3F6A2DB538BA6E44B9404005AFB41E2]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B465BB97013CDDB488C6688694AADC47]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Default.hst"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B52F433F5E29EAB45BB395AAF7F5083C]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2LHA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B53334EE7245ABE43A018BD12C5D4C90]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SDSND32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B657DA17F4745DF4FB043AFD8A6D8A96]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B84D9337F11F8BD40AA93AC699DF1F43]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B929AC65371A796448D474A4C6CBC599]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2UUE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B954725E934126E4FA56EC324EA2AC16]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVENG.VXD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9B5013A40151AD41A78BCF1062B8BB4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9EBEB28E64D34C44BEA8117A9C4E7BC]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\V.GRD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB26CE3D008E2FA499FDEE6A7A5B9335]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2CAB.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2CAB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC34C33A760187541916B896EC5DF549]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSCoLU.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCD1A797A22A2444086E9E5F38AE3A76]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2MIME.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2MIME.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD554A3FBD0ED6B4AAD525CF1D8233AC]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SMSTR32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE00FE1089252744389477AA6DD677C5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2ARJ.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE6AEA47C44CE854791235345CE87CE6]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2LHA.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2LHA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1AC78A74A3296B4BA739BA5E5766344]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2SS.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2SS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1D015D543A678D4088D751CA77430A5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2ARJ.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2ARJ.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2C0DE96891BD8D47A1C6B99AFFC665A]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C32E6437293544D4A8C13C39BAE0C4DD]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2CAB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C40012A775E54A34DAF406E96C623E75]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\ECBOOTIL.VXD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5922EEEC20E0AC47A00B13FFA6AD0CD]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5EB53E2E70016247917D6D2B1A3BF83]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D3108C6C0CBBB4BB528D653EB18E3B]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C70541D73BA95574FAE9CD378E5E3B42]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C73635218DFABF44FA389B3E3BF3D020]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\I2ldvp3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAE832C2BD80F8041A1ABA2FA9BDE468]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD5D8902AD64C7743B56FCA1DB3D37B2]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDAF0D299B31D614A997AC7EFF57FE6F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\CCLGVIEW.CHM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDFF9BDE91468FA4893A207EF3172CCD]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVEX15.VXD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE3BFA88F46D18A49A28938603FC0FC4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\PATCH32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D11819582C5CB9546B91021BE6986C95]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TSCAN1HD.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D132B96CE9755DD439B4C163BFB86857]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DefUtDCS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D22A7456E1EC5144EAA1222DAF6E6330]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN5.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2EEB513BDC48C443B0FFC4606A08DFF]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2ID.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2ID.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D372E80B9398B83459370A4AD076F4FA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2AMG.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D4C317E99F72CD94E80229440898C76B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Default.rul"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D585AF34227B2154BA7E47561BC1F9B7]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SNDInst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5C7E0ECE38B2204C81A6CAC7B563C1E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\OEHeur.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9C74F83EE4D0A44D80B7D4CAFCC96E8]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB37AD6F8B343624D8A21F9536E244D0]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\ccScan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC7387A8D5086344DAA794B917FF9EA5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\LuaWrap.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC77558AAB3765D42AB9A67B9D465C8A]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDBDE39263120BA48A4447EE2CD07B18]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\NAVNTUTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DE6692E1170B7234EB5CFD71486A1C3F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2GZIP.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2GZIP.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E081C3D89E092634CA3410D94B2F952D]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E530F11EAE069884DAFC1C734C284319]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5D10B41A2DDC0D4B9906E3E8D63161A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCANT.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E6D4662DE51DDA24CA62E6F21AAE6EE1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2Zip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E73B25152A6C81B4580546FC77150DD9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\NAVLU.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAC087BC46220E2478B66673EDFF200D]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED493E8950DD165409D85C8C3BD24438]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF22F364C1A23C643AE004480F5EA9FE]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\QsInfo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF45D102C20B4734FAB39D8B3ACC47B1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SCANCFG.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F158A4B7B4D68274699DDD9237AA4845]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F17C3A8AA6513864387A2A2DEDE74860]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1ED2650479D1CA4593B666A0F217592]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TCSCAN8.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3A068986CC26724696ED759EE677211]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\PLATFORM.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F42B98E5315CA254F98CB0E739C7CEA1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4573B163C0CAAE4A9159A0D4344A173]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F627AA2A2A2A44B459A7BDC7E3640D92]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2RTF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F640791D6781B144299BC34022526E89]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8354A9E39BC37340AAE05C855881DB8]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN6.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8E6E6846AE5ED04E8E7EF768B83F3D9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVENG32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA9E7BE60590FA34C94D692A56BD66E1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVEX15.EXP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\497CA84818B8A04418EA464733D75B72\InstallProperties]
"Comments"="Thank you for using Symantec security products."
; Contents of value:
; http://www.symantec.com/techsupp
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,73,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,2e,00,63,00,6f,00,6d,\
00,2f,00,74,00,65,00,63,00,68,00,73,00,75,00,70,00,70,00,00,00
"InstallLocation"="C:\\Program Files\\Symantec AntiVirus\\"
"Publisher"="Symantec Corporation"
"URLInfoAbout"="http://www.symantec.com"
"URLUpdateInfo"="http://www.symantec.com"
"DisplayName"="Symantec AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Symantec Shared\\sevinst.exe"=dword:000001f4
"C:\\Program Files\\Symantec\\LiveUpdate\\S32LIVE1.DLL"=dword:00000064
"C:\\Program Files\\Symantec\\LiveUpdate\\S32LUIS1.DLL"=dword:00000064
"C:\\Program Files\\Symantec\\S32EVNT1.DLL"="2"
"C:\\Program Files\\Symantec\\SYMEVENT.SYS"="2"
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDInst.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSLU.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSCoLU.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccSet.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccPwdSvc.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccProd.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccAlert.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccLgView.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccEmlPxy.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate]
"UninstallString"="C:\\Program Files\\Symantec\\LiveUpdate\\LSETUP.EXE /U"
"DisplayName"="LiveUpdate 2.0 (Symantec Corporation)"
"DisplayIcon"="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE"
"URLInfoAbout"="http://www.symantec.com"
"InstallLocation"="C:\\Program Files\\Symantec\\LiveUpdate"
"UninstallPath"="C:\\Program Files\\Symantec\\LiveUpdate"
"Publisher"="Symantec Corporation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst]
"QuietUninstallString"="C:\\Program Files\\Common Files\\Symantec Shared\\SEVINST.EXE /U /Q"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{848AC794-8B81-440A-81AE-6474337DB527}]
"Comments"="Thank you for using Symantec security products."
; Contents of value:
; http://www.symantec.com/techsupp
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,73,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,2e,00,63,00,6f,00,6d,\
00,2f,00,74,00,65,00,63,00,68,00,73,00,75,00,70,00,70,00,00,00
"InstallLocation"="C:\\Program Files\\Symantec AntiVirus\\"
"Publisher"="Symantec Corporation"
"URLInfoAbout"="http://www.symantec.com"
"URLUpdateInfo"="http://www.symantec.com"
"DisplayName"="Symantec AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"Common Client Decomposers"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\"
"IDSDefs"="C:\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\"
"SAV Install Directory"="C:\\Program Files\\Symantec AntiVirus\\"
"SAVCE"="C:\\Program Files\\Symantec AntiVirus\\"
"Symantec Shared Directory"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdate\Preferences]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Shared Technology]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Shared Technology\AutoLiveUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DefWatch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DefWatch\Handlers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\MicroDefs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedUsage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedUsage]
"LiveUpdate"="C:\\Program Files\\Symantec\\LiveUpdate"
"LiveUpdate1"="C:\\Program Files\\Symantec\\LiveUpdate"
@="C:\\Program Files\\Symantec"
"Location1"="C:\\Program Files\\Symantec"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50]
"InstallDir"="C:\\Program Files\\Symantec AntiVirus\\"
"SharedComponents"="C:\\Program Files\\Symantec"
"SymantecShared"="C:\\Program Files\\Common Files\\Symantec Shared"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Quarantine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\SAVCE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\SymNetDrv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\VDD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\VDD\SAVCE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\VDD\SymNetDrv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SymNetDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
soseberg
2008-10-04, 08:15
LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\819E87494C4723B45800D6033BCC1761]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccProd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\841AE651E02091243A9B88AFB0AC6C7A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\LuHstEdt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854F9CD2DF3D35C4691F1F93BA55A8BE]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2HQX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85A6640347184DE419174A7D938EE4A3]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85FB2592D75D45B4DA66315552889602]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86095466B37C0E2439C999C8734ACE74]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccAlert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86D94728C433931458979C371144AC11]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\886C438BBCEB3B34BBA2959B96D59782]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\SYMAVENG.CAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89A9407964B17F247A566F608906224F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\savhelp.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BA4514F4285A044BA167737E8F5984E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN3.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CFE9A92E47366C4D8BDA666C4265808]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\ZDONE.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EA518D8300D4144FBF3C30A17DC0B74]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F6C8E11621FE1B4493B1749232D780E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVEX32A.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\906E809EEA460C24E9E07BA3848F2529]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\savrt.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91F31ECC41B96D243A45422551C96C23]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2Zip.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2Zip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9284075EBAFA2524A97FE13EB90107F6]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\qspak32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92B1FBC2BB19F8E449B57B8A725C60A6]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN.INF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\932F0A059FB9ABC40A82EA16631751E7]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\CATALOG.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9372E53F9E9D3E542BEFE92078F34B27]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9390D61626BCDCB419965BCE33EF44F9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\WHATSNEW.TXT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\956B95676BE85A84DA3C38A66DE87EF4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2RAR.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2RAR.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\958453EF741836F4BBE15CEF80455A58]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95AADCB20EDD7A44FA70DA3B6EA3B300]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95F27B56918757849A0200722CE06175]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\qscomm32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\96443A54E01C3634C8C278DA21B260A1]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9774B9786310FF74BB53C7B03CB01005]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97DECBDE60A61F24B9747DC59772FD22]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TSCAN1.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98A908F509C436F43A1E953FE0E9EC00]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DecSDK.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\992DF40EA82049D46973729800B0109B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\SYMAVENG.INF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A94DDAF26A43054091D654EE7E6C17A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TINFL.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E38B3DC8CFB1A847A7BF1DA50E4493D]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Savrtpel.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9F0D5E01FFCBEDD459A7E55164EC51FA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\clninst.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BACD3EDDFCFE04CBEF935265E342E2]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A23D51D91BC1593468D63B29064215C4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SDSTP32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A49B22B4BF7F06441B3AF1D1FD9FFB8F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\NAVAPI32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A50ED13B3B131AB4D94F9219F9FD2A9E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\V.SIG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A54A0A5E2EB288B428823EE49A3FB0E5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6A1D0DC76F98104BB42B4D6CEEFFF9B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2Text.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A77464867EB9BD8439B0D0E164572155]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccEmlPxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8DC89FAF3F52B3448C6E06B118C405E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2AMG.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2AMG.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9F561C1606D4884BA82680B3B3CC15F]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB316309998CCD04AB05CA3502231C36]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TCDEFS.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2EXE.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2EXE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD1B6F6D0BA4B06429F76E1615E7AF72]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE842139D531885469A1CDC35A26B1F4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\DecSDK.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\DecSDK.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3F6A2DB538BA6E44B9404005AFB41E2]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B465BB97013CDDB488C6688694AADC47]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Default.hst"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B52F433F5E29EAB45BB395AAF7F5083C]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2LHA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B53334EE7245ABE43A018BD12C5D4C90]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SDSND32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B657DA17F4745DF4FB043AFD8A6D8A96]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B84D9337F11F8BD40AA93AC699DF1F43]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B929AC65371A796448D474A4C6CBC599]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2UUE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B954725E934126E4FA56EC324EA2AC16]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVENG.VXD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9B5013A40151AD41A78BCF1062B8BB4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9EBEB28E64D34C44BEA8117A9C4E7BC]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\V.GRD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB26CE3D008E2FA499FDEE6A7A5B9335]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2CAB.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2CAB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC34C33A760187541916B896EC5DF549]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSCoLU.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCD1A797A22A2444086E9E5F38AE3A76]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2MIME.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2MIME.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD554A3FBD0ED6B4AAD525CF1D8233AC]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SMSTR32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE00FE1089252744389477AA6DD677C5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2ARJ.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE6AEA47C44CE854791235345CE87CE6]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2LHA.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2LHA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1AC78A74A3296B4BA739BA5E5766344]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2SS.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2SS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1D015D543A678D4088D751CA77430A5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2ARJ.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2ARJ.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2C0DE96891BD8D47A1C6B99AFFC665A]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C32E6437293544D4A8C13C39BAE0C4DD]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2CAB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C40012A775E54A34DAF406E96C623E75]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\ECBOOTIL.VXD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5922EEEC20E0AC47A00B13FFA6AD0CD]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5EB53E2E70016247917D6D2B1A3BF83]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D3108C6C0CBBB4BB528D653EB18E3B]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C70541D73BA95574FAE9CD378E5E3B42]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C73635218DFABF44FA389B3E3BF3D020]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\I2ldvp3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAE832C2BD80F8041A1ABA2FA9BDE468]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD5D8902AD64C7743B56FCA1DB3D37B2]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDAF0D299B31D614A997AC7EFF57FE6F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\CCLGVIEW.CHM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDFF9BDE91468FA4893A207EF3172CCD]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVEX15.VXD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE3BFA88F46D18A49A28938603FC0FC4]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\PATCH32I.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D11819582C5CB9546B91021BE6986C95]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TSCAN1HD.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D132B96CE9755DD439B4C163BFB86857]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\DefUtDCS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D22A7456E1EC5144EAA1222DAF6E6330]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN5.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2EEB513BDC48C443B0FFC4606A08DFF]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2ID.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2ID.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D372E80B9398B83459370A4AD076F4FA]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2AMG.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D4C317E99F72CD94E80229440898C76B]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Default.rul"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D585AF34227B2154BA7E47561BC1F9B7]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SNDInst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5C7E0ECE38B2204C81A6CAC7B563C1E]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\OEHeur.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9C74F83EE4D0A44D80B7D4CAFCC96E8]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB37AD6F8B343624D8A21F9536E244D0]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\ccScan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC7387A8D5086344DAA794B917FF9EA5]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\LuaWrap.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC77558AAB3765D42AB9A67B9D465C8A]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDBDE39263120BA48A4447EE2CD07B18]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\NAVNTUTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DE6692E1170B7234EB5CFD71486A1C3F]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2GZIP.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2GZIP.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E081C3D89E092634CA3410D94B2F952D]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E530F11EAE069884DAFC1C734C284319]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5D10B41A2DDC0D4B9906E3E8D63161A]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCANT.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E6D4662DE51DDA24CA62E6F21AAE6EE1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2Zip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E73B25152A6C81B4580546FC77150DD9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\NAVLU.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAC087BC46220E2478B66673EDFF200D]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED493E8950DD165409D85C8C3BD24438]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF22F364C1A23C643AE004480F5EA9FE]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\QsInfo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF45D102C20B4734FAB39D8B3ACC47B1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\SCANCFG.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F158A4B7B4D68274699DDD9237AA4845]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F17C3A8AA6513864387A2A2DEDE74860]
"497CA84818B8A04418EA464733D75B72"="C?\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1ED2650479D1CA4593B666A0F217592]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\TCSCAN8.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3A068986CC26724696ED759EE677211]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\PLATFORM.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F42B98E5315CA254F98CB0E739C7CEA1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\Dec2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4573B163C0CAAE4A9159A0D4344A173]
"497CA84818B8A04418EA464733D75B72"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
"00000000000000000000000000000000"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F627AA2A2A2A44B459A7BDC7E3640D92]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Dec2RTF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F640791D6781B144299BC34022526E89]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8354A9E39BC37340AAE05C855881DB8]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\VIRSCAN6.DAT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8E6E6846AE5ED04E8E7EF768B83F3D9]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVENG32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA9E7BE60590FA34C94D692A56BD66E1]
"497CA84818B8A04418EA464733D75B72"="C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\NAVEX15.EXP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\497CA84818B8A04418EA464733D75B72\InstallProperties]
"Comments"="Thank you for using Symantec security products."
; Contents of value:
; http://www.symantec.com/techsupp
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,73,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,2e,00,63,00,6f,00,6d,\
00,2f,00,74,00,65,00,63,00,68,00,73,00,75,00,70,00,70,00,00,00
"InstallLocation"="C:\\Program Files\\Symantec AntiVirus\\"
"Publisher"="Symantec Corporation"
"URLInfoAbout"="http://www.symantec.com"
"URLUpdateInfo"="http://www.symantec.com"
"DisplayName"="Symantec AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Symantec Shared\\sevinst.exe"=dword:000001f4
"C:\\Program Files\\Symantec\\LiveUpdate\\S32LIVE1.DLL"=dword:00000064
"C:\\Program Files\\Symantec\\LiveUpdate\\S32LUIS1.DLL"=dword:00000064
"C:\\Program Files\\Symantec\\S32EVNT1.DLL"="2"
"C:\\Program Files\\Symantec\\SYMEVENT.SYS"="2"
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDInst.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSLU.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSCoLU.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccSet.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccPwdSvc.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccProd.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccAlert.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccLgView.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\ccEmlPxy.dll"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate]
"UninstallString"="C:\\Program Files\\Symantec\\LiveUpdate\\LSETUP.EXE /U"
"DisplayName"="LiveUpdate 2.0 (Symantec Corporation)"
"DisplayIcon"="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE"
"URLInfoAbout"="http://www.symantec.com"
"InstallLocation"="C:\\Program Files\\Symantec\\LiveUpdate"
"UninstallPath"="C:\\Program Files\\Symantec\\LiveUpdate"
"Publisher"="Symantec Corporation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst]
"QuietUninstallString"="C:\\Program Files\\Common Files\\Symantec Shared\\SEVINST.EXE /U /Q"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{848AC794-8B81-440A-81AE-6474337DB527}]
"Comments"="Thank you for using Symantec security products."
