B
bamoo99
Adaware caught the following log of changes even though we tried to
block them. System restore which we were able to access from Safe mode
would not work since it is an exe file.
We can get to regedit through safe mode but are not quite sure what to
do. Trying to avoid the adage "act in haste, avoid at leisure"
Ad-Watch Logfile, exported on 2/12/2006
Total number of events:48
=============================================
2/12/2006 10:37:38 AM - Definitions file SE1R90 03.02.2006 loaded
successfully.
Build:SE1R90 03.02.2006
Total Signatures:48175
Target Families:827
Target Categories:6
CSI data Size :98056
File Size:1790935
===========================================================
2/12/2006 10:37:38 AM - Internal Error : User Preference file
corrupted!
To correct this error, close and relaunch Ad-Watch.
Default settings have been applied,
(All Blocking Features are active)
2/12/2006 10:37:38 AMInitialization Error (3)
===============================================================
2/12/2006 10:37:43 AM - Sites file loaded.
Sites file loaded successfully.
C:/PROGA~1\Lavasoft\AD-AWA~2\sites.txt
Total entries: 3223
==============================================================
2/12/2006 10:37:55 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\regfile\shell\open\command
Value:
Data:
New Data:regedit.exe "%1"
=================================================================
2/12/2006 10:37:59 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\Lnkfile\CLSID
Value:
Data:
New Data:{00021401-0000-0000-C000-000000000046}
================================================================
2/12/2006 10:38:01 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\exefile\shell\open\command
Value:
Data:
New Data:"%1" %*
================================================================
2/12/2006 10:38:02 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.com
Value:
Data:
New Data:comfile
================================================================
2/12/2006 10:38:02 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.scr
Value:
Data:
New Data:scrfile
================================================================
2/12/2006 10:38:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.bat
Value:
Data:
New Data:batfile
=================================================================
2/12/2006 10:38:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.pif
Value:
Data:
New Data
iffile
=================================================================
2/12/2006 10:38:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.reg
Value:
Data:
New Data:regfile
=================================================================
2/12/2006 10:38:04 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.lnk
Value:
Data:
New Data:lnkfile
==================================================================
2/12/2006 10:38:12 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.exe
Value:
Data:
New Data:exefile
==============================================================
10:38:13 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
ValueostBootReminder
Data:
New Data:{7849596a-48ea-486e-8937-a2a3009f31a9}
==============================================================
2/12/2006 10:38:14 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemValue:dontdisplaylastusername
Value:
Data:
New Data:0
==================================================================
2/12/2006 10:38:16 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value:NoDriveTypeAutoRun
Data:
New Data:255
====================================================================
2/12/2006 10:38:21 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value:Applnit_DLLs
Data:
New Data:
====================================================================
2/12/2006 10:38:23 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:AWMON
Data:
New Data:"C:\PROGA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
====================================================================
2/12/2006 10:38:25 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Search
Value:SearchAssistant
Data:
New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
====================================================================
2/12/2006 10:38:25 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value
efault_Search_URL
Data:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
====================================================================
2/12/2006 10:38:26 AM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:SOFTWARE\Microsoft\Internet Explorer\SearchUrl
Valuerovider
Data:
New Data:
====================================================================
2/12/2006 10:38:27 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.com
Value:ZAMailSafeExt
Data:
New Data:zl6
====================================================================
2/12/2006 10:38:35 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..src
Value:ZAMailSafeExt
Data:
New Data:zlq
====================================================================
2/12/2006 10:38:38 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..bat
Value:ZAMailSafeExt
Data:
New Data:zl3
====================================================================
2/12/2006 10:38:38 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..pif
Value:ZAMailSafeExt
Data:
New Data:zlo
====================================================================
2/12/2006 10:38:41 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..reg
Value:ZAMailSafeExt
Data:
New Data:zlp
====================================================================
2/12/2006 10:38:41 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..lnk
Value:ZAMailSafeExt
Data:
New Data:zlg
====================================================================
2/12/2006 10:38:42 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..exe
Value:Content Type
Data:
New Data:application/x-msdownload
====================================================================
2/12/2006 10:38:44 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:CDBurn
Data:
New Data:{fbeb8a05-beee-4442-804e-409d6c4515e9}
====================================================================
2/12/2006 10:38:45 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value:legalnoticecaption
Data:
New Data:
====================================================================
2/12/2006 10:38:48 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:Apoint
Data:
New Data:C:\Program Files\Apoint2K\Apoint.exe
====================================================================
2/12/2006 10:38:51 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Search
Value:CustomizeSearch
Data:
