If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Help deciphering these registry changes to my system
Adaware caught the following log of changes even though we tried to
block them. System restore which we were able to access from Safe mode would not work since it is an exe file. We can get to regedit through safe mode but are not quite sure what to do. Trying to avoid the adage "act in haste, avoid at leisure" Ad-Watch Logfile, exported on 2/12/2006 Total number of events:48 ============================================= 2/12/2006 10:37:38 AM - Definitions file SE1R90 03.02.2006 loaded successfully. Build:SE1R90 03.02.2006 Total Signatures:48175 Target Families:827 Target Categories:6 CSI data Size :98056 File Size:1790935 ================================================== ========= 2/12/2006 10:37:38 AM - Internal Error : User Preference file corrupted! To correct this error, close and relaunch Ad-Watch. Default settings have been applied, (All Blocking Features are active) 2/12/2006 10:37:38 AMInitialization Error (3) ================================================== ============= 2/12/2006 10:37:43 AM - Sites file loaded. Sites file loaded successfully. C:/PROGA~1\Lavasoft\AD-AWA~2\sites.txt Total entries: 3223 ================================================== ============ 2/12/2006 10:37:55 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\regfile\shell\open\command Value: Data: New Data:regedit.exe "%1" ================================================== =============== 2/12/2006 10:37:59 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\Lnkfile\CLSID Value: Data: New Data:{00021401-0000-0000-C000-000000000046} ================================================== ============== 2/12/2006 10:38:01 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\exefile\shell\open\command Value: Data: New Data:"%1" %* ================================================== ============== 2/12/2006 10:38:02 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.com Value: Data: New Data:comfile ================================================== ============== 2/12/2006 10:38:02 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.scr Value: Data: New Data:scrfile ================================================== ============== 2/12/2006 10:38:03 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.bat Value: Data: New Data:batfile ================================================== =============== 2/12/2006 10:38:03 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.pif Value: Data: New Dataiffile ================================================== =============== 2/12/2006 10:38:03 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.reg Value: Data: New Data:regfile ================================================== =============== 2/12/2006 10:38:04 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.lnk Value: Data: New Data:lnkfile ================================================== ================ 2/12/2006 10:38:12 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.exe Value: Data: New Data:exefile ================================================== ============ 10:38:13 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Microsoft\Windows\CurrentVersion\Shel lServiceObjectDelayLoad Value:PostBootReminder Data: New Data:{7849596a-48ea-486e-8937-a2a3009f31a9} ================================================== ============ 2/12/2006 10:38:14 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\SystemValue:dontdisplaylastusername Value: Data: New Data:0 ================================================== ================ 2/12/2006 10:38:16 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\Explorer Value:NoDriveTypeAutoRun Data: New Data:255 ================================================== ================== 2/12/2006 10:38:21 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value:Applnit_DLLs Data: New Data: ================================================== ================== 2/12/2006 10:38:23 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value:AWMON Data: New Data:"C:\PROGA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" ================================================== ================== 2/12/2006 10:38:25 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Search Value:SearchAssistant Data: New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ================================================== ================== 2/12/2006 10:38:25 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Main Valueefault_Search_URL Data: New Data:http://www.microsoft.com/isapi/redir...ie&ar=iesearch ================================================== ================== 2/12/2006 10:38:26 AM - Registry modification detected Root:HKEY_CURRENT_USER Key:SOFTWARE\Microsoft\Internet Explorer\SearchUrl Valuerovider Data: New Data: ================================================== ================== 2/12/2006 10:38:27 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.com Value:ZAMailSafeExt Data: New Data:zl6 ================================================== ================== 2/12/2006 10:38:35 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..src Value:ZAMailSafeExt Data: New Data:zlq ================================================== ================== 2/12/2006 10:38:38 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..bat Value:ZAMailSafeExt Data: New Data:zl3 ================================================== ================== 2/12/2006 10:38:38 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..pif Value:ZAMailSafeExt Data: New Data:zlo ================================================== ================== 2/12/2006 10:38:41 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..reg Value:ZAMailSafeExt Data: New Data:zlp ================================================== ================== 2/12/2006 10:38:41 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..lnk Value:ZAMailSafeExt Data: New Data:zlg ================================================== ================== 2/12/2006 10:38:42 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..exe Value:Content Type Data: New Data:application/x-msdownload ================================================== ================== 2/12/2006 10:38:44 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Shel lServiceObjectDelayLoad Value:CDBurn Data: New Data:{fbeb8a05-beee-4442-804e-409d6c4515e9} ================================================== ================== 2/12/2006 10:38:45 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\System Value:legalnoticecaption