; Contents of value:
; http://www.symantec.com/techsupp
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,73,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,2e,00,63,00,6f,00,6d,\
00,2f,00,74,00,65,00,63,00,68,00,73,00,75,00,70,00,70,00,00,00
"InstallLocation"="C:\\Program Files\\Symantec AntiVirus\\"
"Publisher"="Symantec Corporation"
"URLInfoAbout"="http://www.symantec.com"
"URLUpdateInfo"="http://www.symantec.com"
"DisplayName"="Symantec AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps]
"Common Client Decomposers"="C:\\Program Files\\Common Files\\Symantec Shared\\Decomposers\\"
"IDSDefs"="C:\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\"
"SAV Install Directory"="C:\\Program Files\\Symantec AntiVirus\\"
"SAVCE"="C:\\Program Files\\Symantec AntiVirus\\"
"Symantec Shared Directory"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdate\Preferences]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Shared Technology]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Shared Technology\AutoLiveUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DefWatch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DefWatch\Handlers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\MicroDefs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedUsage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedUsage]
"LiveUpdate"="C:\\Program Files\\Symantec\\LiveUpdate"
"LiveUpdate1"="C:\\Program Files\\Symantec\\LiveUpdate"
@="C:\\Program Files\\Symantec"
"Location1"="C:\\Program Files\\Symantec"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50]
"InstallDir"="C:\\Program Files\\Symantec AntiVirus\\"
"SharedComponents"="C:\\Program Files\\Symantec"
"SymantecShared"="C:\\Program Files\\Common Files\\Symantec Shared"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus\Quarantine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\SAVCE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\SymNetDrv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\VDD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\VDD\SAVCE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\VDD\SymNetDrv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SymNetDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
soseberg
2008-10-04, 08:19
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCEVTMGR\0000]
"DeviceDesc"="Symantec Event Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WLANKEEPER
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; TZMOVE
; Tlntsvr
; SysmonLog
; Symantec AntiVirus
; Starter
; SQLCTR$ACT7
; SQLAgent$ACT7
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; SavRoam
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Outlook
; Offline Files
; Oakley
; ntbackup
; MSSQLServerADHelper
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; mnmsrvc
; Microsoft Office Document Imaging
; Microsoft Office 11
; Microsoft H.323 Telephony Service Provider
; MDM
; LoadPerf
; LiveUpdate
; IntelliType Pro
; IntelliPoint
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; Defwatch
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; ccSetMgr
; ccEvtMgr
; Bonjour Service
; AutoEnrollment
; Autochk
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; AegisP
; ACT7
; ACT! Scheduler
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,4c,00,41,00,4e,00,4b,00,45,00,45,00,50,00,45,00,52,00,00,00,\
57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,6c,00,6f,\
00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\
50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,69,00,76,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,\
73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,5a,00,4d,00,4f,00,56,00,45,\
00,00,00,54,00,6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,\
6d,00,6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,\
00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,75,00,73,00,\
00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,51,00,4c,00,43,\
00,54,00,52,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,51,00,4c,00,41,00,\
67,00,65,00,6e,00,74,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,70,00,6f,\
00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,\
74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,\
00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,\
73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,\
00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,\
65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,\
00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,\
65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,53,\
00,61,00,76,00,52,00,6f,00,61,00,6d,00,00,00,73,00,61,00,66,00,72,00,73,00,\
6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,50,\
00,43,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,65,00,72,00,76,\
00,65,00,72,00,41,00,44,00,48,00,65,00,6c,00,70,00,65,00,72,00,00,00,4d,00,\
53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,\
00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\
00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,\
44,00,4d,00,69,00,6e,00,65,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,\
66,00,66,00,69,00,63,00,65,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,\
00,74,00,20,00,49,00,6d,00,61,00,67,00,69,00,6e,00,67,00,00,00,4d,00,69,00,\
63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,\
00,65,00,20,00,31,00,31,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,\
00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,44,\
00,4d,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,4c,00,\
69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,49,00,6e,00,74,\
00,65,00,6c,00,6c,00,69,00,54,00,79,00,70,00,65,00,20,00,50,00,72,00,6f,00,\
00,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,00,50,00,6f,00,69,00,6e,00,74,\
00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,\
64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,\
00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,\
6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,\
44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,\
00,51,00,75,00,6f,00,74,00,61,00,00,00,44,00,65,00,66,00,77,00,61,00,74,00,\
63,00,68,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,\
00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,\
6b,00,64,00,73,00,6b,00,00,00,63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,\
00,00,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,00,00,42,00,6f,00,\
6e,00,6a,00,6f,00,75,00,72,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,00,00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,\
00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\
00,00,00,41,00,65,00,67,00,69,00,73,00,50,00,00,00,41,00,43,00,54,00,37,00,\
00,00,41,00,43,00,54,00,21,00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ccEvtMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ccSetMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Defwatch]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SavRoam]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Symantec AntiVirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAVRT]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\savrt.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVRT]
; Contents of value:
; \??\C:\Program Files\Symantec AntiVirus\savrt.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,\
67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,\
00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,\
69,00,72,00,75,00,73,00,5c,00,73,00,61,00,76,00,72,00,74,00,2e,00,73,00,79,\
00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVRTPEL]
; Contents of value:
; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,\
67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,\
00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,\
69,00,72,00,75,00,73,00,5c,00,53,00,61,00,76,00,72,00,74,00,70,00,65,00,6c,\
00,2e,00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCEVTMGR\0000]
"DeviceDesc"="Symantec Event Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WLANKEEPER
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; TZMOVE
; Tlntsvr
; SysmonLog
; Symantec AntiVirus
; Starter
; SQLCTR$ACT7
; SQLAgent$ACT7
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; SavRoam
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Outlook
; Offline Files
; Oakley
; ntbackup
; MSSQLServerADHelper
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; mnmsrvc
; Microsoft Office Document Imaging
; Microsoft Office 11
; Microsoft H.323 Telephony Service Provider
; MDM
; LoadPerf
; LiveUpdate
; IntelliType Pro
; IntelliPoint
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; Defwatch
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; ccSetMgr
; ccEvtMgr
; Bonjour Service
; AutoEnrollment
; Autochk
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; AegisP
; ACT7
; ACT! Scheduler
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,4c,00,41,00,4e,00,4b,00,45,00,45,00,50,00,45,00,52,00,00,00,\
57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,6c,00,6f,\
00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\
50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,69,00,76,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,\
73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,5a,00,4d,00,4f,00,56,00,45,\
00,00,00,54,00,6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,\
6d,00,6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,\
00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,75,00,73,00,\
00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,51,00,4c,00,43,\
00,54,00,52,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,51,00,4c,00,41,00,\
67,00,65,00,6e,00,74,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,70,00,6f,\
00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,\
74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,\
00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,\
73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,\
00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,\
65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,\
00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,\
65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,53,\
00,61,00,76,00,52,00,6f,00,61,00,6d,00,00,00,73,00,61,00,66,00,72,00,73,00,\
6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,50,\
00,43,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,65,00,72,00,76,\
00,65,00,72,00,41,00,44,00,48,00,65,00,6c,00,70,00,65,00,72,00,00,00,4d,00,\
53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,\
00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\
00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,\
44,00,4d,00,69,00,6e,00,65,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,\
66,00,66,00,69,00,63,00,65,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,\
00,74,00,20,00,49,00,6d,00,61,00,67,00,69,00,6e,00,67,00,00,00,4d,00,69,00,\
63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,\
00,65,00,20,00,31,00,31,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,\
00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,44,\
00,4d,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,4c,00,\
69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,49,00,6e,00,74,\
00,65,00,6c,00,6c,00,69,00,54,00,79,00,70,00,65,00,20,00,50,00,72,00,6f,00,\
00,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,00,50,00,6f,00,69,00,6e,00,74,\
00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,\
64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,\
00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,\
6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,\
44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,\
00,51,00,75,00,6f,00,74,00,61,00,00,00,44,00,65,00,66,00,77,00,61,00,74,00,\
63,00,68,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,\
00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,\
6b,00,64,00,73,00,6b,00,00,00,63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,\
00,00,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,00,00,42,00,6f,00,\
6e,00,6a,00,6f,00,75,00,72,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,00,00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,\
00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\
00,00,00,41,00,65,00,67,00,69,00,73,00,50,00,00,00,41,00,43,00,54,00,37,00,\
00,00,41,00,43,00,54,00,21,00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ccEvtMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ccSetMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Defwatch]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SavRoam]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Symantec AntiVirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SAVRT]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\savrt.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SAVRT]
; Contents of value:
; \??\C:\Program Files\Symantec AntiVirus\savrt.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,\
67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,\
00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,\
69,00,72,00,75,00,73,00,5c,00,73,00,61,00,76,00,72,00,74,00,2e,00,73,00,79,\
00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SAVRTPEL]
; Contents of value:
; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,\
67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,\
00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,\
69,00,72,00,75,00,73,00,5c,00,53,00,61,00,76,00,72,00,74,00,70,00,65,00,6c,\
00,2e,00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCEVTMGR\0000]
"DeviceDesc"="Symantec Event Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WLANKEEPER
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; TZMOVE
; Tlntsvr
; SysmonLog
; Symantec AntiVirus
; Starter
; SQLCTR$ACT7
; SQLAgent$ACT7
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; SavRoam
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Outlook
; Offline Files
; Oakley
; ntbackup
; MSSQLServerADHelper
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; mnmsrvc
; Microsoft Office Document Imaging
; Microsoft Office 11
; Microsoft H.323 Telephony Service Provider
; MDM
; LoadPerf
; LiveUpdate
; IntelliType Pro
; IntelliPoint
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; Defwatch
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; ccSetMgr
; ccEvtMgr
; Bonjour Service
; AutoEnrollment
; Autochk
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; AegisP
; ACT7
; ACT! Scheduler
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,4c,00,41,00,4e,00,4b,00,45,00,45,00,50,00,45,00,52,00,00,00,\
57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,6c,00,6f,\
00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\
50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,69,00,76,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,\
73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,5a,00,4d,00,4f,00,56,00,45,\
00,00,00,54,00,6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,\
6d,00,6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,\
00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,75,00,73,00,\
00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,51,00,4c,00,43,\
00,54,00,52,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,51,00,4c,00,41,00,\
67,00,65,00,6e,00,74,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,70,00,6f,\
00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,\
74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,\
00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,\
73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,\
00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,\
65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,\
00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,\
65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,53,\
00,61,00,76,00,52,00,6f,00,61,00,6d,00,00,00,73,00,61,00,66,00,72,00,73,00,\
6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,50,\
00,43,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,65,00,72,00,76,\
00,65,00,72,00,41,00,44,00,48,00,65,00,6c,00,70,00,65,00,72,00,00,00,4d,00,\
53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,\
00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\
00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,\
44,00,4d,00,69,00,6e,00,65,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,\
66,00,66,00,69,00,63,00,65,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,\
00,74,00,20,00,49,00,6d,00,61,00,67,00,69,00,6e,00,67,00,00,00,4d,00,69,00,\
63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,\
00,65,00,20,00,31,00,31,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,\
00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,44,\
00,4d,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,4c,00,\
69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,49,00,6e,00,74,\
00,65,00,6c,00,6c,00,69,00,54,00,79,00,70,00,65,00,20,00,50,00,72,00,6f,00,\
00,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,00,50,00,6f,00,69,00,6e,00,74,\
00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,\
64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,\
00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,\
6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,\
44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,\
00,51,00,75,00,6f,00,74,00,61,00,00,00,44,00,65,00,66,00,77,00,61,00,74,00,\
63,00,68,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,\
00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,\
6b,00,64,00,73,00,6b,00,00,00,63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,\
00,00,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,00,00,42,00,6f,00,\
6e,00,6a,00,6f,00,75,00,72,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,00,00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,\
00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\
00,00,00,41,00,65,00,67,00,69,00,73,00,50,00,00,00,41,00,43,00,54,00,37,00,\
00,00,41,00,43,00,54,00,21,00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccEvtMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccSetMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Defwatch]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SavRoam]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Symantec AntiVirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAVRT]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\savrt.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRT]
; Contents of value:
; \??\C:\Program Files\Symantec AntiVirus\savrt.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,\
67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,\
00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,\
69,00,72,00,75,00,73,00,5c,00,73,00,61,00,76,00,72,00,74,00,2e,00,73,00,79,\
00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRTPEL]
; Contents of value:
; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,\
67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,\
00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,\
69,00,72,00,75,00,73,00,5c,00,53,00,61,00,76,00,72,00,74,00,70,00,65,00,6c,\
00,2e,00,73,00,79,00,73,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Symantec Client Security]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Symantec AntiVirus\\VPC32.exe"="Symantec AntiVirus"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="Common Client User Session"
"C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"="Symantec AntiVirus"
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="Symantec AntiVirus"
"C:\\DOCUME~1\\soseberg\\LOCALS~1\\Temp\\WZSE0.TMP\\SymNRT.exe"="Symantec Removal Utility"
[HKEY_CURRENT_USER\Software\Symantec]
[HKEY_CURRENT_USER\Software\Symantec\ACT!]