New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
====================================================================
2/12/2006 10:38:52 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Search Page
Data:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
====================================================================
2/12/2006 10:38:54 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Start Page
Data:
New
Data:http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
====================================================================
2/12/2006 10:38:54 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:AVG7_CC
Data:
New Data:C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe/STARTUP
====================================================================
2/12/2006 10:38:56 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value:legalnoticetext
Data:
New Data:
====================================================================
10:38:57 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:WebCheck
Data:
New Data:{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
==============================================================
2/12/2006 10:38:58 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\ .exe
Value:ZAMailSafeExt
Data:
New Data:zl9
====================================================================
10:38:59 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:SysTray
Data:
New Data:{35CEC8A3-2BE6-11D2-8773-92E220524153 }
==============================================================
2/12/2006 10:39:00 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value:shutdownwithoutlogon
Data:
New Data:1
====================================================================
2/12/2006 10:39:01 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:AVG7_EMC
Data:
New Data:CROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
====================================================================
2/12/2006 10:39:01 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Local Page
Data:
New Data:C:\Windows\PCHealth\HelpCtr\System\panels\blank.htm
====================================================================
2/12/2006 10:39:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:
Data:
New Data:
====================================================================
2/12/2006 10:39:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value:undockwithoutlogon
Data:
New Data:1
====================================================================
2/12/2006 10:39:04 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:Zone Labs Client
Data:
New Data:C:\Program Files\Zone Labs\Zone Alarm\zlclient.exe
====================================================================
2/12/2006 10:39:04 AM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Start Page
Data:
New Data:about:blank
====================================================================
2/12/2006 10:39:01 AM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Search Page
Data:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
====================================================================
2/12/2006 10:39:01 AM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Local Page
Data:
New Data:C:\Windows\PCHealth\HelpCtr\System\panels\blank.htm
====================================================================
block them. System restore which we were able to access from Safe mode
would not work since it is an exe file.
We can get to regedit through safe mode but are not quite sure what to
do. Trying to avoid the adage "act in haste, avoid at leisure"
Ad-Watch Logfile, exported on 2/12/2006
Total number of events:48
=============================================
2/12/2006 10:37:38 AM - Definitions file SE1R90 03.02.2006 loaded
successfully.
Build:SE1R90 03.02.2006
Total Signatures:48175
Target Families:827
Target Categories:6
CSI data Size :98056
File Size:1790935
===========================================================
2/12/2006 10:37:38 AM - Internal Error : User Preference file
corrupted!
To correct this error, close and relaunch Ad-Watch.
Default settings have been applied,
(All Blocking Features are active)
2/12/2006 10:37:38 AMInitialization Error (3)
===============================================================
2/12/2006 10:37:43 AM - Sites file loaded.
Sites file loaded successfully.
C:/PROGA~1\Lavasoft\AD-AWA~2\sites.txt
Total entries: 3223
==============================================================
2/12/2006 10:37:55 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\regfile\shell\open\command
Value:
Data:
New Data:regedit.exe "%1"
=================================================================
2/12/2006 10:37:59 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\Lnkfile\CLSID
Value:
Data:
New Data:{00021401-0000-0000-C000-000000000046}
================================================================
2/12/2006 10:38:01 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\exefile\shell\open\command
Value:
Data:
New Data:"%1" %*
================================================================
2/12/2006 10:38:02 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.com
Value:
Data:
New Data:comfile
================================================================
2/12/2006 10:38:02 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.scr
Value:
Data:
New Data:scrfile
================================================================
2/12/2006 10:38:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.bat
Value:
Data:
New Data:batfile
=================================================================
2/12/2006 10:38:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.pif
Value:
Data:
New Data
iffile=================================================================
2/12/2006 10:38:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.reg
Value:
Data:
New Data:regfile
=================================================================
2/12/2006 10:38:04 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.lnk
Value:
Data:
New Data:lnkfile
==================================================================
2/12/2006 10:38:12 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.exe
Value:
Data:
New Data:exefile
==============================================================
10:38:13 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value
ostBootReminderData:
New Data:{7849596a-48ea-486e-8937-a2a3009f31a9}
==============================================================
2/12/2006 10:38:14 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemValue:dontdisplaylastusername
Value:
Data:
New Data:0
==================================================================