Data: New Data: ================================================== ================== 2/12/2006 10:38:48 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value:Apoint Data: New Data:C:\Program Files\Apoint2K\Apoint.exe ================================================== ================== 2/12/2006 10:38:51 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Search Value:CustomizeSearch Data: New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ================================================== ================== 2/12/2006 10:38:52 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Main Value:Search Page Data: New Data:http://www.microsoft.com/isapi/redir...ie&ar=iesearch ================================================== ================== 2/12/2006 10:38:54 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Main Value:Start Page Data: New Data:http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home ================================================== ================== 2/12/2006 10:38:54 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value:AVG7_CC Data: New Data:C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe/STARTUP ================================================== ================== 2/12/2006 10:38:56 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\System Value:legalnoticetext Data: New Data: ================================================== ================== 10:38:57 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Microsoft\Windows\CurrentVersion\Shel lServiceObjectDelayLoad Value:WebCheck Data: New Data:{E6FB5E20-DE35-11CF-9C87-00AA005127ED} ================================================== ============ 2/12/2006 10:38:58 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\ .exe Value:ZAMailSafeExt Data: New Data:zl9 ================================================== ================== 10:38:59 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Microsoft\Windows\CurrentVersion\Shel lServiceObjectDelayLoad Value:SysTray Data: New Data:{35CEC8A3-2BE6-11D2-8773-92E220524153 } ================================================== ============ 2/12/2006 10:39:00 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\System Value:shutdownwithoutlogon Data: New Data:1 ================================================== ================== 2/12/2006 10:39:01 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value:AVG7_EMC Data: New Data:C:PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe ================================================== ================== 2/12/2006 10:39:01 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Main Value:Local Page Data: New Data:C:\Windows\PCHealth\HelpCtr\System\panels\bla nk.htm ================================================== ================== 2/12/2006 10:39:03 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value: Data: New Data: ================================================== ================== 2/12/2006 10:39:03 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\System Value:undockwithoutlogon Data: New Data:1 ================================================== ================== 2/12/2006 10:39:04 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value:Zone Labs Client Data: New Data:C:\Program Files\Zone Labs\Zone Alarm\zlclient.exe ================================================== ================== 2/12/2006 10:39:04 AM - Registry modification detected Root:HKEY_CURRENT_USER Key:SOFTWARE\Microsoft\Internet Explorer\Main Value:Start Page Data: New Data:about:blank ================================================== ================== 2/12/2006 10:39:01 AM - Registry modification detected Root:HKEY_CURRENT_USER Key:SOFTWARE\Microsoft\Internet Explorer\Main Value:Search Page Data: New Data:http://www.microsoft.com/isapi/redir...ie&ar=iesearch ================================================== ================== 2/12/2006 10:39:01 AM - Registry modification detected Root:HKEY_CURRENT_USER Key:SOFTWARE\Microsoft\Internet Explorer\Main Value:Local Page Data: New Data:C:\Windows\PCHealth\HelpCtr\System\panels\bla nk.htm ================================================== ================== |
Ads |
#2
|
|||
|
|||
Help deciphering these registry changes to my system
Simply follow instructions from kb307545
"bamoo99" wrote: Adaware caught the following log of changes even though we tried to block them. System restore which we were able to access from Safe mode would not work since it is an exe file. We can get to regedit through safe mode but are not quite sure what to do. Trying to avoid the adage "act in haste, avoid at leisure" Ad-Watch Logfile, exported on 2/12/2006 Total number of events:48 ============================================= 2/12/2006 10:37:38 AM - Definitions file SE1R90 03.02.2006 loaded successfully. Build:SE1R90 03.02.2006 Total Signatures:48175 Target Families:827 Target Categories:6 CSI data Size :98056 File Size:1790935 ================================================== ========= 2/12/2006 10:37:38 AM - Internal Error : User Preference file corrupted! To correct this error, close and relaunch Ad-Watch. Default settings have been applied, (All Blocking Features are active) 2/12/2006 10:37:38 AMInitialization Error (3) ================================================== ============= 2/12/2006 10:37:43 AM - Sites file loaded. Sites file loaded successfully. C:/PROGA~1\Lavasoft\AD-AWA~2\sites.txt Total entries: 3223 ================================================== ============ 2/12/2006 10:37:55 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\regfile\shell\open\command Value: Data: New Data:regedit.exe "%1" ================================================== =============== 2/12/2006 10:37:59 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\Lnkfile\CLSID Value: Data: New Data:{00021401-0000-0000-C000-000000000046} ================================================== ============== 2/12/2006 10:38:01 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\exefile\shell\open\command Value: Data: New Data:"%1" %* ================================================== ============== 2/12/2006 10:38:02 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.com Value: Data: New Data:comfile ================================================== ============== 2/12/2006 10:38:02 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.scr Value: Data: New Data:scrfile ================================================== ============== 2/12/2006 10:38:03 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.bat Value: Data: New