[HKEY_CURRENT_USER\Software\Symantec\ACT!\Email]
[HKEY_CURRENT_USER\Software\Symantec\ACT!\Email\Recent Item List]
[HKEY_CURRENT_USER\Software\Symantec\ACT!\Email\Settings]
; End Of The Log...
soseberg
2008-10-04, 08:24
I think i got all the bits & pieces copied over correctly - might still be a good idea to get you the file in its entirety
Yes, I agree.
Please upload results to rapidshare.com and post back link here, please :)
soseberg
2008-10-04, 12:01
http://rapidshare.com/files/150797333/RegSearch.txt.html
soseberg
2008-10-04, 12:07
p.s.
is there a free zip application you like to use ? I am using WinRAR on a trial period, and it is time to uninstall the SW since I don't want to buy it.
IzArc (http://www.izarc.org/) is one.
I will post back fix after I've gone through results :)
OK, that was a pretty much horrible task :spider:
Anyway now it's done :)
Go to Start > Run
Type regedit and click OK.
On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.
Open Notepad and copy the contents of the following box to a new file.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0E6C2-363B-11D3-B536-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A1-6BD0-11D3-B542-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40800-D38D-11D3-B562-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F0E0EE0-760F-11D2-8E55-72C9EE000000}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5E-7B07-11D2-BF1F-00A024D73444}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CEFD16C-91C2-4953-986E-EE77DE2DCF94}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FBEF3C8-45A0-42E0-8C68-681C4EB26DF7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2045EFE5-99CF-11D2-B40A-00600831DD76}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBC128-E397-11D1-B7A0-00A0C99C7131}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2707AAC6-C268-11D1-8263-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B83B324-49FD-11D3-B538-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5B6502-5731-11D3-B53D-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2BF-C603-11D1-826C-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C5962-08E2-4EC6-A21A-340838D6EDB5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C57BF5-CA86-11D1-B782-00A0C99C7131}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4128E694-4BB9-11D1-8190-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43943CCA-883C-11D1-83A4-00A0C9749EEF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49BB73EE-2C2F-445E-82E3-E6E3380285BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C34B690-D1B7-11D1-B041-00104B252EEA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DEF8DD1-C4D1-11D1-82DA-00A0C9749EEF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C2-B82E-11D1-8252-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C2-B82E-11D1-8252-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{592DC44C-4977-11D1-818D-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B4A5AE-0799-11D1-812A-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C2714F-4478-11D3-B537-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72E2440E-EBEA-49E6-A185-1BE03F723E28}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F365837-F578-11D1-B7B2-00A0C99C7131}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F365838-F578-11D1-B7B2-00A0C99C7131}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D37EC8-8342-11D3-B54C-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E9145BD-703D-11D1-81C9-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6F6788-4009-11D1-8184-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91581CB1-0E7B-11D1-9D93-00A0C95C1762}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{921BD9FB-4963-11D1-818D-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6BCDF39-8909-45B1-B614-1231B027E78F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBAB8BD-E4F1-11D1-A42C-00A0C9A243C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBBB9C7-8A99-11D1-8892-0080C75FFCC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8038863-10BB-464D-AF8C-3EBF7043B409}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B91B0CAD-D866-11D1-B78C-00A0C99C7131}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C6365-7218-11D0-8865-444553540000}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDA77241-42F6-11D0-85E2-00AA001FE28C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEE62D80-4A07-11D1-818E-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10E2CC6-1525-11D3-B527-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C859248A-513E-11D1-8194-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9A87C58-9683-4644-80BC-90D8462CE326}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D47C595F-B09E-4C75-A474-238CCE151335}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1C0-910E-11D1-AB1E-00A0C90F8F6F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F2026-8607-11D1-8892-0080C75FFCC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7A11338-B5E2-4A97-9151-2FB65FDB5BC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8E2BDBE-5723-11D3-B53D-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC894628-B91D-11D1-8254-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE207EB8-122B-11D3-B527-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF1C1AB8-C27D-11D1-8263-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\497CA84818B8A04418EA464733D75B72]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LDVPUI.LDVPUICtrl.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LiveupdateFile\DefaultIcon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManagerag]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManag]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModManag]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccPassword.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luGroup.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.luProductReg.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{17580E52-7B07-11D2-BF1F-00A024D73444}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2149B26D-55C9-4DC3-BD03-B982AAA1733A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226CDAFB-819C-4298-89FA-8A018BB188B5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2CECFD1F-CA35-4558-AC7F-64B6B463714A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2E76B2B4-C603-11D1-826C-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C3D7949-0006-4745-B3F6-BED93B98FA9B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{51B9BCA6-4A06-11D3-B538-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{536604BF-B82E-11D1-8252-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{592DC449-4977-11D1-818D-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{64B4A5AB-0799-11D1-812A-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E9145BE-703D-11D1-81C9-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{941F23D1-BD56-4F90-B99F-134D55D86053}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F3B84DC-3631-4BCE-90E9-041A6198A2FA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABA89334-36F7-4263-987C-941FF0C3E105}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C40049E7-5154-40E3-83B5-A94A89A29890}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C546DD23-7302-4E47-A4C1-E8417AD4243F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1A0-910E-11D1-AB1E-00A0C90F8F6F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EB54C4A8-F9BE-429F-AA4F-F1FA39EA3537}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F32F2023-8607-11D1-8892-0080C75FFCC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF1C1AB5-C27D-11D1-8263-00A0C95C0756}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\DLLUsage\VP6]
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"=-
"C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"=-
"C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"=-
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"=-
[-KEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion]
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine3]
"ProductName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail]
"ServiceDLLPath"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes]
"ServiceDLLPath"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient]
"ServiceDLLPath"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions]
"SAVCORP90"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\LUALL.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VPC32.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls]
"SYMLIVE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\"=-
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"=-
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\"=-
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\"=-
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\APTemp\\"=-
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\I2_LDVP.VDB\\"=-
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\Logs\\"=-
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Symantec AntiVirus Corporate Edition\\7.5\\Quarantine\\"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\"=-
"C:\\Program Files\\Symantec AntiVirus\\Virus Defs\\"=-
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\LuMMInst\\"=-
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\LiveUpdate\\"=-
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Symantec Client Security\\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0007E264C66416743963D7BDD4E2B7C8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01110A84106428F40880B93192013FC2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01ABD917955355D4A84144CA3CB609AA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\022AFE82A764D864A8CD9B23D4A38F57]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02C7935C8D887B948800BAE4ABE3C564]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0723095E1EB7A3F4599FB8829DE20284]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\075603C1A0A349649BF01150129CC6A5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09BD02E0169E55A44BB0A041D2C449E5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B0D2DF9159AC314BAD5F67FE98F6398]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DC310B120C02754683F563C5C11B7CC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E84B0475F3B7F84292D8B8BF4A0FAD3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\121A95866D8C3E147A73AF2FE040249B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\125695B83FF3EF745AE8D42E41D1E368]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1409F9F72CE9B2A4B9A2765A3A1E81A6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\150FA3B991BBEBA41BF609AB43273898]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15BCFAB3580A39841A2C9288D55C21DF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6AE69D474F3F4CA40C97240884521]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17BAD0AD61B75B64398F0A2154B4E93A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18073D53762F8D645924FD48C8BACE44]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\197986349ADD55E4791877C2F9FD1404]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AB755D80FE34914080C323F73F3F7F8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D0E4A28D2B91874D8BFAAF0D7D48C94]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DE10FC25DE814440ADCDF53E037BC5E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E17002306209BF498A5B184A6A4CD0C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F1CD0F52203E4041B8C1F49ED12DAC2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F77298863CF8F449A01B1CD959B1FE1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\203F9F5F4F3B1FE499FFF39DD06E0DDA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\219438F63413C924CA5B1C2ED64087BF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\253D749F0295B08418625E282C0B20E8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A894AB0F40A174EB0A93E99D63C893]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27FD15E46829E1643A8717519FE78684]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28808A0D22C26CD48AE82330ADE8789F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\298EAB6682C3A3B4D8309EB13208D507]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29BB554C82ECCC44FB1791D4169A8F11]"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AF612196D264A54DAB3109CC2F64A3E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E00DABFCA5E67C4881DCCA176F25C67]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2EE121971B29C064C864C5239C98CEF9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\308369E2AB881E545BD28CDED907ED5A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\316D91D98F2D37A4585D2DF5DACECF93]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31E285710D82D0C4FADFF97B867F2BB8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\320A69A94DB9F36488B915AC4F80E442]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\331BFD9AFD37BAD45914687B44B716D0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35E89152EB5CD1D4CAB72A216BA94B6F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36509426D2A5F93419B575FEC08752DD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37B018D38884D2043BBD8EAE6745979F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3914ABCF0CE84A4498608C467AD9AB01]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B65FCFCDAFAFF843A056302829A669D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D818C45510B5394E975AFDD34C21F75]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DEE68F0FC3313E4CAD8E4C3EBCBEC40]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E2AF2B8461F9B341AE996F816488D03]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E81A4DC21026924FB5FAF933085D236]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FFC076946D23F747BCC49D3C49DAD2B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4104FC2402715CE48B5F76E86269EAFA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\421D4B34EE9882B4D8068382B21C97A2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\433A4F345A4260C4BAB58E0D0FE2CA62]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\441567AAA28618C46A8BACAAC9BD2047]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4506881C8147E5C4898473908F999A6A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\452F176D393D2E842B78F854DF5D9D56]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\461CB5CCD4AE6B4438CE56243372952A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4650327CD3FFB8644A07B95EF08E1533]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4749418146A5C4D44A311288648899BB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4769CCBE90805494F9B0C1D7AD0F2F6C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\486376AD35E5B3D49940144BC46211F4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E583B84DF94840B69B71B9B9691C7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CA4254E5D1DC3F41B7AAEE955FCDD65]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CB829E5237898741983A2C0FB59BAEF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50BBD0A1CB1FD3648A16157120DF2829]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50E357748DE0DD840851872431DDB49B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52329A5967EA7BE4396C59CEA602DECC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5246FBA0D2725974B98D2F241801CE59]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\530B755CC7E4B0240B516CA62CE52FB0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\539D3B7957C58E141BAA69E8F67A3154]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53A119F546B8F0B4F8F6F980A73E0AC9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5549159AC4062D54397934DF6950AE35]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5645C240E90FDA14BAF1865CF63C602E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57257620AAEA0C242BDD7AB607B65379]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B459F6503E1DF8468F49D2D7090B64C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BB8408507AD2244D835B30D2FAE684E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D5E3CA2F6ABC7843ACCA3FE7FA5C2C9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DAD7F81C316EDA4993345FA879C659F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64B5C6D35D4BA694090534F8F4275822]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6591A502E6CED1F48BF7C76C53CBF8F2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\662D9B6A76F85894B95D3DA06DC598A1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66A964206D532614CAA674525C115B5A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\670CE72E9F5EF7B42A9891043F5F6890]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\689C01ED28E08AA46A7CFC2A5FC5BE5B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6925106EE9D0AF