2/12/2006 10:38:16 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value:NoDriveTypeAutoRun
Data:
New Data:255
====================================================================
2/12/2006 10:38:21 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value:Applnit_DLLs
Data:
New Data:
====================================================================
2/12/2006 10:38:23 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:AWMON
Data:
New Data:"C:\PROGA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
====================================================================
2/12/2006 10:38:25 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Search
Value:SearchAssistant
Data:
New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
====================================================================
2/12/2006 10:38:25 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value
efault_Search_URLData:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
====================================================================
2/12/2006 10:38:26 AM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:SOFTWARE\Microsoft\Internet Explorer\SearchUrl
Value
roviderData:
New Data:
====================================================================
2/12/2006 10:38:27 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\.com
Value:ZAMailSafeExt
Data:
New Data:zl6
====================================================================
2/12/2006 10:38:35 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..src
Value:ZAMailSafeExt
Data:
New Data:zlq
====================================================================
2/12/2006 10:38:38 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..bat
Value:ZAMailSafeExt
Data:
New Data:zl3
====================================================================
2/12/2006 10:38:38 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..pif
Value:ZAMailSafeExt
Data:
New Data:zlo
====================================================================
2/12/2006 10:38:41 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..reg
Value:ZAMailSafeExt
Data:
New Data:zlp
====================================================================
2/12/2006 10:38:41 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..lnk
Value:ZAMailSafeExt
Data:
New Data:zlg
====================================================================
2/12/2006 10:38:42 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\..exe
Value:Content Type
Data:
New Data:application/x-msdownload
====================================================================
2/12/2006 10:38:44 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:CDBurn
Data:
New Data:{fbeb8a05-beee-4442-804e-409d6c4515e9}
====================================================================
2/12/2006 10:38:45 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value:legalnoticecaption
Data:
New Data:
====================================================================
2/12/2006 10:38:48 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:Apoint
Data:
New Data:C:\Program Files\Apoint2K\Apoint.exe
====================================================================
2/12/2006 10:38:51 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Search
Value:CustomizeSearch
Data:
New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
====================================================================
2/12/2006 10:38:52 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Search Page
Data:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
====================================================================
2/12/2006 10:38:54 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Start Page
Data:
New
Data:http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
====================================================================
2/12/2006 10:38:54 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:AVG7_CC
Data:
New Data:C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe/STARTUP
====================================================================
2/12/2006 10:38:56 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value:legalnoticetext
Data:
New Data:
====================================================================
10:38:57 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:WebCheck
Data:
New Data:{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
==============================================================
2/12/2006 10:38:58 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\ .exe
Value:ZAMailSafeExt
Data:
New Data:zl9
====================================================================
10:38:59 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:SysTray
Data:
New Data:{35CEC8A3-2BE6-11D2-8773-92E220524153 }
==============================================================
2/12/2006 10:39:00 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value:shutdownwithoutlogon
Data:
New Data:1
====================================================================
2/12/2006 10:39:01 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:AVG7_EMC
Data:
New Data:C
ROGRA~1\Grisoft\AVGFRE~1\avgemc.exe====================================================================
2/12/2006 10:39:01 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Local Page
Data:
New Data:C:\Windows\PCHealth\HelpCtr\System\panels\blank.htm
====================================================================
2/12/2006 10:39:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:
Data:
New Data:
====================================================================
2/12/2006 10:39:03 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value:undockwithoutlogon
Data:
New Data:1
====================================================================
2/12/2006 10:39:04 AM - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value:Zone Labs Client
Data:
New Data:C:\Program Files\Zone Labs\Zone Alarm\zlclient.exe
====================================================================
2/12/2006 10:39:04 AM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Start Page
Data:
New Data:about:blank
====================================================================
2/12/2006 10:39:01 AM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Search Page
Data:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
====================================================================
2/12/2006 10:39:01 AM - Registry modification detected
Root:HKEY_CURRENT_USER
Key:SOFTWARE\Microsoft\Internet Explorer\Main
Value:Local Page
Data:
New Data:C:\Windows\PCHealth\HelpCtr\System\panels\blank.htm
====================================================================