Data:batfile ================================================== =============== 2/12/2006 10:38:03 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.pif Value: Data: New Dataiffile ================================================== =============== 2/12/2006 10:38:03 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.reg Value: Data: New Data:regfile ================================================== =============== 2/12/2006 10:38:04 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.lnk Value: Data: New Data:lnkfile ================================================== ================ 2/12/2006 10:38:12 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.exe Value: Data: New Data:exefile ================================================== ============ 10:38:13 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:Software\Microsoft\Windows\CurrentVersion\Shel lServiceObjectDelayLoad Value:PostBootReminder Data: New Data:{7849596a-48ea-486e-8937-a2a3009f31a9} ================================================== ============ 2/12/2006 10:38:14 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\SystemValue:dontdisplaylastusername Value: Data: New Data:0 ================================================== ================ 2/12/2006 10:38:16 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\Explorer Value:NoDriveTypeAutoRun Data: New Data:255 ================================================== ================== 2/12/2006 10:38:21 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value:Applnit_DLLs Data: New Data: ================================================== ================== 2/12/2006 10:38:23 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value:AWMON Data: New Data:"C:\PROGA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" ================================================== ================== 2/12/2006 10:38:25 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Search Value:SearchAssistant Data: New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ================================================== ================== 2/12/2006 10:38:25 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Main Valueefault_Search_URL Data: New Data:http://www.microsoft.com/isapi/redir...ie&ar=iesearch ================================================== ================== 2/12/2006 10:38:26 AM - Registry modification detected Root:HKEY_CURRENT_USER Key:SOFTWARE\Microsoft\Internet Explorer\SearchUrl Valuerovider Data: New Data: ================================================== ================== 2/12/2006 10:38:27 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\.com Value:ZAMailSafeExt Data: New Data:zl6 ================================================== ================== 2/12/2006 10:38:35 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..src Value:ZAMailSafeExt Data: New Data:zlq ================================================== ================== 2/12/2006 10:38:38 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..bat Value:ZAMailSafeExt Data: New Data:zl3 ================================================== ================== 2/12/2006 10:38:38 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..pif Value:ZAMailSafeExt Data: New Data:zlo ================================================== ================== 2/12/2006 10:38:41 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..reg Value:ZAMailSafeExt Data: New Data:zlp ================================================== ================== 2/12/2006 10:38:41 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..lnk Value:ZAMailSafeExt Data: New Data:zlg ================================================== ================== 2/12/2006 10:38:42 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Classes\..exe Value:Content Type Data: New Data:application/x-msdownload ================================================== ================== 2/12/2006 10:38:44 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Shel lServiceObjectDelayLoad Value:CDBurn Data: New Data:{fbeb8a05-beee-4442-804e-409d6c4515e9} ================================================== ================== 2/12/2006 10:38:45 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\System Value:legalnoticecaption Data: New Data: ================================================== ================== 2/12/2006 10:38:48 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value:Apoint Data: New Data:C:\Program Files\Apoint2K\Apoint.exe ================================================== ================== 2/12/2006 10:38:51 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Search Value:CustomizeSearch Data: New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ================================================== ================== 2/12/2006 10:38:52 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Main Value:Search Page Data: New Data:http://www.microsoft.com/isapi/redir...ie&ar=iesearch ================================================== ================== 2/12/2006 10:38:54 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Internet Explorer\Main Value:Start Page Data: New Data:http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home ================================================== ================== 2/12/2006 10:38:54 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value:AVG7_CC Data: New Data:C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe/STARTUP ================================================== ================== 2/12/2006 10:38:56 AM - Registry modification detected Root:HKEY_LOCAL_MACHINE Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Poli cies\System Value:legalnoticetext |
#3
|
|||
|
|||
Help deciphering these registry changes to my system
Thank you Andrew but I was wondering if someone could actually look at
this log. I am glad you have a short cut key for your standard response but not too helpful. OEM system. Andrew E. wrote: Simply follow instructions from kb307545 |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
When does System Restore refuse to put Restore Point down? | Lev | Performance and Maintainance of XP | 31 | September 14th 05 03:08 PM |
SYSTEM RESTORE - NEW to Windows XP | DSG | Windows XP Help and Support | 5 | July 10th 05 06:08 PM |
XP PC Freezing | Trevor Appleton | General XP issues or comments | 13 | June 24th 05 11:57 AM |
SFC is useless | Steve N. | General XP issues or comments | 24 | March 8th 05 08:33 PM |
logonui hung, no explorer.exe, no desktop icons | TonyG | Performance and Maintainance of XP | 6 | November 2nd 04 09:07 PM |