740BCCD43F8907862F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A98339CA4BE12046B79421363FDFA28]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D4CD7C5D5B674F42A653A41E32208C0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D8AC6C6E342F8E44A12D80B8D572F95]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EEA3CF07EBD65C48A3FE380BC2FF61E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB241AAAF09D3840BC2241E9AF19C9A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70D2DE21FED8FF34C844F4A31D07101A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70F1A44A35ECA3A4E87039D639C5E73A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\717AB62A0DC6B434EA08A1A45AC41341]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71DECD1F77D7E3546ACEC3E68CA8D0D7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72DD961BBCB9085489897E100B268A1B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\732889D137C8A784D8AF276C5D5A9C80]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74A47876014BF1D41A0C231D7930868B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75AD138F296CAC145BAD1206F9BE78A0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76A5F6DF743589646A86A23EC64F3FD5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\795ACC80F6B8CA9468B4BEE3453CE063]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79768F9785BA38542BCF92E51B008096]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A0490666E0FE7143B0EC6D2888CCFBD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E0766AE391E7FC46A6253340D25FD6A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\819E87494C4723B45800D6033BCC1761]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\841AE651E02091243A9B88AFB0AC6C7A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854F9CD2DF3D35C4691F1F93BA55A8BE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85A6640347184DE419174A7D938EE4A3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85FB2592D75D45B4DA66315552889602]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86095466B37C0E2439C999C8734ACE74]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86D94728C433931458979C371144AC11]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\886C438BBCEB3B34BBA2959B96D59782]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89A9407964B17F247A566F608906224F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BA4514F4285A044BA167737E8F5984E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CFE9A92E47366C4D8BDA666C4265808]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EA518D8300D4144FBF3C30A17DC0B74]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F6C8E11621FE1B4493B1749232D780E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\906E809EEA460C24E9E07BA3848F2529]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91F31ECC41B96D243A45422551C96C23]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9284075EBAFA2524A97FE13EB90107F6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92B1FBC2BB19F8E449B57B8A725C60A6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\932F0A059FB9ABC40A82EA16631751E7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9372E53F9E9D3E542BEFE92078F34B27]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9390D61626BCDCB419965BCE33EF44F9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\956B95676BE85A84DA3C38A66DE87EF4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\958453EF741836F4BBE15CEF80455A58]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95AADCB20EDD7A44FA70DA3B6EA3B300]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95F27B56918757849A0200722CE06175]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\96443A54E01C3634C8C278DA21B260A1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9774B9786310FF74BB53C7B03CB01005]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97DECBDE60A61F24B9747DC59772FD22]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98A908F509C436F43A1E953FE0E9EC00]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\992DF40EA82049D46973729800B0109B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A94DDAF26A43054091D654EE7E6C17A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E38B3DC8CFB1A847A7BF1DA50E4493D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9F0D5E01FFCBEDD459A7E55164EC51FA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BACD3EDDFCFE04CBEF935265E342E2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A23D51D91BC1593468D63B29064215C4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A49B22B4BF7F06441B3AF1D1FD9FFB8F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A50ED13B3B131AB4D94F9219F9FD2A9E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A54A0A5E2EB288B428823EE49A3FB0E5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6A1D0DC76F98104BB42B4D6CEEFFF9B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A77464867EB9BD8439B0D0E164572155]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8DC89FAF3F52B3448C6E06B118C405E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9F561C1606D4884BA82680B3B3CC15F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB316309998CCD04AB05CA3502231C36]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD1B6F6D0BA4B06429F76E1615E7AF72]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE842139D531885469A1CDC35A26B1F4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3F6A2DB538BA6E44B9404005AFB41E2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B465BB97013CDDB488C6688694AADC47]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B52F433F5E29EAB45BB395AAF7F5083C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B53334EE7245ABE43A018BD12C5D4C90]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B657DA17F4745DF4FB043AFD8A6D8A96]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B84D9337F11F8BD40AA93AC699DF1F43]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B929AC65371A796448D474A4C6CBC599]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B954725E934126E4FA56EC324EA2AC16]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9B5013A40151AD41A78BCF1062B8BB4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9EBEB28E64D34C44BEA8117A9C4E7BC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB26CE3D008E2FA499FDEE6A7A5B9335]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC34C33A760187541916B896EC5DF549]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCD1A797A22A2444086E9E5F38AE3A76]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD554A3FBD0ED6B4AAD525CF1D8233AC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE00FE1089252744389477AA6DD677C5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE6AEA47C44CE854791235345CE87CE6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1AC78A74A3296B4BA739BA5E5766344]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1D015D543A678D4088D751CA77430A5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2C0DE96891BD8D47A1C6B99AFFC665A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C32E6437293544D4A8C13C39BAE0C4DD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C40012A775E54A34DAF406E96C623E75]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5922EEEC20E0AC47A00B13FFA6AD0CD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5EB53E2E70016247917D6D2B1A3BF83]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D3108C6C0CBBB4BB528D653EB18E3B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C70541D73BA95574FAE9CD378E5E3B42]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C73635218DFABF44FA389B3E3BF3D020]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAE832C2BD80F8041A1ABA2FA9BDE468]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD5D8902AD64C7743B56FCA1DB3D37B2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDAF0D299B31D614A997AC7EFF57FE6F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDFF9BDE91468FA4893A207EF3172CCD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE3BFA88F46D18A49A28938603FC0FC4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D11819582C5CB9546B91021BE6986C95]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D132B96CE9755DD439B4C163BFB86857]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D22A7456E1EC5144EAA1222DAF6E6330]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2EEB513BDC48C443B0FFC4606A08DFF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D372E80B9398B83459370A4AD076F4FA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D4C317E99F72CD94E80229440898C76B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D585AF34227B2154BA7E47561BC1F9B7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5C7E0ECE38B2204C81A6CAC7B563C1E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9C74F83EE4D0A44D80B7D4CAFCC96E8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB37AD6F8B343624D8A21F9536E244D0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC7387A8D5086344DAA794B917FF9EA5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC77558AAB3765D42AB9A67B9D465C8A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDBDE39263120BA48A4447EE2CD07B18]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DE6692E1170B7234EB5CFD71486A1C3F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E081C3D89E092634CA3410D94B2F952D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E530F11EAE069884DAFC1C734C284319]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5D10B41A2DDC0D4B9906E3E8D63161A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E6D4662DE51DDA24CA62E6F21AAE6EE1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E73B25152A6C81B4580546FC77150DD9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAC087BC46220E2478B66673EDFF200D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED493E8950DD165409D85C8C3BD24438]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF22F364C1A23C643AE004480F5EA9FE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF45D102C20B4734FAB39D8B3ACC47B1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F158A4B7B4D68274699DDD9237AA4845]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F17C3A8AA6513864387A2A2DEDE74860]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1ED2650479D1CA4593B666A0F217592]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3A068986CC26724696ED759EE677211]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F42B98E5315CA254F98CB0E739C7CEA1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4573B163C0CAAE4A9159A0D4344A173]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F627AA2A2A2A44B459A7BDC7E3640D92]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F640791D6781B144299BC34022526E89]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8354A9E39BC37340AAE05C855881DB8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8E6E6846AE5ED04E8E7EF768B83F3D9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA9E7BE60590FA34C94D692A56BD66E1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\497CA84818B8A04418EA464733D75B72\InstallProperties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Symantec Shared\\sevinst.exe"=-
"C:\\Program Files\\Symantec\\LiveUpdate\\S32LIVE1.DLL"=-
"C:\\Program Files\\Symantec\\LiveUpdate\\S32LUIS1.DLL"=-
"C:\\Program Files\\Symantec\\S32EVNT1.DLL"=-
"C:\\Program Files\\Symantec\\SYMEVENT.SYS"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\webshell.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\vpshell2.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\scandlgs.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPView.ocx"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPTask.ocx"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDInst.exe"=dword:-
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe"=dword:-
"C:\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSLU.exe"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\IDSDefs\\IDSCoLU.exe"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\IMailUI.ocx"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccWebWnd.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccSet.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccPwdSvc.exe"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccPwd.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccProd.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccAlert.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccLgView.exe"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\ccEmlPxy.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{848AC794-8B81-440A-81AE-6474337DB527}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCEVTMGR]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVRT]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVRTPEL]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCEVTMGR]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SAVRT]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SAVRTPEL]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCEVTMGR]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRT]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRTPEL]
[HKEY_CURRENT_USER\Software\Symantec]
Save it as fix.reg (save type: "All files" (*.*)) to your desktop.
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Go to Desktop, double-click fix.reg and merge the infomation with the registry.
Reboot.
Do another search with Symantec and post back results, please.
soseberg
2008-10-07, 02:37
exported the registry content to c:\backup registry
created fix.reg & saved as type all files - the encoding defaulted to ANSI
double clicked on fix.reg & added the fix.reg info to the registry
a message returne that the info was successfully added
so far so good, i think =)
will reboot & search on symantec... stand by for result
soseberg
2008-10-07, 02:58
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-10-06 17:47:47 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}\ProgID]
@="Symantec.stInetTransferItem.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetTransferItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\ProgID]
@="Symantec.stInetBatchGet.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetBatchGet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}\ProgID]
@="Symantec.stCallbackManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}\VersionIndependentProgID]
@="Symantec.stCallbackManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\ProgID]
@="Symantec.stLog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\VersionIndependentProgID]
@="Symantec.stLog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}\InprocServer32]
@="C:\\Program Files\\Symantec\\LiveUpdate\\ProductRegCom.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}\ProgID]
@="Symantec.luProductReg.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}\VersionIndependentProgID]
@="Symantec.luProductReg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBC129-E397-11D1-B7A0-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C0-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C3-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C4-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C57BF6-CA86-11D1-B782-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4128E695-4BB9-11D1-8190-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C3-B82E-11D1-8252-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ldvpui.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{592DC44F-4977-11D1-818D-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}\ProgID]
@="Symantec.stPatch.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}\VersionIndependentProgID]
@="Symantec.stPatch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBAB8BE-E4F1-11D1-A42C-00A0C9A243C6}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBBB9C6-8A99-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B91B0CAE-D866-11D1-B78C-00A0C99C7131}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C859248B-513E-11D1-8194-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1D0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1E0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F2027-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202A-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202B-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC894629-B91D-11D1-8254-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPCtls.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF1C1AB9-C27D-11D1-8263-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\ExchngUI.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1B0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliproxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1B0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion]
"Home Directory"="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Common]
"SelectedMessage"="Symantec AntiVirus found a virus in an attachment from ~D.
"
"WarningMessage"="Symantec AntiVirus found a virus in an attachment from ~D.
"
"SenderMessage"="Symantec AntiVirus found a virus in an attachment you (~D) sent to ~I.
To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment.
"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDInst.exe"=dword:00000001
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCEVTMGR\0000]
"DeviceDesc"="Symantec Event Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WLANKEEPER
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; TZMOVE
; Tlntsvr
; SysmonLog
; Symantec AntiVirus
; Starter
; SQLCTR$ACT7
; SQLAgent$ACT7
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; SavRoam
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Outlook
; Offline Files
; Oakley
; ntbackup
; MSSQLServerADHelper
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; mnmsrvc
; Microsoft Office Document Imaging
; Microsoft Office 11
; Microsoft H.323 Telephony Service Provider
; MDM
; LoadPerf
; LiveUpdate
; IntelliType Pro
; IntelliPoint
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; Defwatch
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; ccSetMgr
; ccEvtMgr
; Bonjour Service
; AutoEnrollment
; Autochk
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; AegisP
; ACT7
; ACT! Scheduler
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,4c,00,41,00,4e,00,4b,00,45,00,45,00,50,00,45,00,52,00,00,00,\
57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,6c,00,6f,\
00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\
50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,69,00,76,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,\
73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,5a,00,4d,00,4f,00,56,00,45,\
00,00,00,54,00,6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,\
6d,00,6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,\
00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,75,00,73,00,\
00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,51,00,4c,00,43,\
00,54,00,52,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,51,00,4c,00,41,00,\
67,00,65,00,6e,00,74,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,70,00,6f,\
00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,\
74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,\
00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,\
73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,\
00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,\
65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,\
00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,\
65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,53,\
00,61,00,76,00,52,00,6f,00,61,00,6d,00,00,00,73,00,61,00,66,00,72,00,73,00,\
6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,50,\
00,43,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,65,00,72,00,76,\
00,65,00,72,00,41,00,44,00,48,00,65,00,6c,00,70,00,65,00,72,00,00,00,4d,00,\
53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,\
00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\
00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,\
44,00,4d,00,69,00,6e,00,65,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,\
66,00,66,00,69,00,63,00,65,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,\
00,74,00,20,00,49,00,6d,00,61,00,67,00,69,00,6e,00,67,00,00,00,4d,00,69,00,\
63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,\
00,65,00,20,00,31,00,31,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,\
00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,44,\
00,4d,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,4c,00,\
69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,49,00,6e,00,74,\
00,65,00,6c,00,6c,00,69,00,54,00,79,00,70,00,65,00,20,00,50,00,72,00,6f,00,\
00,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,00,50,00,6f,00,69,00,6e,00,74,\
00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,\
64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,\
00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,\
6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,\
44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,\
00,51,00,75,00,6f,00,74,00,61,00,00,00,44,00,65,00,66,00,77,00,61,00,74,00,\
63,00,68,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,\
00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,\
6b,00,64,00,73,00,6b,00,00,00,63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,\
00,00,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,00,00,42,00,6f,00,\
6e,00,6a,00,6f,00,75,00,72,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,00,00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,\
00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\
00,00,00,41,00,65,00,67,00,69,00,73,00,50,00,00,00,41,00,43,00,54,00,37,00,\
00,00,41,00,43,00,54,00,21,00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ccEvtMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ccSetMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Defwatch]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SavRoam]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Symantec AntiVirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAVRT]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\savrt.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
soseberg
2008-10-07, 02:59
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCEVTMGR\0000]
"DeviceDesc"="Symantec Event Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WLANKEEPER
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; TZMOVE
; Tlntsvr
; SysmonLog
; Symantec AntiVirus
; Starter
; SQLCTR$ACT7
; SQLAgent$ACT7
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; SavRoam
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Outlook
; Offline Files
; Oakley
; ntbackup
; MSSQLServerADHelper
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; mnmsrvc
; Microsoft Office Document Imaging
; Microsoft Office 11
; Microsoft H.323 Telephony Service Provider
; MDM
; LoadPerf
; LiveUpdate
; IntelliType Pro
; IntelliPoint
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; Defwatch
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; ccSetMgr
; ccEvtMgr
; Bonjour Service
; AutoEnrollment
; Autochk
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; AegisP
; ACT7
; ACT! Scheduler
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,4c,00,41,00,4e,00,4b,00,45,00,45,00,50,00,45,00,52,00,00,00,\
57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,6c,00,6f,\
00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\
50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,69,00,76,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,\
73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,5a,00,4d,00,4f,00,56,00,45,\
00,00,00,54,00,6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,\
6d,00,6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,\
00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,75,00,73,00,\
00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,51,00,4c,00,43,\
00,54,00,52,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,51,00,4c,00,41,00,\
67,00,65,00,6e,00,74,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,70,00,6f,\
00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,\
74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,\
00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,\
73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,\
00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,\
65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,\
00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,\
65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,53,\
00,61,00,76,00,52,00,6f,00,61,00,6d,00,00,00,73,00,61,00,66,00,72,00,73,00,\
6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,50,\
00,43,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,65,00,72,00,76,\
00,65,00,72,00,41,00,44,00,48,00,65,00,6c,00,70,00,65,00,72,00,00,00,4d,00,\
53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,\
00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\
00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,\
44,00,4d,00,69,00,6e,00,65,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,\
66,00,66,00,69,00,63,00,65,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,\
00,74,00,20,00,49,00,6d,00,61,00,67,00,69,00,6e,00,67,00,00,00,4d,00,69,00,\
63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,\
00,65,00,20,00,31,00,31,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,\
00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,44,\
00,4d,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,4c,00,\
69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,49,00,6e,00,74,\
00,65,00,6c,00,6c,00,69,00,54,00,79,00,70,00,65,00,20,00,50,00,72,00,6f,00,\
00,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,00,50,00,6f,00,69,00,6e,00,74,\
00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,\
64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,\
00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,\
6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,\
44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,\
00,51,00,75,00,6f,00,74,00,61,00,00,00,44,00,65,00,66,00,77,00,61,00,74,00,\
63,00,68,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,\
00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,\
6b,00,64,00,73,00,6b,00,00,00,63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,\
00,00,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,00,00,42,00,6f,00,\
6e,00,6a,00,6f,00,75,00,72,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,00,00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,\
00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\
00,00,00,41,00,65,00,67,00,69,00,73,00,50,00,00,00,41,00,43,00,54,00,37,00,\
00,00,41,00,43,00,54,00,21,00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ccEvtMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ccSetMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Defwatch]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SavRoam]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Symantec AntiVirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SAVRT]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\savrt.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCEVTMGR\0000]
"DeviceDesc"="Symantec Event Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WLANKEEPER
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; TZMOVE
; Tlntsvr
; SysmonLog
; Symantec AntiVirus
; Starter
; SQLCTR$ACT7
; SQLAgent$ACT7
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; SavRoam
; safrslv
; SAFrdms
; RPC
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Outlook
; Offline Files
; Oakley
; ntbackup
; MSSQLServerADHelper
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; mnmsrvc
; Microsoft Office Document Imaging
; Microsoft Office 11
; Microsoft H.323 Telephony Service Provider
; MDM
; LoadPerf
; LiveUpdate
; IntelliType Pro
; IntelliPoint
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; Defwatch
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; ccSetMgr
; ccEvtMgr
; Bonjour Service
; AutoEnrollment
; Autochk
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; AegisP
; ACT7
; ACT! Scheduler
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,4c,00,41,00,4e,00,4b,00,45,00,45,00,50,00,45,00,52,00,00,00,\
57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,6c,00,6f,\
00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\
50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,69,00,76,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,\
73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,5a,00,4d,00,4f,00,56,00,45,\
00,00,00,54,00,6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,\
6d,00,6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,\
00,65,00,63,00,20,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,75,00,73,00,\
00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,51,00,4c,00,43,\
00,54,00,52,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,51,00,4c,00,41,00,\
67,00,65,00,6e,00,74,00,24,00,41,00,43,00,54,00,37,00,00,00,53,00,70,00,6f,\
00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,\
74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,\
00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,\
73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,\
00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,\
65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,\
00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,\
65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,53,\
00,61,00,76,00,52,00,6f,00,61,00,6d,00,00,00,73,00,61,00,66,00,72,00,73,00,\
6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,50,\
00,43,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,65,00,72,00,76,\
00,65,00,72,00,41,00,44,00,48,00,65,00,6c,00,70,00,65,00,72,00,00,00,4d,00,\
53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,\
00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\
00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,\
44,00,4d,00,69,00,6e,00,65,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,\
66,00,66,00,69,00,63,00,65,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,\
00,74,00,20,00,49,00,6d,00,61,00,67,00,69,00,6e,00,67,00,00,00,4d,00,69,00,\
63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,\
00,65,00,20,00,31,00,31,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,\
00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,44,\
00,4d,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,4c,00,\
69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,49,00,6e,00,74,\
00,65,00,6c,00,6c,00,69,00,54,00,79,00,70,00,65,00,20,00,50,00,72,00,6f,00,\
00,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,00,50,00,6f,00,69,00,6e,00,74,\
00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,\
64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,\
00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,\
6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,\
44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,\
00,51,00,75,00,6f,00,74,00,61,00,00,00,44,00,65,00,66,00,77,00,61,00,74,00,\
63,00,68,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,\
00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,\
6b,00,64,00,73,00,6b,00,00,00,63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,\
00,00,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,00,00,42,00,6f,00,\
6e,00,6a,00,6f,00,75,00,72,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,00,00,41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,\
00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\
00,00,00,41,00,65,00,67,00,69,00,73,00,50,00,00,00,41,00,43,00,54,00,37,00,\
00,00,41,00,43,00,54,00,21,00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccEvtMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccSetMgr]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Defwatch]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SavRoam]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Symantec AntiVirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAVRT]
"EventMessageFile"="C:\\Program Files\\Symantec AntiVirus\\savrt.sys"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Symantec Client Security]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Symantec AntiVirus\\VPC32.exe"="Symantec AntiVirus"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="Common Client User Session"
"C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"="Symantec AntiVirus"
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="Symantec AntiVirus"
"C:\\DOCUME~1\\soseberg\\LOCALS~1\\Temp\\WZSE0.TMP\\SymNRT.exe"="Symantec Removal Utility"
[HKEY_CURRENT_USER\Software\Symantec]
[HKEY_CURRENT_USER\Software\Symantec\ACT!]
[HKEY_CURRENT_USER\Software\Symantec\ACT!\Email]
[HKEY_CURRENT_USER\Software\Symantec\ACT!\Email\Recent Item List]
[HKEY_CURRENT_USER\Software\Symantec\ACT!\Email\Settings]
; End Of The Log...
soseberg
2008-10-07, 03:05
this updated regsearch was quite a bit smaller, but just a little too big to post the whole thing (by approx 450 chars); i uploaded to rapidshare the file in its entirety http://rapidshare.com/files/151596005/RegSearch1.txt
these latest steps has eliminated symantec's attempt to reinstall when i right-click! YAY!
Yes it is definitely smaller and most of that doesn't need to be removed either.
Go here (http://www.microsoft.com/downloads/details.aspx?familyid=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en) and download subinacl.msi
Double click on subinacl.msi to start the installation of Subinacl
Click Next>
Select I accept and click Next>
Click browse
From the drop down menu select C:\
Double click on WINDOWS and then system32
Click OK
Click Install now
Click Finish
Copy text below to Notepad and save it as remlegacy.bat (save it as all files, *.*)
@ECHO OFF
FOR %%R IN (
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCEVTMGR"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCEVTMGR"
) Do (
subinacl.exe /subkeyreg %%R /setowner=%username% /grant=%username%=F
reg delete %%R /f
)
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG
Doubleclick remlegacy.bat; black dos windows will flash, that's normal.
Open Notepad and copy the contents of the following box to a new file.
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C17-24F8-11D3-B530-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D4C11A3-6BD0-11D3-B542-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBC129-E397-11D1-B7A0-00A0C99C7131}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C0-C603-11D1-826C-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C57BF6-CA86-11D1-B782-00A0C99C7131}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4128E695-4BB9-11D1-8190-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536604C3-B82E-11D1-8252-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{592DC44F-4977-11D1-818D-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C27151-4478-11D3-B537-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBAB8BE-E4F1-11D1-A42C-00A0C9A243C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBBB9C6-8A99-11D1-8892-0080C75FFCC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B91B0CAE-D866-11D1-B78C-00A0C99C7131}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C859248B-513E-11D1-8194-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1D0-910E-11D1-AB1E-00A0C90F8F6F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F2027-8607-11D1-8892-0080C75FFCC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC894629-B91D-11D1-8254-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF1C1AB9-C27D-11D1-8263-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1B0-910E-11D1-AB1E-00A0C90F8F6F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDInst.exe"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ccEvtMgr]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ccSetMgr]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Defwatch]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LiveUpdate]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SavRoam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Symantec AntiVirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAVRT]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ccEvtMgr]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ccSetMgr]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Defwatch]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\LiveUpdate]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SavRoam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Symantec AntiVirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SAVRT]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccEvtMgr]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccSetMgr]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Defwatch]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LiveUpdate]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SavRoam]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Symantec AntiVirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAVRT]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Symantec Client Security]
[-HKEY_CURRENT_USER\Software\Symantec]
Save it as fix2.reg (save type: "All files" (*.*)) to your desktop.
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Go to Desktop, double-click fix2.reg and merge the infomation with the registry.
Reboot.
Do another search with Symantec and post back results, please.
soseberg
2008-10-07, 15:58
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-10-07 06:50:09 for strings:
; 'symantec '
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C3-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C4-C603-11D1-826C-00A0C95C0756}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDVPDlgs.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1E0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\Transman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202A-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202B-8607-11D1-8892-0080C75FFCC4}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SSC\\LDDateTm.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\0\win32]
@="C:\\Program Files\\Symantec AntiVirus\\Cliscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}\1.0\HELPDIR]
@="C:\\Program Files\\Symantec AntiVirus\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Symantec AntiVirus\\VPC32.exe"="Symantec AntiVirus"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="Common Client User Session"
"C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"="Symantec AntiVirus"
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="Symantec AntiVirus"
"C:\\DOCUME~1\\soseberg\\LOCALS~1\\Temp\\WZSE0.TMP\\SymNRT.exe"="Symantec Removal Utility"
; End Of The Log...
Almost there.
Open Notepad and copy the contents of the following box to a new file.
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C3-C603-11D1-826C-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E76B2C4-C603-11D1-826C-00A0C95C0756}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E381F1E0-910E-11D1-AB1E-00A0C90F8F6F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202A-8607-11D1-8892-0080C75FFCC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F32F202B-8607-11D1-8892-0080C75FFCC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E381F1F0-910E-11D1-AB1E-00A0C90F8F6F}]
Save it as fix3.reg (save type: "All files" (*.*)) to your desktop.
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Go to Desktop, double-click fix3.reg and merge the infomation with the registry.
Reboot.
Do another search with Symantec and post back results, please.
soseberg
2008-10-07, 16:31
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-10-07 07:24:39 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\ProgID]
@="Symantec.stInetBatchGet.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}\VersionIndependentProgID]
@="Symantec.stInetBatchGet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\LocalServer32]
@="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\ProgID]
@="Symantec.stLog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}\VersionIndependentProgID]
@="Symantec.stLog"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Symantec AntiVirus\\VPC32.exe"="Symantec AntiVirus"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="Common Client User Session"
"C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"="Symantec AntiVirus"
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="Symantec AntiVirus"
"C:\\DOCUME~1\\soseberg\\LOCALS~1\\Temp\\WZSE0.TMP\\SymNRT.exe"="Symantec Removal Utility"
; End Of The Log...
There seems to be two new keys.
Save this as fix4.reg.
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A577C19-24F8-11D3-B530-00902771A435}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED40801-D38D-11D3-B562-00902771A435}]
Go to Desktop, double-click fix4.reg and merge the infomation with the registry.
Reboot.
Do another search with Symantec and post back results, please.
soseberg
2008-10-07, 17:13
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-10-07 08:04:40 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,\
00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,\
70,00,00,00,53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,\
00,75,00,70,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,\
47,00,72,00,6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,\
00,47,00,72,00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,\
72,00,6f,00,75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,\
00,64,00,47,00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,\
72,00,6b,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,\
00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,\
72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,\
00,65,00,6e,00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,\
43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,\
61,00,63,00,74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
; C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,43,00,3a,00,\
5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,\
00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,00,20,00,53,00,6f,00,66,00,74,00,\
77,00,61,00,72,00,65,00,5c,00,41,00,76,00,61,00,73,00,74,00,34,00,5c,00,61,\
00,73,00,77,00,4d,00,6f,00,6e,00,56,00,64,00,2e,00,64,00,6c,00,6c,00,00,00,\
00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Symantec AntiVirus\\VPC32.exe"="Symantec AntiVirus"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="Common Client User Session"
"C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"="Symantec AntiVirus"
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="Symantec AntiVirus"
"C:\\DOCUME~1\\soseberg\\LOCALS~1\\Temp\\WZSE0.TMP\\SymNRT.exe"="Symantec Removal Utility"
; End Of The Log...
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
soseberg
2008-10-08, 02:18
tried running kaspersky several times, and my computer keeps turning off after scanning approx 800-900 files (when it gets to the itunes or quicktime sw)
gonna give it one last try b4 giving up...
could the avast antivirus sw be conflicting? i notice that the tray icons have disappeared since our latest registry cleanup, but
soseberg
2008-10-08, 02:20
and as i type this, the scan is now at 2000+ files, so it may work this time - i noticed zango and zeno search is still in there. seems kaspersky is detecting some infections/threats.
soseberg
2008-10-08, 06:02
finally got a successful kaspersky run after my computer died one more time. the scan took almost 2-hrs and ran the cpu at over 60%, up to 90-100 most of the time.
kasperky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 08, 2008 03:06:14
Records in database: 1298821
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 54502
Threat name: 30
Infected objects: 57
Suspicious objects: 0
Duration of the scan: 01:52:54
File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN Infected: Trojan-Downloader.Win32.VB.fen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06500000.VBN Infected: Trojan-Downloader.Win32.VB.fen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09100000.VBN Infected: Trojan-Downloader.Win32.VB.hpv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN Infected: Trojan-Downloader.Win32.VB.gwr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0001.VBN Infected: Trojan-Downloader.Win32.Agent.ezc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\091C0002.VBN Infected: not-a-virus:AdWare.Win32.Rond.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A4C0000.VBN Infected: Trojan-Downloader.Win32.VB.fen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B340000.VBN Infected: Trojan-Downloader.Win32.VB.gwr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C2C0000.VBN Infected: Trojan-Downloader.Win32.VB.gwr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C2C0001.VBN Infected: Trojan-Downloader.Win32.VB.hpv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C2C0002.VBN Infected: Trojan-Downloader.Win32.VB.hff 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C800000.VBN Infected: Trojan-Downloader.Win32.VB.fen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C800001.VBN Infected: Trojan-Downloader.Win32.Agent.ezc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C800002.VBN Infected: not-a-virus:AdWare.Win32.Rond.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C800003.VBN Infected: Trojan-Downloader.Win32.VB.fen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D5C0000.VBN Infected: Trojan-Downloader.Win32.VB.gwr 1
C:\Documents and Settings\soseberg\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-41bdfc4f Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\soseberg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-68edcb0d.zip Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\QooBox\Quarantine\C\WINDOWS\system32\afkhph.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.edm 1
C:\QooBox\Quarantine\C\WINDOWS\system32\akggoxyo.dll.vir Infected: Trojan.Win32.Monder.qgp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\awtutrrO.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bhdtxf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.edm 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cjehfucm.dll.vir Infected: Trojan.Win32.Monder.qwn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYppml.dll.vir Infected: Trojan.Win32.Monder.qei 1
C:\QooBox\Quarantine\C\WINDOWS\system32\enpfijiv.dll.vir Infected: Trojan.Win32.Monder.pkq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fihowizu.dll.vir Infected: Trojan.Win32.Agent.aeuf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fnqnpc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.efv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fxmgcrfc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ahwc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\geBrqolk.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ymu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gulmrplr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.edm 1
C:\QooBox\Quarantine\C\WINDOWS\system32\guvegavu.dll.vir Infected: Trojan.Win32.Agent.aeuf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iifedbcy.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jotyxmld.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jrsumeit.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.efv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\khfGaYsq.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kvfind.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.edo 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lomehane.dll.vir Infected: Trojan.Win32.Agent.aeuf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJdeBrq.dll.vir Infected: Trojan.Win32.Monder.qei 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJYsttQ.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nevxfygr.dll.vir Infected: Trojan.Win32.Monder.qlg 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkIaWo.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnlllkj.dll.vir Infected: Trojan.Win32.Monder.qgs 1
C:\QooBox\Quarantine\C\WINDOWS\system32\spteggnc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.edm 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ucqufrdp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alrx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\uisjwypp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ahwc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vkiclljh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alvi 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vqgvihru.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alwt 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wlkbcegy.dll.vir Infected: Trojan.Win32.Monder.qwn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wupfsabc.dll.vir Infected: Trojan.Win32.Monder.pkq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xydfocpc.dll.vir Infected: Trojan.Win32.Monder.plo 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yocetcjt.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.edo 1
C:\QooBox\Quarantine\catchme2008-09-23_181514.26.zip Infected: Rootkit.Win32.Podnuha.aoi 1
C:\QooBox\Quarantine\catchme2008-09-23_181514.26.zip Infected: Trojan.Win32.Agent.cid 1
C:\WINDOWS\system32\g6.exe Infected: Trojan-Clicker.Win32.Agent.bsk 1
C:\WINDOWS\system32\tep\iLAN213v41.exe Infected: Trojan-Clicker.Win32.Agent.cfh 1
The selected area was scanned.
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52, on 2008-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\spider.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222260121828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222260100609
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\Software\..\Telephony: DomainName = MIROGE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIROGE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIROGE
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Clock Daemon (ClockDaemon) - Unknown owner - C:\Documents and Settings\soseberg\Desktop\Board Drivers\TPRO-TSAT SW\ClockDaemonService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8872 bytes
Yes, real-time protection can cause it.
Delete these:
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe
C:\WINDOWS\system32\g6.exe
C:\WINDOWS\system32\tep
Empty these folders:
C:\Documents and Settings\soseberg\Application Data\Sun\Java\Deployment\cache
C:\QooBox\Quarantine
Empty Recycle Bin.
Still problems?
soseberg
2008-10-08, 19:16
Deleted:
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe
C:\WINDOWS\system32\g6.exe
C:\WINDOWS\system32\tep
& emptied:
C:\Documents and Settings\soseberg\Application Data\Sun\Java\Deployment\cache
C:\QooBox\Quarantine
Recycle Bin emptied.
my computer seems to be running much better, thank you very much :yahoo:
a few things i still have questions about:
1) pretty sure avast was not running while running kasparsky. we removed some components while battling symantec, specifically the resident protection. the icons i had in the tray are gone, and i am not sure how to out those back ...a small icon with the avast! symbol (lowercase 'a' in a ball) in the notification area (next to the clock) & a lowercase 'i' in a ball related to VRDB functions.
2) a) still unable to log in when i force safe mode using <F8>;
b) i would also like to change my primary password to prevent my son from logging in & downloading random stuff - he is computer savvy, a bit too smart for his own good =) is there a way to create a separate profile for him where he may not install anything?
c) also is there a way to reset the admin password? i don't remember what it is.
3) i am considering using Comodo Firewall - a friend of mine uses it. are there others i should consider? also, i am using a linksys wireless g router. can it be used as a HW firewall? if so, do you know how to set it up to do this?
4) anything else i should consider for protection?
p.s. re diablo - the boys own the disk, so no need to restore.
"1) pretty sure avast was not running while running kasparsky. we removed some components while battling symantec, specifically the resident protection. the icons i had in the tray are gone, and i am not sure how to out those back ...a small icon with the avast! symbol (lowercase 'a' in a ball) in the notification area (next to the clock) & a lowercase 'i' in a ball related to VRDB functions."
All avast! processes are running. Missing icons in taskbar is a known windows bug. If avast! works ok I see no concerns :)
"2) a) still unable to log in when i force safe mode using <F8>;
b) i would also like to change my primary password to prevent my son from logging in & downloading random stuff - he is computer savvy, a bit too smart for his own good =) is there a way to create a separate profile for him where he may not install anything?
c) also is there a way to reset the admin password? i don't remember what it is."
a) Try this:
Please download SafeBootKeyRepair.exe by sUBs to repair Safe Mode.
http://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe
To run SafeBootKeyRepair.exe:
1. Close all programs/windows so that you have nothing open and are at your Desktop.
2. Double-click the SafeBootKeyRepair.exe file.
When finished, it shall produce a log for you.
3. Post the entire contents of C:\SafeBoot_Repair.txt in your next reply.
b) Yes there is, see here (http://www.microsoft.com/windowsxp/using/setup/winxp/accounts.mspx#1)
c) See here (http://www.petri.co.il/forgot_administrator_password.htm)
"3) i am considering using Comodo Firewall - a friend of mine uses it. are there others i should consider? also, i am using a linksys wireless g router. can it be used as a HW firewall? if so, do you know how to set it up to do this?"
I give you soon some tips for that :)
"4) anything else i should consider for protection?"
See 3.
soseberg
2008-10-08, 19:52
thanks so much for this info. i will give it a try.
will stand by for protection info =)
regards,
sigrid:bigthumb:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
You can fix this, it's a leftover:
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
You can delete all .reg files.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)
Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
soseberg
2008-10-08, 20:21
how do i fix this? do i delete or use on the the cleaner programs we have installed?
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
you are right, i haven't installed a 3rd party firewall yet - i will work on all this this evening. i think we enabled the windows firewall while we were working - should i leave it on?
With HijackThis.
Open HijackThis, click do a system scan only and checkmark it.
Close all windows including browser and press fix checked.
Please turn it off after installing 3rd party firewall (if you decide to install one).
soseberg
2008-10-08, 20:29
i used hjt and checked the corresponding box to remove:
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
Good :)
Hopefully you stay clean in the future.
soseberg
2008-10-08, 22:01
in regard to hijack this, what do you mean by "Please turn it off after installing 3rd party firewall." ?
soseberg
2008-10-09, 00:14
Reg export of SafeBoot key after repair:
========================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
========================
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC
soseberg
2008-10-09, 09:24
(1) i asked earlier what you meant by:
"Please turn it off after installing 3rd party firewall."
i think you meant to turn off windows firewall, so i have turned off windows firewall via the control panel|security settings. is this what you meant?
(2) I reviewed the sw based firewalls that you recommended. i liked comodo and zonealarm best & after reading all the material, settled on comodo, however neglected to go back and review your instructions so
(a) i am not sure if i installed safesurf or not.
do you know how to check this?
(b) also, i intentially chose not to use comodo for my defualt web page or browser. do you think it is important to change this? if so, why?
combofix is uninstalled
downloaded & ran otcleanit & it removed itself after reboot
disabled & re-enabled system restore
(3) followed the instructions to enhance IE security (i am now running IE8 beta in lieu of IE6); i rarely use IE. are there similar settings for firefox?
i will work on reviewing the material about and installing malwarebytes, spywareblaster, mvps hosts, and winpatrol tomorrow
"i think you meant to turn off windows firewall, so i have turned off windows firewall via the control panel|security settings. is this what you meant?"
Yes :)
"(a) i am not sure if i installed safesurf or not.
do you know how to check this?
(b) also, i intentially chose not to use comodo for my defualt web page or browser. do you think it is important to change this? if so, why?"
a) It shows in add/remove programs if you have
b) That's fine
"are there similar settings for firefox?"
Default settings are fine.
Does safe mode work now?
soseberg
2008-10-09, 11:00
still unable to boot in safe mode.
That is strange. Does it give any error message?
soseberg
2008-10-09, 11:14
just that the password is incorrect - i am using the same password that i use to log in regularly
I see.
Then resetting admin password should help.
soseberg
2008-10-09, 11:28
i will work on that later today (after sleep =) need to get a cd to use since this laptop does not support diskettes.
soseberg
2008-10-10, 09:57
i have been trying to recover my admin password using the cd instruction per http://www.loginrecovery.com/instructions.php as referenced by http://www.petri.co.il/forgot_administrator_password.htm
i extracted the iso file and burned it to a cd. however, when i power up, the regular login appears - after several attempts, my computer will now only boot in 'active desktop recovery'. when i attempt to restore, i get an internet explorer script error: object does not support this action
file:///C:/Documents%20and%20Settings/soseberg/Application%20Data/Microsoft/Internet%20Explorer/Desktop.htt
with the question "do you want to continue running scripts on this page?' nothing happens when i select yes or no.
when burning the cd (using CDBurnerXP Pro 3 Freeware) i tried all differnt combos: joliet, ISO Level1, ISO Level 2 & either bootable or non-bootable.
what did i do wrong?
So can you log in at all to any user account now?
soseberg
2008-10-10, 10:28
yes, i can login while in active desktop recovery using the login credentials i normally use
This (http://answers.yahoo.com/question/index?qid=20081002115650AAERdYv) might help.
soseberg
2008-10-10, 10:54
that was very easy - didn't think to re-apply my desktop
so what do you think about the password recovery?
I think that it would be best to re-direct you to some windows forum for that because it is not actually those things where I am the best person to advice.
Is it OK?
soseberg
2008-10-10, 11:17
sure - that would be great. thx
I recommend this (http://forums.pcpitstop.com/index.php?) place.
Any malware issues left?
soseberg
2008-10-10, 12:26
thx so much for the link - i thought that all was going extremely well, but now i am experiencing a service denial in my yahoo account - i just downloaded the John the Ripper password cracker (http://www.openwall.com/john/)
he says 'Windows "antivirus" and "anti-spyware" products have started to recognize password recovery tools as if they were "trojans". This is how those products' vendors inflate their detected "virus" counts. The effect is that end-users are no longer able to check password recovery software for real viruses. If this affects you, please complain to your antivirus vendor.'
so when avast complained, i ignored it. i am wondering if i might have screwed things up...or if the yahoo site is at fault...
I don't that it has affected in any way; please try again yahoo after some time :)
soseberg
2008-10-10, 12:54
i will try after i get some sleep & i will let you know =)
again, thanx tons!
soseberg
2008-10-10, 15:14
Yahoo is back on line...seems they were having issues.
i think we are all done and it is time to close this thread.
Thank you for all your help - especially eliminating all those pesky symantec registry remnants & helping me set up a more secure system.
:beerbeerb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.